cpython: POP3 command injection in user-controlled commands

A flaw was found in the poplib module in the Python standard library. The poplib module does not reject control characters, such as newlines, in user-controlled input passed to POP3 commands. This issue allows an attacker to inject additional commands to be executed in the POP3 server...

cpython: email header injection due to unquoted newlines

A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules,...

CVE-2026-3256

HTTP::Session versions through 0.53 for Perl defaults to using insecurely generated session ids. HTTP::Session defaults to using HTTP::Session::ID::SHA1 to generate session ids using a SHA-1 hash seeded with the built-in rand function, the high resolution epoch time, and the PID. The PID will com...

Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel: Use-After-Free vulnerability in ATM subsystem CVE-2025-38180 kernel: drm/sched: Fix potential double free in drmschedjobaddresvdependencies CVE-2025-40096 kernel: Linux...

Roo Code 安全漏洞

Roo Code is an AI-based autonomous coding agent developed by Roo Code Inc. Roo Code has a security vulnerability, which stems from the command autapproval module’s susceptibility to OS command injection, potentially leading to remote code execution...

ROS-20260330-73-0001

A vulnerability in the LSILogic module of the Oracle VM VirtualBox virtualization software tool is associated with insecure privilege management due to incorrect memory freeing. Exploitation of the vulnerability could allow an attacker to gain unauthorized access to protected information...

Syntx 安全漏洞

Syntx is an artificial intelligence-based data analysis and automated decision-making platform developed by Syntx Corporation. There is a security vulnerability in Syntx; this vulnerability stems from the command automatic approval module’s susceptibility to OS command injection, which may lead t...

PT-2026-29058

MRCMS V3.1.2 contains an unauthenticated directory enumeration vulnerability in the file management module. The /admin/file/list.do endpoint lacks authentication controls and proper input validation, allowing remote attackers to enumerate directory contents on the server without any credentials...

CVE-2026-29909

MRCMS V3.1.2 contains an unauthenticated directory enumeration vulnerability in the file management module. The /admin/file/list.do endpoint lacks authentication controls and proper input validation, allowing remote attackers to enumerate directory contents on the server without any credentials...

kernel security update

6.12.0-124.47.1 - Add new Oracle Linux Driver Signing key 1 certificate Orabug: 37985782 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list...

ALSA-2026:6153 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel: Use-After-Free vulnerability in ATM subsystem CVE-2025-38180 kernel: drm/sched: Fix potential double free in drmschedjobaddresvdependencies CVE-2025-40096 kernel: Linux...

PT-2026-29144

A vulnerability was identified in code-projects Online Food Ordering System 1.0. Affected is an unknown function of the file /form/order.php of the component Order Module. Such manipulation of the argument cust id leads to cross site scripting. The attack may be performed from remote. The exploit...

CVE-2026-29909

MRCMS V3.1.2 contains an unauthenticated directory enumeration vulnerability in the file management module. The /admin/file/list.do endpoint lacks authentication controls and proper input validation, allowing remote attackers to enumerate directory contents on the server without any credentials...

ANT-2026-VS18SA90 · nginx · Arbitrary File Write

arbitrary-file-write critical CVE-2026-27654 Severity Claude critical · Security research firm critical · Maintainer - Discovered by Claude Mythos Preview REPORT Anthropic's analysis, sealed at approval. Disclosure to the maintainer was performed by Calif. ANT-2026-VS18SA90: unauthenticated remot...

EUVD-2026-16983

A vulnerability was determined in mxml up to 4.0.4. This issue affects the function indexsort of the file mxml-index.c of the component mxmlIndexNew. Executing a manipulation of the argument tempr can lead to stack-based buffer overflow. The attack is restricted to local execution. The exploit ha...

CVE-2026-5023

A vulnerability has been found in DeDeveloper23 codebase-mcp up to 3ec749d237dd8eabbeef48657cf917275792fde6. This vulnerability affects the function getCodebase/getRemoteCodebase/saveCodebase of the file src/tools/codebase.ts of the component RepoMix Command Handler. Such manipulation leads to os...

CVE-2026-4991

A vulnerability was detected in QDOCS Smart School Management System up to 7.2. The impacted element is an unknown function of the file /admin/enquiry of the component Admission Enquiry Module. Performing a manipulation of the argument Note results in cross site scripting. The attack is possible ...

EUVD-2026-16939

HTTP::Session versions through 0.53 for Perl defaults to using insecurely generated session ids. HTTP::Session defaults to using HTTP::Session::ID::SHA1 to generate session ids using a SHA-1 hash seeded with the built-in rand function, the high resolution epoch time, and the PID. The PID will com...

CVE-2026-3256

HTTP::Session versions through 0.53 for Perl defaults to using insecurely generated session ids. HTTP::Session defaults to using HTTP::Session::ID::SHA1 to generate session ids using a SHA-1 hash seeded with the built-in rand function, the high resolution epoch time, and the PID. The PID will com...

EUVD-2026-16921

A vulnerability was identified in Sinaptik AI PandasAI up to 0.1.4. Affected by this issue is the function deletequestionandanswers/deletedocs/updatequestionanswer/updatedocs/getrelevantquestionanswersbyid/getrelevantdocsbyid of the file extensions/ee/vectorstores/lancedb/pandasailancedb/lancedb....