FreeBSD 安全漏洞

FreeBSD is a Unix-like operating system developed by the FreeBSD Foundation. There is a security vulnerability in FreeBSD, which stems from systems that expose NVMe/TCP targets. When such systems receive CONNECT commands with forged or expired CNTLIDs targeting I/O queues, a kernel crash may occu...

Security update for govulncheck-vulndb

This update for govulncheck-vulndb fixes the following issues: Update to version 0.0.20260317T205859 2026-03-17T20:58:59Z. Refs jscPED-11136 Go CVE Numbering Authority IDs added or updated with aliases: GO-2026-4360 CVE-2026-0528 GHSA-w2gr-585j-r428 GO-2026-4513 GO-2026-4514 GO-2026-4518...

CVE-2026-4815 SQL Injection vulnerability in Support Board

A SQL Injection vulnerability has been found in Support Board v3.7.7. This vulnerability allows an attacker to retrieve, create, update and delete database via 'calls0messageids' parameter in '/supportboard/include/ajax.php' endpoint...

EUVD-2026-15398

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix accepting multiple L2CAPECREDCONNREQ Currently the code attempts to accept requests regardless of the command identifier which may cause multiple requests to be marked as pending FLAGDEFERSETUP which can cau...

SUSE CVE-2026-28682

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, the upload status SSE implementation on /uploadStatus publishes global upload state to any authenticated listener and includes fileid values that are not scoped to the requesting...

PT-2026-28101

What are the limits of AI-assisted vulnerability hunting? I obtained 23 CVEs in one month. BentoML 8.2k CVE-2026-27905 HIGH SillyTavern 24.6k CVE-2026-26286 HIGH Plane 28.2k CVE-2026-27705 MEDIUM NocoDB 46.4k CVE-2026-28399 MEDIUM Mautic 8.4k CVE-2026-3105 HIGH File Browser 27.9k CVE-2026-28492...

PT-2026-28157

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the legacy patient notes functions in library/pnotes.inc.php perform updates and deletes using WHERE id = ? without verifying that the note belongs to a patient the...

Support Board SQL注入漏洞

Support Board is a sales chat software developed by the British company Support Board. Version 3.7.7 of Support Board contains an SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter calls0messageids in the file /supportboard/include/ajax.php, which may...

PT-2026-28104

Name of the Vulnerable Software and Affected Versions LibreChat versions prior to 0.8.3-rc1 Description An Insecure Direct Object Reference IDOR exists in the 'PUT /api/keys' endpoint. Due to the use of the JavaScript object spread operator after setting the authenticated user's ID, an...

DEBIAN-CVE-2026-23921

A low privilege Zabbix user with API access can exploit a blind SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL selects via the sortfield parameter. Although query results are not returned directly, an attacker can exfiltrate arbitrary database data...

CVE-2026-33281

Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing NGAP messages with invalid PDU Session IDs outside of 1-15. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected...

Ella Core 输入验证错误漏洞

Ella Core is an open-source solution developed by Ella Networks for use in private networks as a 5G core network solution. Versions of Ella Core prior to 1.6.0 contained a vulnerability related to input validation errors. This vulnerability occurred when processing NGAP messages with invalid PDU...

Nats-Server 安全漏洞

Nats-Server is a high-performance server developed by Nats Open Source, used for native message delivery systems on Nats.io, cloud, and edge environments. There were security vulnerabilities in versions of Nats-Server prior to 2.11.15 and 2.12.5. These vulnerabilities stemmed from improper handli...

sbt 操作系统命令注入漏洞

SBT is an open-source build tool for Scala, Java, and other languages. Prior to SBT 1.12.7, there was a vulnerability related to operating system command injection. This vulnerability stemmed from unvalidated user-controlled URI fragments, which could allow arbitrary commands to be executed on...

Ubuntu: Security Advisory (USN-8095-4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2026-33281

Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing NGAP messages with invalid PDU Session IDs outside of 1-15. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected...

CVE-2026-33281 Ella Core panics on invalid PDU Session IDs in NGAP messages

Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing NGAP messages with invalid PDU Session IDs outside of 1-15. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected...

CVE-2026-33281 Ella Core panics on invalid PDU Session IDs in NGAP messages

Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing NGAP messages with invalid PDU Session IDs outside of 1-15. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected...

CVE-2026-33281 Ella Core panics on invalid PDU Session IDs in NGAP messages

Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing NGAP messages with invalid PDU Session IDs outside of 1-15. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected...

CVE-2026-33281

CVE-2026-33281 affects Ella Core, a private-network 5G core. The issue occurs when processing NGAP messages with invalid PDU Session IDs outside 1-15, causing the process to panic and potentially disrupt service for all connected subscribers. No authentication is required. This affects versions p...