CVE-2026-33147

GMT is an open-source suite of CLI tools for geographic/Cartesian data. A stack-based buffer overflow was identified in the gmt_remote_dataset_id function (src/gmt_remote.c) affecting versions up to 6.6.0. Trigger occurs when a specially crafted long string is passed as a dataset identifier (e.g....

CVE-2026-4505

This CVE affects the eosphoros-ai DB-GPT project up to version 0.7.5. The vulnerability lies in the FastAPI Endpoint component, specifically the function module_plugin.refresh_plugins in packages/dbgpt-serve/src/dbgpt_serve/agent/hub/controller.py, which enables unrestricted file upload. The issu...

ANT-2026-HY56VRSB · nginx · Heap

heap-buffer-overflow high CVE-2026-27654 Severity Claude high · Security research firm - · Maintainer - Discovered by Claude Mythos Preview REPORT Anthropic's analysis, sealed at approval. Disclosure to the maintainer was performed by Calif. ANT-2026-HY56VRSB: Heap buffer overflow in...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the RemoveProjectBackground process. An attacker can permanently delete background images by sending a DELETE request to the relevant API endpoint with only read-level permissions. Remediation Upgrade...

OESA-2026-1703 golang security update

The Go Programming Language. Security Fixes: The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large...

OESA-2026-1702 golang security update

The Go Programming Language. Security Fixes: The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large...

OESA-2026-1701 golang security update

The Go Programming Language. Security Fixes: The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large...

OESA-2026-1699 golang security update

The Go Programming Language. Security Fixes: The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large...

OESA-2026-1647 qt5-qtsvg security update

The Qt SVG module provides functionality for displaying SVG images in widget, and to create SVG files using drawing commands. Security Fixes: The module will parse a pattern node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading...

Malicious Package

Overview restaking-apy-module is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-1966 Malicious code in restaking-apy-module (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8aa08edde60ee1a5b831af5088eaaf1b9b490ab5975541f8036f4efac42d6840 The package restaking-apy-module was found to contain malicious code. Source: ghsa-malware...

Malicious code in restaking-apy-module (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8aa08edde60ee1a5b831af5088eaaf1b9b490ab5975541f8036f4efac42d6840 The package restaking-apy-module was found to contain malicious code. Source: ghsa-malware...

CVE-2026-4441

Use after free in Base in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

br.com.consultdg:database-module (>=1.0.1 <=1.0.10), cn.herodotus.engine:oauth2-authorization-server-autoconfigure (>=3.4.0.0 <=3.4.0.1) +1068 more potentially affected by CVE-2026-22732 via org.springframework.security:spring-security-web (>=6.4.0 <=6.4.13)

org.springframework.security:spring-security-web MAVEN version =6.4.0, =1.0.1, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =4.11.3, =4.11.3, =4.11.3, =4.11.3, =4.11.3, =4.11.5 and more Source cves: CVE-2026-22732 Source advisory: OSV:GHSA-MF92-479X-33...

SUSE CVE-2026-32700

Devise is an authentication solution for Rails based on Warden. Prior to version 5.0.3, a race condition in Devise's Confirmable module allows an attacker to confirm an email address they do not own. This affects any Devise application using the reconfirmable option the default when using...

Admidio 安全漏洞

Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Versions of Admidio 5.0.6 and earlier have security vulnerabilities. These vulnerabilities st...

PT-2026-26665

A vulnerability was identified in bagofwords1 bagofwords up to 0.0.297. This impacts the function generate df of the file backend/app/ai/code execution/code execution.py. Such manipulation leads to injection. The attack may be launched remotely. The exploit is publicly available and might be used...

CVE-2026-29104

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, SuiteCRM contains an authenticated arbitrary file upload vulnerability in the Configurator module. An authenticated administrator can bypass intended file ty...

CVE-2026-29103

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. A Critical Remote Code Execution RCE vulnerability exists in SuiteCRM 7.15.0 and 8.9.2, allowing authenticated administrators to execute arbitrary system commands. This vulnerability is a direc...

CVE-2026-29098

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the actionexportCustom function in modules/ModuleBuilder/controller.php fails to properly neutralize path traversal sequences in the $modules and $name...