SourceCodester Website Link Extractor 代码问题漏洞

SourceCodester Website Link Extractor is an open-source website link extractor developed by SourceCodester. Version 1.0 of SourceCodester Website Link Extractor has code-related vulnerabilities; these vulnerabilities stem from issues with the filegetcontents function in the URL Handler component,...

PT-2026-21945

Name of the Vulnerable Software and Affected Versions Chia Blockchain version 2.1.0 Description A security issue has been identified in Chia Blockchain that results in improper authentication. This is due to manipulation within the authenticate function located in the rpc server base.py file of t...

pangolin 访问控制错误漏洞

Pangolin is an open-source proxy software developed by Pangolin. Versions of Pangolin 1.15.4-s.3 and earlier contained a vulnerability related to access control. This vulnerability stemmed from improper access control in the function verifyRoleAccess/verifyApiKeyRoleAccess of the Role Handler...

chia-blockchain 访问控制错误漏洞

chia-blockchain is a Python library for Chia Network, open-source software. Version 2.1.0 of chia-blockchain contains an access control vulnerability. This vulnerability stems from a lack of authentication in the function sendTransaction/getPrivateKey of the Component RPC Server Master Passphrase...

PT-2026-21969

Name of the Vulnerable Software and Affected Versions Chia Blockchain version 2.1.0 Description A security issue exists in Chia Blockchain version 2.1.0 related to missing authentication within the RPC Server Master Passphrase Handler component. Specifically, the send transaction/get private key...

OpenEMR 安全漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions 5.0.0.5 to 7.0.3.4 of OpenEMR contain security...

PT-2026-21874

A vulnerability has been found in SourceCodester Website Link Extractor 1.0. This vulnerability affects the function file get contents of the component URL Handler. The manipulation leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclose...

ImageMagick's Security Policy Bypass through config/policy-secure.xml via "fd handler" leads to stdin/stdout access

The shipped “secure” security policy includes a rule intended to prevent reading/writing from standard streams: xml However, ImageMagick also supports fd: pseudo-filenames e.g., fd:0, fd:1. This path form is not blocked by the secure policy templates, and therefore bypasses the protection goal of...

Out-of-bounds Read

Overview Magick.NET-Q16-HDRI-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

Out-of-bounds Read

Overview Magick.NET-Q8-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Out-of-bounds Read

Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

CVE-2026-3101

A vulnerability was found in Intelbras TIP 635G 1.12.3.5. This vulnerability affects unknown code of the component Ping Handler. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. The vendor was contacted earl...

CVE-2026-3101

A vulnerability was found in Intelbras TIP 635G 1.12.3.5. This vulnerability affects unknown code of the component Ping Handler. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. The vendor was contacted earl...

CVE-2026-3101 Intelbras TIP 635G Ping os command injection

A vulnerability was found in Intelbras TIP 635G 1.12.3.5. This vulnerability affects unknown code of the component Ping Handler. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. The vendor was contacted earl...

EUVD-2026-8470

A vulnerability was found in Intelbras TIP 635G 1.12.3.5. This vulnerability affects unknown code of the component Ping Handler. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. The vendor was contacted earl...

CVE-2026-3101

CVE-2026-3101 affects Intelbras TIP 635G (firmware 1.12.3.5) with a flaw in the Ping Handler that enables OS command injection. The issue can be triggered remotely and, according to the connected documents, exploits have been made public (PoC maturity noted). Vendors have not responded to disclos...

CVE-2026-2974

A vulnerability was identified in AliasVault App up to 0.25.3 on Android/iOS. This vulnerability affects unknown code of the file sharedprefs/aliasvault.xml of the component Backup Handler. The manipulation of the argument accessToken/refreshToken/metadata/keyderivationparams/authmethods leads to...

CVE-2026-2957

A weakness has been identified in qinming99 dst-admin up to 1.5.0. This impacts the function deleteBackup of the file src/main/java/com/tugos/dst/admin/controller/BackupController.java of the component File Handler. This manipulation causes denial of service. The attack may be initiated remotely...

CVE-2026-25966 ImageMagick's Security Policy Bypass through config/policy-secure.xml via "fd handler" leads to stdin/stdout access

ImageMagick is free and open-source software used for editing and manipulating digital images. The shipped "secure" security policy includes a rule intended to prevent reading/writing from standard streams. However, ImageMagick also supports fd: pseudo-filenames e.g., fd:0, fd:1. Prior to version...

CVE-2026-25966 ImageMagick's Security Policy Bypass through config/policy-secure.xml via "fd handler" leads to stdin/stdout access

ImageMagick is free and open-source software used for editing and manipulating digital images. The shipped "secure" security policy includes a rule intended to prevent reading/writing from standard streams. However, ImageMagick also supports fd: pseudo-filenames e.g., fd:0, fd:1. Prior to version...