EUVD-2026-34097

GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technician can store an XSS payload in the asset locked tab. Upgrade to 10.0.25 or 11.0.7 to receive a patch...

EUVD-2026-34096

GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 10.0.25 and 11.0.7, a technician can read arbitrary files inside the GLPIDOCDIR. Upgrade to 10.0.25 or 11.0.7 to receive a patch...

Opencart Divido - Sql Injection

OpenCart Divido plugin is susceptible to SQL injection id: CVE-2018-11231 info: name: Opencart Divido - Sql Injection author: ritikchaddha severity: high description: | OpenCart Divido plugin is susceptible to SQL injection impact: | This vulnerability can lead to data theft, unauthorized access,...

TencentOS Server 3: dovecot (TSSA-2026:0376)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0376 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Talos Linux has a local privilege escalation from untrusted workloads

Summary A vulnerability in the Linux kernel's algifaead subsystem CVE-2026-31431, "copy.fail" allows an unprivileged container workload to corrupt arbitrary file page-cache pages via the AFALG crypto interface and splice. On Talos Linux, this vulnerability can be chained into a complete node...

net-imap has quadratic complexity when reading response literals

Summary Net::IMAP::ResponseReader has quadratic time complexity when reading large responses containing many string literals. A hostile server can send responses which are crafted to exhaust the client's CPU for a denial of service attack. Details For each literal in a response, ResponseReader...

Astra Linux - уязвимость в libimage-exiftool-perl

A vulnerability was detected in ExifTool version 13.53. The issue affects the Processmrld function in the lib/Image/ExifTool/GM.pm file, specifically in the JPEG/QuickTime/MOV/MP4 component. Manipulating the -ee argument leads to code injection. Local attacks are required to exploit this...

@fastify/middie vulnerable to middleware bypass via deprecated ignoreDuplicateSlashes option

Impact @fastify/middie v9.3.1 and earlier does not read the deprecated but still functional top-level ignoreDuplicateSlashes option, only reading from routerOptions. This creates a normalization gap: Fastify's router normalizes duplicate slashes but middie does not, allowing middleware bypass via...

CVE-2026-6011

A weakness has been identified in OpenClaw up to 2026.1.26. Affected by this issue is some unknown functionality of the file src/agents/tools/web-fetch.ts of the component assertPublicHostname Handler. Executing a manipulation can lead to server-side request forgery. The attack can be executed...

PT-2026-29480

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0276 Description Vim is susceptible to remote code execution through maliciously crafted "modelines" that can bypass sandboxes. This allows for the execution of commands. Recommendations Update to version 9.2.0276 or...

CVE-2026-4541

The CVE-2026-4541 entry concerns janmojzis tinyssh (up to 20250501) with a flaw in the Ed25519 Signature Handler—specifically in tinyssh/crypto_sign_ed25519_tinyssh.c. The issue is described as improper verification of a cryptographic signature in a local-execution scenario, with high attack comp...

EulerOS 2.0 SP11 : python-pip (EulerOS-SA-2026-1590)

According to the versions of the python-pip packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP...

PT-2026-7114

Name of the Vulnerable Software and Affected Versions BeyondTrust affected versions not specified CyberArk Conjur versions prior to 15.2.0 Description A critical flaw exists that allows for pre-authentication remote code execution. The issue affects enterprise vaults and allows privilege escalati...

PT-2026-6449

Impact When workflows process uploaded files and transfer them to remote servers via the SSH node without validating their metadata the vulnerability can lead to files being written to unintended locations on those remote systems potentially leading to remote code execution on those systems. As a...

Missing Validation of OpenSSL Certificate

Overview Affected versions of this package are vulnerable to Missing Validation of OpenSSL Certificate due to the default configuration of DefaultConfig where TLS certificate verification is disabled for outgoing storage driver communications. An attacker can intercept, decrypt, and manipulate al...

soroban-fixed-point-math has Incorrect Rounding and Overflow Handling in Signed Fixed-Point Math with Negatives

Impact Incorrect rounding direction for signed mul and div operations The mulDivx, y, z function incorrectly handled cases where both the intermediate product $x y$ and the divisor $z$ were negative. The logic assumed that if the intermediate product was negative, the final result must also be...

CVE-2025-1584

A vulnerability classified as problematic was found in opensolon Solon up to 3.0.8. This vulnerability affects unknown code of the file solon-projects/solon-web/solon-web-staticfiles/src/main/java/org/noear/solon/web/staticfiles/StaticMappings.java. The manipulation leads to path traversal:...

EulerOS Virtualization 2.13.0 : binutils (EulerOS-SA-2025-2569)

According to the versions of the binutils package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the...

Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch

A critical security flaw has been disclosed in Apache Tika that could result in an XML external entity XXE injection attack. The vulnerability, tracked as CVE-2025-66516 , is rated 10.0 on the CVSS scoring scale, indicating maximum severity. "Critical XXE in Apache Tika tika-core 1.13-3.2.1,...

CVE-2025-5555

A vulnerability has been found in Nixdorf Wincor PORT IO Driver up to 1.0.0.1. This affects the function sub11100 in the library wnport.sys of the component IOCTL Handler. Such manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has bee...