EUVD-2026-25658

A vulnerability was determined in star7th ShowDoc up to 2.10.10/3.6.2/3.8.0. Affected by this vulnerability is an unknown functionality of the file server/Application/Api/Controller/PageController.class.PHP of the component API Page Sort Endpoint. Executing a manipulation of the argument pages ca...

CVE-2026-6981

A vulnerability was found in IhateCreatingUserNames2 AiraHub2 up to 3e4b77fd7d48ed811ffe5b8d222068c17c76495e. Affected is the function connectstreamendpoint/syncagents of the file AiraHub.py of the component Endpoint. Performing a manipulation results in server-side request forgery. The attack ma...

EUVD-2026-25657

A vulnerability was found in IhateCreatingUserNames2 AiraHub2 up to 3e4b77fd7d48ed811ffe5b8d222068c17c76495e. Affected is the function connectstreamendpoint/syncagents of the file AiraHub.py of the component Endpoint. Performing a manipulation results in server-side request forgery. The attack ma...

CVE-2026-6977 vanna-ai vanna Legacy Flask API improper authorization

A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. The affected element is an unknown function of the component Legacy Flask API. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and ma...

OESA-2026-2057 assimp security update

Assimp is a library to load and process geometric scenes from various data formats. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems of any kind, but is not limited to this purpose. Security Fixes: A vulnerability classified as critic...

OESA-2026-2056 assimp security update

Assimp is a library to load and process geometric scenes from various data formats. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems of any kind, but is not limited to this purpose. Security Fixes: A vulnerability was found in Open...

Cesanta Mongoose 数据伪造问题漏洞

Cesanta Mongoose is a set of embedded server libraries developed by the Irish company Cesanta. It includes functions for TCP and HTTP clients and servers, as well as WenSocket clients and servers. Versions of Cesanta Mongoose 7.20 and earlier contained a data manipulation vulnerability. This...

PT-2026-35159

A flaw has been found in Tenda HG10 HG7 HG9 HG10re 300001138 en xpon. This issue affects the function formRoute of the file /boaform/formRouting of the component Boa Service. This manipulation of the argument nextHop causes buffer overflow. It is possible to initiate the attack remotely. The...

PT-2026-35158

Name of the Vulnerable Software and Affected Versions PicoClaw versions prior to 0.2.5 Description A command injection flaw exists in the Web Launcher Management Plane component. A remote attacker can perform a manipulation via the '/api/gateway/restart' endpoint to execute arbitrary commands...

PT-2026-35157

A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This issue affects the function mg aes gcm decrypt of the file /src/tls aes128.c of the component GCM Authentication Tag Handler. Such manipulation leads to improper verification of cryptographic signature. The attack may ...

CVE-2026-31610

A flaw was found in ksmbd, a component of the Linux kernel. A remote, unauthenticated attacker could exploit a flaw in the SPNEGO Simple and Protected GSSAPI Negotiation Mechanism decode process. This could lead to a memory leak, potentially causing a Denial of Service DoS on the affected system...

EUVD-2026-25423

An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to cause a denial of service via the Client Balance component...

squid: Squid: Denial of Service via heap Use-After-Free vulnerability in ICP handling

A flaw was found in Squid. A remote attacker can exploit a heap Use-After-Free vulnerability when handling ICP Internet Cache Protocol traffic. This allows them to perform a reliable and repeatable Denial of Service DoS attack, making the Squid service unavailable. This attack is limited to...

CVE-2026-33102

Url redirection to untrusted site 'open redirect' in M365 Copilot allows an unauthorized attacker to elevate privileges over a network...

CVE-2026-41265

CVE-2026-41265 affects Flowise with the Airtable_Agents class, where the run method evaluates an LLM-generated Python script without proper sandboxing. This allows prompt-injection via chatflows to coax the LLM into returning a malicious Python script that executes attacker-controlled commands on...

GHSA-PQHX-W72W-M393 ntfy.sh allows a remote attacker to execute arbitrary code via the parseActions function

An issue in Ntfy ntfy.sh before v.2.22.0 allows a remote attacker to execute arbitrary code via the parseActions function...

CVE-2026-40879

A flaw was found in Nest, a framework for building scalable Node.js server-side applications. A remote attacker can exploit this vulnerability by sending numerous small, valid JSON JavaScript Object Notation messages within a single TCP Transmission Control Protocol frame. This action causes the...

CVE-2026-34276

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Group Replication Plugin. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker...

GHSA-H57C-V2V3-5V3V verl's math_equal() Vulnerable to Arbitrary Code Execution via Unsafe eval()

A vulnerability was identified in ByteDance verl up to 0.7.1. Affected is the function mathequal of the file primemath/grader.py. The manipulation leads to a sandbox issue. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be...

CVE-2026-6878

A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function mathequal of the file primemath/grader.py. The manipulation leads to sandbox issue. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be...