EUVD-2026-19343

An authenticated stored cross-site scripting XSS vulnerability in the Category module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter...

FeehiCMS 安全漏洞

FeehiCMS is a PHP-based CMS website building system developed by Liufee’s individual developers. The FeehiCMS v2.1.1 version contains a security vulnerability. This vulnerability stems from a storage-type XSS issue with the Name parameter of the category module, which may allow for the execution ...

CVE-2026-4747

CVE-2026-4747 is a FreeBSD vulnerability in the RPCSEC_GSS implementation (kgssapi.ko) where svc_rpc_gss_validate() copies attacker-controlled data into a 128-byte stack buffer without enforcing size, enabling a 304-byte overflow when credential bodies up to 400 bytes are supplied. This can lead ...

CVE-2026-29101

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, a Denial-of-Service DoS vulnerability exists in SuiteCRM modules. Versions 7.15.1 and 8.9.3 patch the issue...

Huawei HarmonyOS Device Security Management Module Competitive Conditions Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A competitive condition vulnerability exists in the Huawei HarmonyOS device security management module, which can be exploited by an attacker to cause...

PT-2026-23427

Out-of-bounds write vulnerability in the IMS module. Impact: Successful exploitation of this vulnerability may affect availability...

PT-2026-23419

Path traversal vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect availability...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses qs-6.13.0.tgz, qs-6.14.0.tgz which is vulnerable to CVE-2025-15284.

Summary IBM Maximo Application Suite - Monitor Component uses qs-6.13.0.tgz, qs-6.14.0.tgz which is vulnerable to CVE-2025-15284. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs...

GO-2026-4394 OpenTelemetry Go SDK Vulnerable to Arbitrary Code Execution via PATH Hijacking in go.opentelemetry.io/otel/sdk

OpenTelemetry Go SDK Vulnerable to Arbitrary Code Execution via PATH Hijacking in go.opentelemetry.io/otel/sdk...

CVE-2026-2474 Crypt::URandom versions from 0.41 before 0.55 for Perl is vulnerable to a heap buffer overflow in the XS function crypt_urandom_getrandom()

Crypt::URandom versions from 0.41 before 0.55 for Perl is vulnerable to a heap buffer overflow in the XS function crypturandomgetrandom. The function does not validate that the length parameter is non-negative. If a negative value e.g. -1 is supplied, the expression length + 1u causes an integer...

Huawei EMUI and Huawei HarmonyOS DFX Module Out-of-Bounds Write Vulnerability

Huawei EMUI is a mobile operating system developed based on Android.Huawei HarmonyOS is an operating system. Provides a full-scene distributed operating system based on a microkernel. An out-of-bounds write vulnerability exists in the Huawei EMUI and Huawei HarmonyOS DFX module, which can be...

Huawei HarmonyOS HDC module buffer overflow vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a buffer overflow vulnerability that stems from the HDC module failing to properly validate the length and size of input data,...

CVE-2026-24924

Vulnerability of improper permission control in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2020-37141

AMSS++ v4.31 contains a SQL injection in the mail module, specifically in maildetail.php via the id parameter. The vulnerability could allow an attacker to manipulate SQL queries and access/modify database contents. According to Red Hat and PT- Security entries, remediation centers on updating to...

CVE-2026-24927

Out-of-bounds access vulnerability in the frequency modulation module. Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2026-24924

Vulnerability of improper permission control in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2026-24931

Vulnerability of improper criterion security check in the card module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

PT-2026-6700

Name of the Vulnerable Software and Affected Versions HDC module affected versions not specified Description A permission control issue exists in the HDC module. Successful exploitation could compromise service confidentiality. Recommendations At the moment, there is no information about a newer...

CVE-2020-37078

i-doit Open Source CMDB 1.14.1 contains a file deletion vulnerability in the import module that allows authenticated attackers to delete arbitrary files by manipulating the deleteimport parameter. Attackers can send a POST request to the import module with a crafted filename to remove files from...

CVE-2026-0630

An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2web modules allows adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration...