CVE-2026-1050

A flaw has been found in risesoft-y9 Digital-Infrastructure up to 9.6.7. This affects an unknown function of the file source-code/src/main/java/net/risesoft/util/Y9PlatformUtil.java of the component REST Authenticate Endpoint. Executing a manipulation can lead to sql injection. The attack can be...

PT-2026-3516

Name of the Vulnerable Software and Affected Versions Chainlit versions prior to 2.9.4 Description Chainlit versions prior to 2.9.4 have a server-side request forgery SSRF issue in the /project/element update flow when using the SQLAlchemy data layer backend. An authenticated client can control t...

CVE-2026-22797

An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. The externaloauth2token middleware fails to sanitize incoming authentication headers before processing OAuth 2.0 tokens. By sending forged...

PT-2026-3494

Name of the Vulnerable Software and Affected Versions birkir prime versions prior to 0.4.0.beta.0 Description A resource consumption issue exists in birkir prime. The issue affects an unknown function within the GraphQL Alias Handler component, specifically through the /graphql file. The attack c...

PT-2026-3443

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in hexpm hexpm/hexpm 'Elixir.HexpmWeb.SharedAuthorizationView' modules allows Cross-Site Scripting XSS. This vulnerability is associated with program files lib/hexpm web/views/shared...

OpenProject cross-site scripting vulnerabilities

OpenProject is an open-source web-based project management software. Versions 16.3.0 to 16.6.4 of OpenProject contain cross-site scripting vulnerabilities. These vulnerabilities stem from the lack of escaping of user-controlled sub-project names in the roadmap view, which may lead to...

PT-2026-3515

Name of the Vulnerable Software and Affected Versions Chainlit versions prior to 2.9.4 Description Chainlit versions prior to 2.9.4 have an arbitrary file read issue in the /project/element update process. An authenticated client can submit a custom Element with a user-defined path, which causes...

CVE-2022-0188

creationtimestamp| type| source ---|---|--- 2026-01-18 19:58:12+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2022/CVE-2022-0188.yaml 2026-01-20 21:03:03+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mcv2l2eb4u2h...

PT-2026-3393

Name of the Vulnerable Software and Affected Versions PHPGurukul News Portal version 1.0 Description A security flaw exists in PHPGurukul News Portal that allows for cross-site request forgery. This issue is triggered by manipulating an unknown function and can be exploited remotely. The exploit ...

PT-2026-3392

Name of the Vulnerable Software and Affected Versions PHPGurukul News Portal version 1.0 Description An improper authorization issue exists in the Add Sub-Admin Page of PHPGurukul News Portal. This flaw is located in an unknown function within the '/admin/add-subadmins.php' file and allows for...

CVE-2025-13845

CWE-416: Use After Free vulnerability that could cause remote code execution when the end user imports the malicious project file SSD file into Rapsody...

CVE-2025-13844

CWE-415: Double Free vulnerability exists that could cause heap memory corruption when the end user imports a malicious project file SSD file shared by the attacker into Rapsody...

[SECURITY] Fedora 43 Update: freerdp-3.20.2-1.fc43

The xfreerdp & wlfreerdp Remote Desktop Protocol RDP clients from the FreeR DP project. xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows machines, xrdp and VirtualBox...

CVE-2025-67076

Directory traversal vulnerability in Omnispace Agora Project before 25.10 allowing unauthenticated attackers to read files on the system via the misc controller and the ExternalGetFile action. Only files with an extension can be read...

CVE-2025-67077

File upload vulnerability in Omnispace Agora Project before 25.10 allowing authenticated, or under certain conditions also guest users, via the UploadTmpFile action...

CVE-2025-67078

Cross site scripting XSS vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute arbitrary code via the notify parameter of the file controller used to display errors...

CVE-2025-64729 AVEVA Process Optimization Missing Authorization

The vulnerability, if exploited, could allow an authenticated miscreant OS Standard User to tamper with Process Optimization project files, embed code, and escalate their privileges to the identity of a victim user who subsequently interacts with the project files...

EUVD-2026-3109

Malicious code in @servicepoint/vue-project npm...

Malicious code in @servicepoint/vue-project (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67e76cc6f33b38c127f7dec1e1fe6fae541e8af99646d66ff411c94a8071a482 The package @servicepoint/vue-project was found to contain malicious code. Source: ghsa-malware...

MAL-2026-260 Malicious code in @servicepoint/vue-project (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67e76cc6f33b38c127f7dec1e1fe6fae541e8af99646d66ff411c94a8071a482 The package @servicepoint/vue-project was found to contain malicious code. Source: ghsa-malware...