PT-2026-21989

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server Liberty affected versions not specified Description IBM WebSphere Application Server Liberty may provide weaker than expected security. The issue could potentially impact the security posture of the application...

CVE-2026-3040

A vulnerability was identified in DrayTek Vigor 300B up to 1.5.1.6. This affects the function cgiGetFile of the file /cgi-bin/mainfunction.cgi/uploadlangs of the component Web Management Interface. The manipulation of the argument File leads to os command injection. The attack may be initiated...

CVE-2026-3040

A vulnerability was identified in DrayTek Vigor 300B up to 1.5.1.6. This affects the function cgiGetFile of the file /cgi-bin/mainfunction.cgi/uploadlangs of the component Web Management Interface. The manipulation of the argument File leads to os command injection. The attack may be initiated...

CVE-2026-3040

A vulnerability was identified in DrayTek Vigor 300B up to 1.5.1.6. This affects the function cgiGetFile of the file /cgi-bin/mainfunction.cgi/uploadlangs of the component Web Management Interface. The manipulation of the argument File leads to os command injection. The attack may be initiated...

CVE-2026-3040 DrayTek Vigor 300B Web Management uploadlangs cgiGetFile os command injection

A vulnerability was identified in DrayTek Vigor 300B up to 1.5.1.6. This affects the function cgiGetFile of the file /cgi-bin/mainfunction.cgi/uploadlangs of the component Web Management Interface. The manipulation of the argument File leads to os command injection. The attack may be initiated...

CVE-2026-27146

GetSimple CMS is a content management system. All versions of GetSimple CMS do not implement CSRF protection on the administrative file upload endpoint. As a result, an attacker can craft a malicious web page that silently triggers a file upload request from an authenticated victim’s browser. The...

DEBIAN-CVE-2026-27168

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. All versions are vulnerable to Heap-based Buffer Overflow through the XWD parser's use of the bytesperline value. The value os read directly from the file as the read size in...

CVE-2026-27147

GetSimple CMS is a content management system. All versions of GetSimple CMS are vulnerable to XSS through SVG file uploads. Authenticated users can upload SVG files via the administrative upload functionality, but they are not properly sanitized or restricted, allowing an attacker to embed...

UBUNTU-CVE-2026-27168

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. All versions are vulnerable to Heap-based Buffer Overflow through the XWD parser's use of the bytesperline value. The value os read directly from the file as the read size in...

CVE-2026-27168

CVE-2026-27168 affects the SAIL image library, specifically the XWD parser in the Sail-codecs-xwd component. All versions are vulnerable to a heap-based buffer overflow caused by using the bytes_per_line value read directly from the XWD file as the io->strict_read() size, without validating it...

CVE-2026-27147

GetSimple CMS is affected by a stored XSS due to unsanitized SVG uploads. All versions are vulnerable; authenticated users can upload SVG files via the admin upload function, and the uploaded SVGs execute JavaScript when viewed. The issue is described as not having a fix at the time of publicatio...

CVE-2026-27146

GetSimple CMS is a content management system. All versions of GetSimple CMS do not implement CSRF protection on the administrative file upload endpoint. As a result, an attacker can craft a malicious web page that silently triggers a file upload request from an authenticated victim’s browser. The...

CVE-2026-27146 GetSimple CMS: Cross-Site Request Forgery (CSRF) in File Upload Allows Arbitrary Uploads

GetSimple CMS is a content management system. All versions of GetSimple CMS do not implement CSRF protection on the administrative file upload endpoint. As a result, an attacker can craft a malicious web page that silently triggers a file upload request from an authenticated victim’s browser. The...

PT-2026-21324

GetSimple CMS is a content management system. All versions of GetSimple CMS are vulnerable to XSS through SVG file uploads. Authenticated users can upload SVG files via the administrative upload functionality, but they are not properly sanitized or restricted, allowing an attacker to embed...

PT-2026-20404

Name of the Vulnerable Software and Affected Versions NVIDIA NeMo Framework affected versions not specified Description The NVIDIA NeMo Framework contains a flaw that could allow for remote code execution. Exploitation of this issue may result in code execution, escalation of privileges,...

PT-2026-20235

Name of the Vulnerable Software and Affected Versions IBM DB2 Recovery Expert for LUW version 5.5 Interim Fix 002 Description IBM DB2 Recovery Expert for Linux, UNIX, and Windows transmits data over a cleartext communication channel. This could allow an attacker to intercept sensitive information...

PT-2026-20276

Name of the Vulnerable Software and Affected Versions Tanium Enforce Recovery Key Portal affected versions not specified Description An insecure file permissions issue exists in Tanium Enforce Recovery Key Portal. The vulnerability involves incorrect file permissions that could potentially be...

PT-2026-20236

Name of the Vulnerable Software and Affected Versions IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 Description IBM DB2 Recovery Expert for Linux, UNIX and Windows is susceptible to a cross-site request forgery condition. This could allow an attacker to perform unauthorized actions on behal...

PT-2026-20311

Name of the Vulnerable Software and Affected Versions Glory RBG-100 recycler systems using the ISPK-08 software component affected versions not specified Description The Glory RBG-100 recycler systems, utilizing the ISPK-08 software component, are susceptible to unauthorized access due to...

PT-2026-20307

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description A flaw exists in the management API that could allow a remote attacker without authentication to initiate service restarts. Exploitation of this issue may lead ...