EUVD-2026-31586

A flaw has been found in ItzCrazyKns Vane up to 1.12.1. This vulnerability affects unknown code of the file src/app/api/providers/route.ts of the component Model Provider API. This manipulation of the argument baseURL causes server-side request forgery. Remote exploitation of the attack is...

EUVD-2026-31559

A flaw has been found in Edimax EW-7438RPn up to 1.31. This impacts the function formWirelessTbl of the file /goform/formWirelessTbl of the component webs. Executing a manipulation of the argument submit-url can lead to buffer overflow. The attack may be performed from remote. The exploit has bee...

CVE-2026-9346 Edimax EW-7438RPn webs formWirelessTbl buffer overflow

A flaw has been found in Edimax EW-7438RPn up to 1.31. This impacts the function formWirelessTbl of the file /goform/formWirelessTbl of the component webs. Executing a manipulation of the argument submit-url can lead to buffer overflow. The attack may be performed from remote. The exploit has bee...

PT-2026-42933

A flaw has been found in ItzCrazyKns Vane up to 1.12.1. This vulnerability affects unknown code of the file src/app/api/providers/route.ts of the component Model Provider API. This manipulation of the argument baseURL causes server-side request forgery. Remote exploitation of the attack is...

PT-2026-42924

A flaw has been found in projectworlds Online Art Gallery Shop 1.0. Impacted is an unknown function of the file /admin/adminHome.php. Executing a manipulation of the argument social linked can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be us...

PT-2026-42971

Name of the Vulnerable Software and Affected Versions Edimax BR-6675nD version 1.12 Description A flaw in the POST Request Handler component allows for remote command injection. The issue exists within the formUSBStorage function located in the '/goform/formUSBStorage' endpoint. An attacker can...

CVE-2026-9299

A flaw has been found in omec-project amf up to 2.1.1. Affected by this issue is the function PDUSessionResourceModifyIndication of the file /go/src/amf/ngap/handler.go. This manipulation causes memory corruption. Remote exploitation of the attack is possible. The exploit has been published and m...

Arbitrary Command Injection

Overview org.webjars.npm:shell-quote is a package used to quote and parse shell commands. Affected versions of this package are vulnerable to Arbitrary Command Injection via the quote function when object-token inputs containing line terminators \n, \r, U+2028, U+2029 in the .op field are not...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the distributed pixel cache process. An attacker can gain unauthorized access to sensitive information by connecting to the server without authentication. Remediation A fix was pushed into the master branch but n...

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Vulnerabilities exist in versions of Mattermost 11.6.0 and earlier 11.6.x series, as well as versions prior to 11.5.3 11.5.x series, 11.4.4 and earlier 11.4.x series, and 10.11.14 and earlier 10.11.x...

Insufficient Session Expiration

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Insufficient Session Expiration through the ApiToken delete path in the token management code. An attacker can keep using a deleted API token by deleting it while the cache entry remains keyed under the token value,...

CVE-2026-42568

creationtimestamp| type| source ---|---|--- 2026-05-21 15:03:27+00:00| published-proof-of-concept| https://github.com/yamcs/yamcs/security/advisories/GHSA-cqh3-jg8p-336j 2026-05-29 15:00:15+00:00| seen| Telegram/a86W4JR7O--z7UEFDSjPGooPu8cJg6Qw5misZZ2a8xOkaUM 2026-05-29 21:00:04+00:00| seen|...

CVE-2026-6728

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.0.9 via the 'getstreamdata' function. This makes it possible for unauthenticated attackers to extract sensitive data including published password-protected post, page, an...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the overlay process. An attacker can cause a crash or potentially access sensitive memory contents by providing a crafted HEIF file that triggers incorrect indexing into the alpha buffer during image compositing...

CVE-2026-43945

creationtimestamp| type| source ---|---|--- 2026-05-19 18:34:17+00:00| published-proof-of-concept| https://github.com/frangoteam/FUXA/security/advisories/GHSA-p69w-mmfv-xrfj...

[SECURITY] Fedora 44 Update: rust-ingredients-0.2.2-4.fc44

Check ingredients of published Rust crates...

[SECURITY] Fedora 43 Update: rust-ingredients-0.2.2-4.fc43

Check ingredients of published Rust crates...

CVE-2026-47396

creationtimestamp| type| source ---|---|--- 2026-05-19 06:34:59+00:00| published-proof-of-concept| https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-86qc-r5v2-v6x6...

CVE-2026-47268

creationtimestamp| type| source ---|---|--- 2026-05-19 01:15:10+00:00| published-proof-of-concept| https://github.com/nezhahq/nezha/security/advisories/GHSA-6x26-5727-rrm9...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the JP2 encoder. An attacker can cause a single-byte heap buffer overwrite by specifying certain options. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Advisory -...