NCBI ToolBox - Directory Traversal

NCBI ToolBox 2.0.7 through 2.2.26 legacy versions contain a path traversal vulnerability via viewcgi.cgi which may result in reading of arbitrary files i.e., significant information disclosure or file deletion via the nph-viewgif.cgi query string. id: CVE-2018-16716 info: name: NCBI ToolBox -...

Hitachi Pentaho Business Analytics Server - Bypass Authorization

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented. id: CVE-2022-43939 info: name: Hitachi Pentaho Business Analytics Server - Bypass Authorization author: daffainf...

PT-2026-43699

Slican telephone exchanges allow administrative protocol authentication bypass. An attacker can bypass the need to enter login credentials by executing the appropriate command. This issue was fixed in versions below: - NCP: version 1.24.0250 - IPx series: version 6.61.0040 - CCT-1668: version...

Authlib 安全漏洞

Authlib is an open-source library developed by Authlib, designed to build servers for OAuth and OpenID Connect. Versions of Authlib prior to 1.6.12 and 1.7.1 contained security vulnerabilities. These vulnerabilities stemmed from unauthenticated redirection in the OpenIDImplicitGrant and...

PT-2026-43071

Name of the Vulnerable Software and Affected Versions hackney versions 0 through 4.0.0 Description Improper Neutralization of CRLF Sequences allows HTTP Request Splitting. The software fails to percent-encode carriage return r or line feed characters in the URL query component before constructing...

CVE-2026-5740

Mattermost CVE-2026-5740 is an unauthenticated denial-of-service issue affecting Mattermost Server versions 11.6.x up to 11.6.0, 11.5.x up to 11.5.3, 11.4.x up to 11.4.4, and 10.11.x up to 10.11.14. The root cause is improper validation of msgpack-encoded WebSocket frames before memory allocation...

WordPress plugin Slider Revolution 信息泄露漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

EUVD-2026-30815

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous and unprivileged users who cannot regenerate summaries. This issue has been fixed in versions 2026.1.4,...

WordPress Forms Rb plugin <= 1.1.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modification vulnerability

Missing Authorization to Authenticated Contributor+ Arbitrary Modification vulnerability discovered by ? in WordPress Plugin Forms Rb versions = 1.1.9...

CVE-2026-43895

jq is a command-line JSON processor. In 1.8.1 and earlier, jq accepts embedded NUL bytes in import paths at the jq-language level, but later resolves those paths through C string operations during module and data-file lookup. This creates a mismatch between the logical import string that policy o...

CVE-2026-44201

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, the Documents and Images API incorrectly listed items in private collections. A user with access to the API could see the filename and name of documents and images in private collections. This...

CVE-2026-42343

CVE-2026-42343 (FastGPT) affects FastGPT’s code-sandbox in versions ≤ 4.14.13, due to insufficient resource isolation. The system relies on an application-level soft limit (500 ms polling) for memory management and lacks OS-level constraints (cgroups/kernel namespaces). This enables time-window b...

Linux Distros Unpatched Vulnerability : CVE-2026-41672

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 an...

PT-2026-38030

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be...

PT-2026-37060

Name of the Vulnerable Software and Affected Versions Django versions 6.0 through 6.0.4 Django versions 5.2 through 5.2.13 Description When SESSION SAVE EVERY REQUEST is set to True, response headers do not vary based on cookies if a session remains unmodified. This allows a remote attacker to...

Astra Linux - уязвимость в firefox, thunderbird

Memory safety bugs exist in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects Firefox version...

CVE-2026-31426 affecting package kernel for versions less than 6.6.134.1-2

CVE-2026-31426 affecting package kernel for versions less than 6.6.134.1-2. An upgraded version of the package is available that resolves this issue...

CVE-2026-31533 affecting package kernel for versions less than 6.6.137.1-1

CVE-2026-31533 affecting package kernel for versions less than 6.6.137.1-1. An upgraded version of the package is available that resolves this issue...

WordPress plugin Import and export users and customers 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Dell Alienware Command Center 安全漏洞

Dell Alienware Command Center is a software package manager developed by the American company Dell. Versions of the Dell Alienware Command Center prior to 6.13.8.0 contained security vulnerabilities. These vulnerabilities were due to violations of the principle of least privilege, which could all...