CVE-2026-8211

A vulnerability was detected in codelibs Fess up to 15.5.1. Affected by this issue is the function update of the file org/codelibs/fess/app/web/admin/design/AdminDesignAction.java of the component JSP File Handler. The manipulation of the argument content results in code injection. The attack may...

CVE-2026-8211

CVE-2026-8211 affects codelibs Fess up to 15.5.1. The vulnerability lies in the JSP File Handler’s AdminDesignAction.java update function, where manipulation of the content argument enables code injection. Attacks can be performed remotely, and the exploit is public. No remediation details are pr...

CVE-2026-8211 codelibs Fess JSP File AdminDesignAction.java update code injection

A vulnerability was detected in codelibs Fess up to 15.5.1. Affected by this issue is the function update of the file org/codelibs/fess/app/web/admin/design/AdminDesignAction.java of the component JSP File Handler. The manipulation of the argument content results in code injection. The attack may...

EUVD-2026-28939

A vulnerability was detected in JeecgBoot up to 3.9.1. The affected element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/CommonController.java of the component SVG File Handler. The manipulation results in cross site...

EUVD-2026-28941

A security vulnerability has been detected in aandrew-me tgpt up to 2.11.1 on Linux/macOS. Affected by this vulnerability is the function helper.Update of the file helper.go of the component Update Handler. The manipulation leads to command injection. Local access is required to approach this...

CVE-2026-8210

A security vulnerability has been detected in aandrew-me tgpt up to 2.11.1 on Linux/macOS. Affected by this vulnerability is the function helper.Update of the file helper.go of the component Update Handler. The manipulation leads to command injection. Local access is required to approach this...

CVE-2026-8210

CVE-2026-8210 affects aandrew-me tgpt up to version 2.11.1 on Linux/macOS. The vulnerability resides in the Update Handler’s helper.Update function (helper.go), enabling local command injection due to the underlying flaw. Exploitation is disclosed publicly and may be used; no exploit status is pr...

CVE-2026-8210 aandrew-me tgpt Update helper.go helper.Update command injection

A security vulnerability has been detected in aandrew-me tgpt up to 2.11.1 on Linux/macOS. Affected by this vulnerability is the function helper.Update of the file helper.go of the component Update Handler. The manipulation leads to command injection. Local access is required to approach this...

CVE-2026-8195

A vulnerability was detected in JeecgBoot up to 3.9.1. The affected element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/CommonController.java of the component SVG File Handler. The manipulation results in cross site...

CVE-2026-8195

CVE-2026-8195 affects JeecgBoot up to 3.9.1. The vulnerability is a cross-site scripting issue in the SVG File Handler component, specifically in jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/CommonController.java. The manipulation is remote and the exploi...

CVE-2026-8195 JeecgBoot SVG File CommonController.java cross site scripting

A vulnerability was detected in JeecgBoot up to 3.9.1. The affected element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/CommonController.java of the component SVG File Handler. The manipulation results in cross site...

SUSE CVE-2026-7582

A vulnerability was detected in AcademySoftwareFoundation OpenImageIO up to 3.2.0.1-dev. This vulnerability affects unknown code of the file src/dds.imageio/ddsinput.cpp of the component DDS Image Handler. The manipulation results in out-of-bounds write. The attack needs to be approached locally...

SUSE CVE-2026-8084

A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4. This vulnerability affects the function memmove of the file frmts/hdf4/hdf-eos/SWapi.c of the component HDF-EOS Grid File Handler. This manipulation causes out-of-bounds read. The attack is restricted to local execution. The exploit...

SUSE CVE-2026-43231

In the Linux kernel, the following vulnerability has been resolved: media: radio-keene: fix memory leak in error path Fix a memory leak in usbkeeneprobe. The v4l2 control handler is initialized and controls are added, but if v4l2deviceregister or videoregisterdevice fails afterward, the handler w...

SUSE CVE-2026-43263

In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix Null reference while testing fluster When multi instances are created/destroyed, many interrupts happens and structures for decoder are removed. "struct vpuinstance" this structure is shared for all...

CVE-2026-8084

A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4. This vulnerability affects the function memmove of the file frmts/hdf4/hdf-eos/SWapi.c of the component HDF-EOS Grid File Handler. This manipulation causes out-of-bounds read. The attack is restricted to local execution. The exploit...

CVE-2026-33814 vulnerabilities

Vulnerabilities for packages: xeol, gatekeeper, fulcio, dbmate, harbor-scanner-trivy, kube-vip, tkn, cilium-certgen, clickhouse-operator, azure-service-operator, kyverno, spire-controller-manager, metrics-agent, aws-flb-firehose, crossplane-provider-sql, conjur-cli, distribution,...

CVE-2026-33814 vulnerabilities

Vulnerabilities for packages: kserve-localmodelnode-agent, crossplane-provider-azure-notificationhubs, knative-net-istio-fips, kapp, datadog-agent, influxd, restic-fips, caddy, crossplane-provider-azure-managedidentity, fulcio, gatus-fips, kube-bench, custom-pod-autoscaler-fips,...

PT-2026-39425

Name of the Vulnerable Software and Affected Versions OSGeo gdal versions prior to 3.13.0RC1 Description A heap-based buffer overflow exists in the Grid File Handler component. This issue occurs within the GDSDfldsrch function located in the frmts/hdf4/hdf-eos/GDapi.c file. Exploitation requires...

tgpt 注入漏洞

tgpt is a cross-platform command line AI tool by Andrew Personal Developer. An injection vulnerability exists in tgpt 2.11.1 and earlier versions on Linux/macOS, which stems from the function helper.Update in the file helper.go in the component Update Handler, and could lead to command injection...