CVE-2026-44264

Weblate (localization tool) is affected by an XSS in Markdown rendering prior to version 5.17.1, where user-submitted content in comments and other fields did not sanitize some attributes. The root cause is insufficient sanitization in the Markdown renderer. A fix was released in Weblate 5.17.1 (...

Astra Linux - уязвимость в linux, linux-5.10

A memory flaw after deallocation was discovered in the Linux kernel’s garbage collection for Unix domain socket file handlers. This flaw occurs when users call close and fget simultaneously, potentially triggering a race condition. This flaw allows a local user to crash the system or escalate the...

CVE-2026-40491 gdown Affected by Arbitrary File Write via Path Traversal in gdown.extractall

gdown is a Google Drive public file/folder downloader. Versions prior to 5.2.2 are vulnerable to a Path Traversal attack within the extractall functionality. When extracting a maliciously crafted ZIP or TAR archive, the library fails to sanitize or validate the filenames of the archive members...

CVE-2026-33435

Weblate: Remote code execution during project backup restoration in versions prior to 5.17 due to backups not filtering Git/Mercurial config files. Fixed in 5.17. Remediation: upgrade to 5.17+ or restrict access to backups (backups are only accessible to users who can create projects).

CVE-2026-33435

Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial configuration files which could lead to remote code execution under certain circumstances. This issue has been fixed in version 5.17. If developers are unable to update...

Weblate 安全漏洞

Weblate is an open-source, copyleft, web-based free software system for continuous localization. A security vulnerability existed in versions of Weblate prior to 5.17. This vulnerability stemmed from a machine translation service URL that could be configured by users with the project.edit...

CVE-2026-28775

An unauthenticated Remote Code Execution RCE vulnerability exists in the SNMP service of International Datacasting Corporation IDC SFX Series SuperFlex SatelliteReceiver. The deployment insecurely provisions the private SNMP community string with read/write access by default. Because the SNMP age...

Dell Wyse Management Suite WMS 代码问题漏洞

Dell Wyse Management Suite WMS is a cloud-based and on-premise management platform developed by the American company Dell. It is used for centralized management of Wyse lightweight terminal devices, supporting features such as remote configuration, firmware updates, and security policy management...

Zyxel EX3510-B0 操作系统命令注入漏洞

The Zyxel EX3510-B0 is a security routing gateway developed by the Chinese company Zyxel. Versions of the Zyxel EX3510-B0 prior to 5.17ABUP.15.1C0 contain an operating system command injection vulnerability. This vulnerability stems from the UPnP feature’s susceptibility to command injections,...

QNAP Qsync Central 代码问题漏洞

QNAP Qsync Central is a cloud-based file synchronization service for NAS devices provided by QNAP Technology Co., Ltd. Versions of QNAP Qsync Central prior to 5.0.0.4 contained a code vulnerability caused by a null pointer dereferencing, which could allow remote attackers to launch a...

Blesta 代码问题漏洞

Blesta is a customer relationship management system developed by Blesta Inc. Versions of Blesta prior to 5.13.3 contained a code vulnerability caused by object injection...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004225)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004225 advisory. A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004471)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004471 advisory. A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel,...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004088)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004088 advisory. An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2usb.c driver...

CVE-2025-34262

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devices/name/agentid endpoint. When an authenticated user renames a device, the newname value is stored and later rendered in device listings or detail views without proper...

CVE-2025-34259

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devicemap/building endpoint. When an authenticated user creates a map entry, the name parameter is stored and later rendered in the map list UI without HTML sanitzation. An...

CVE-2025-66514 Nextcloud Mail stored HTML injection in subject text

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Prior to 5.5.3, a stored HTML injection in the Mail app's message list allowed an authenticated user to inject HTML into the email subjects. Javascript was correctly blocked by the content security policy of the...

CVE-2025-34261 Advantech WISE-DeviceOn Server < 5.4 Authenticated Stored XSS via devicegroups/

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devicegroups/ endpoint. When an authenticated user creates a device group, the name and description values are stored and later rendered in device group listings without...

Advantech WISE-DeviceOn Server 跨站脚本漏洞

Advantech WISE-DeviceOn Server is Advantech's next-generation unified device management solution based on the WISE-DeviceOn platform. Advantech WISE-DeviceOn Server suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied...

CVE-2021-47695

CVE-2021-47695 affects Nagios XI