Apache Log4j 安全漏洞

Apache Log4j is an open-source logging tool based on Java, developed by the Apache Foundation in the United States. Versions of Apache Log4j JSON Template Layout 2.25.3 and earlier contain security vulnerabilities. These vulnerabilities arise from the JsonTemplateLayout generating invalid JSON...

MariaDB 11.8.1 < 11.8.6 DoS

The version of MariaDB installed on the remote host is prior to 11.8.6. It is, therefore, affected by a vulnerability as referenced in the GHSA-4rj5-2227-9wgc advisory. - MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before...

Vikunja 代码问题漏洞

Vikunja is an open-source to-do application developed by Vikunja. Versions of Vikunja prior to 2.3.0 had code vulnerabilities. These vulnerabilities stemmed from the fact that link-sharing authentication was entirely based on JWT claims, without server-side database validation. As a result, delet...

Important Photon OS Security Update - PHSA-2026-5.0-0816

Updates of 'python3-PyJWT', 'rubygem-rdiscount' packages of Photon OS have been released...

PT-2026-31944

Summary The OIDC callback handler issues a full JWT token without checking whether the matched user has TOTP two-factor authentication enabled. When a local user with TOTP enrolled is matched via the OIDC email fallback mechanism, the second factor is completely skipped. Details The OIDC callback...

PT-2026-33210

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.6.4 Description The '/api/av/removeUnusedAttributeView' endpoint constructs a filesystem path using the user-controlled id parameter without validation or path boundary enforcement. This allows an attacker to inject...

Vikunja 授权问题漏洞

Vikunja is an open-source to-do application developed by Vikunja. Versions of Vikunja prior to 2.3.0 had an authorization vulnerability. This vulnerability stemmed from the OIDC callback handler, which issued full JWT tokens without checking whether the matching user had enabled TOTP two-factor...

Saltcorn 路径遍历漏洞

Saltcorn is an open-source, scalable, code-free database application builder developed by Saltcorn. Versions of Saltcorn prior to 1.4.5, 1.5.5, and 1.6.0-beta.4 contained a path traversal vulnerability. This vulnerability stemmed from the POST /sync/offlinechanges endpoint, which allowed...

PT-2026-31943

Name of the Vulnerable Software and Affected Versions Apache Log4j versions up to and including 2.25.3 Description Apache Log4j's JsonTemplateLayout generates invalid JSON output when processing log events that include non-finite floating-point values NaN, Infinity, or -Infinity, violating RFC 82...

MariaDB 12.1.2 < 12.2.2 DoS

The version of MariaDB installed on the remote host is prior to 12.2.2. It is, therefore, affected by a vulnerability as referenced in the GHSA-4rj5-2227-9wgc advisory. - MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before...

SUSE CVE-2026-39373

JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker can exhaust server memory by sending crafted JWE tokens with ZIP compression. The existing patch for CVE-2024-28102 limits input token size to 250KB but does not validate th...

CVE-2026-40111

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he memory hooks executor in praisonaiagents passes a user-controlled command string directly to subprocess.run with shell=True at src/praisonai-agents/praisonaiagents/memory/hooks.py. No sanitization is performed and shell...

EUVD-2026-21035

OpenPLCV3 REST API endpoint checks for JWT presence but never verifies the caller's role. Any authenticated user with role=user can delete any other user, including administrators, by specifying their user ID or they can create new accounts with role=admin, escalating to full administrator access...

Apache Tomcat has an Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve

Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 o...

GHSA-RV64-5GF8-9QQ8 Apache Tomcat has an Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve

Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 o...

CVE-2026-35640

OpenClaw before 2026.3.25 parses JSON webhook request bodies before validating signatures, enabling unauthenticated attackers to trigger denial of service by forcing resource-intensive JSON parsing. Affected package: openclaw (versions

CVE-2026-35640 OpenClaw < 2026.3.25 - Denial of Service via Unauthenticated Webhook Request Parsing

OpenClaw before 2026.3.25 parses JSON request bodies before validating webhook signatures, allowing unauthenticated attackers to force resource-intensive parsing operations. Remote attackers can send malicious webhook requests to trigger denial of service by exhausting server resources through...

CVE-2026-40111 PraisonAIAgents has an OS Command Injection via shell=True in Memory Hooks Executor (memory/hooks.py)

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he memory hooks executor in praisonaiagents passes a user-controlled command string directly to subprocess.run with shell=True at src/praisonai-agents/praisonaiagents/memory/hooks.py. No sanitization is performed and shell...

CVE-2026-40111

PraisonAIAgents memory/hooks.py allows OS command injection via a user-controlled string passed to subprocess.run() with shell=True before 1.5.128. No sanitization occurs, shell metacharacters are interpreted by /bin/sh, enabling execution of arbitrary commands. Two attack surfaces exist: pre_run...

CVE-2026-35063

OpenPLCV3 REST API endpoint checks for JWT presence but never verifies the caller's role. Any authenticated user with role=user can delete any other user, including administrators, by specifying their user ID or they can create new accounts with role=admin, escalating to full administrator access...