28535 matches found
DEBIAN-CVE-2026-8258
A flaw has been found in Squirrel up to 3.2. Impacted is the function validateformat in the library sqstdlib/sqstdstring.cpp. Executing a manipulation can lead to stack-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used. The project was...
PT-2026-39874
Name of the Vulnerable Software and Affected Versions Mantis Bug Tracker MantisBT versions prior to 2.28.2 Description Insufficient access control checks in the ProjectUsersAddCommand function used in 'manage proj user add.php' and the 'PUT /project/id/users' API endpoint allow users with manage...
PT-2026-39560
A vulnerability was determined in Squirrel up to 3.2. This affects the function SQFunctionProto::Load of the file squirrel/sqobject.cpp. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. T...
PT-2026-39899
Name of the Vulnerable Software and Affected Versions Mantis Bug Tracker MantisBT versions 1.3.0 through 2.28.1 Description An issue exists where an unescaped Project Name allows an attacker with manager or administrator access levels to inject HTML into the Move Attachments admin page. This lead...
PT-2026-39871
A flaw has been found in omec-project amf up to 2.1.1. This vulnerability affects unknown code of the component NGAP Message Handler. Executing a manipulation can lead to memory corruption. The attack can be launched remotely. The exploit has been published and may be used. This patch is called...
PT-2026-39601
Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash arithmetic expansion $..., allowing execution of arbitrary commands nested inside an allowlisted command like echo. This vulnerability is fixed in 0.229.0...
PT-2026-39875
Name of the Vulnerable Software and Affected Versions Mantis Bug Tracker MantisBT versions prior to 2.28.2 Description A Stored Cross-Site Scripting XSS issue exists when cloning an issue from a project other than the current one. The clone form 'bug report page.php' prepends the source project...
EUVD-2026-28946
Kdenlive before 26.04.1 allows dangerous proxy parameters when an attacker-controlled project file is used...
Position: AI Security Policy Should Target Systems, Not Models
We present swarm-attack, an open-source adversarial testing framework in which multiple lightweight LLM agents coordinate through shared memory, parallel exploration, and evolutionary optimization. Together, our results demonstrate that both safety bypass of frontier models and software...
PT-2026-39464
soundcloud-rpc is a SoundCloud Client with Discord Rich Presence, Dark Mode, Last.fm and AdBlock support. Prior to 0.1.8, a track title containing an HTML payload executed locally in the Electron app. This means attacker-controlled SoundCloud track metadata can lead to local command execution on...
CVE-2026-45184
Kdenlive before 26.04.1 allows dangerous proxy parameters when an attacker-controlled project file is used...
DEBIAN-CVE-2026-45184
Kdenlive before 26.04.1 allows dangerous proxy parameters when an attacker-controlled project file is used...
CVE-2026-45184
Kdenlive before 26.04.1 allows dangerous proxy parameters when an attacker-controlled project file is used...
UBUNTU-CVE-2026-45184
Kdenlive before 26.04.1 allows dangerous proxy parameters when an attacker-controlled project file is used...
CVE-2026-45184
Kdenlive before 26.04.1 allows dangerous proxy parameters when an attacker-controlled project file is used...
CVE-2026-45184
Kdenlive before 26.04.1 allows dangerous proxy parameters when an attacker-controlled project file is used...
CVE-2026-45184
Kdenlive before 26.04.1 allows dangerous proxy parameters when an attacker-controlled project file is used...
CVE-2026-45184
Kdenlive before 26.04.1 allows dangerous proxy parameters when an attacker-controlled project file is used...
CVE-2026-45184
Kdenlive has a vulnerability in versions prior to 26.04.1 where dangerous proxy parameters can be introduced via an attacker-controlled project file. The issue affects handling of proxies within the project file, with potential impacts to confidentiality and integrity (per CVSS: LOCAL, HIGH impac...
Kdenlive 安全漏洞
Kdenlive is a video editing software from the Kdenlive organization that supports multi-track editing with rich effects processing. A security vulnerability exists in Kdenlive versions prior to 26.04.1 that stems from allowing dangerous proxy parameters when using an attacker-controlled project...