CVE-2026-24792

OpenHarmony vulnerability CVE-2026-24792 affects OpenHarmony v6.0 and earlier, involving a race condition in web_webview that allows a remote attacker to achieve arbitrary code execution in pre-installed apps. The description does not specify the exact root cause details, affected files/functions...

EUVD-2026-30826

in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps...

CVE-2026-24792 web_webview has a Race Condition vulnerability

in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps...

CVE-2026-24792

in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps...

CVE-2026-33233 AutoGPT Platform: Remote Code Execution via Unsafe Pickle Deserialization of Redis Cache Entries

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.6.34 through 0.6.51, the backend deserializes Redis cache bytes using pickle.loads without integrity/authenticity checks. The write path serializes values with...

CVE-2026-33233 AutoGPT Platform: Remote Code Execution via Unsafe Pickle Deserialization of Redis Cache Entries

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.6.34 through 0.6.51, the backend deserializes Redis cache bytes using pickle.loads without integrity/authenticity checks. The write path serializes values with...

CVE-2026-33233

CVE-2026-33233 affects AutoGPT Platform: older releases (0.6.34–0.6.51) deserialize Redis cache bytes with pickle.loads without integrity checks, while writes use pickle.dumps into Redis. The read path blindly calls pickle.loads on bytes with no HMAC/signature or strict schema validation. An atta...

Jaspersoft Reports Library 代码问题漏洞

Jaspersoft Reports Library is a Java report engine developed by Jaspersoft Corporation in the United States. It can generate reports in various formats such as PDF, HTML, Excel, and Word. There is a code vulnerability in Jaspersoft Reports Library, which stems from a Java deserialization issue...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. In versions prior to 148.0.7778.179, there was a resource management vulnerability that stemmed from the reuse of XR objects after their release. This vulnerability could allow remote attackers to execute arbitrary code through a specially...

Sparx Systems Sparx Pro Cloud Server 竞争条件问题漏洞

Sparx Pro Cloud Server is a modeling and service platform developed by Sparx Systems in Australia. It supports remote access to model repositories and collaborative management. Versions of Sparx Pro Cloud Server prior to version 6.1 contained a race condition vulnerability. This vulnerability...

WordPress plugin Piotnet Forms 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There we...

WordPress plugin Piotnet Addons for Elementor Pro 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

PT-2026-41895

Name of the Vulnerable Software and Affected Versions Sparx Pro Cloud Server versions 6.1 build 167 and earlier Description A race condition exists in the '/data api/dl internal artifact.php' endpoint. The application downloads object properties based on the guid parameter and saves the content i...

PT-2026-41969

Name of the Vulnerable Software and Affected Versions Algernon version 1.17.6 Description An issue exists where the software performs an unbounded upward search for a file named handler.lua when a request is made for a URL path that resolves to a directory without an index file. This search can...

PT-2026-41898

Name of the Vulnerable Software and Affected Versions Apache Camel affected versions not specified Description An unauthenticated attacker can perform message header injection due to missing inbound filtering in the CxfRsHeaderFilterStrategy and Knative HeaderFilterStrategy implementations. This...

PT-2026-41840

Name of the Vulnerable Software and Affected Versions Piotnet Addons for Elementor Pro versions prior to 7.1.71 Description Missing file type validation in the pafe ajax form builder function allows unauthenticated attackers to upload arbitrary files to the server. The plugin employs an incomplet...

PT-2026-41987

Name of the Vulnerable Software and Affected Versions Jaspersoft Reports Library affected versions not specified Description A Java deserialization issue exists in the Jaspersoft Reports Library. This flaw can lead to Remote Code Execution RCE, which is a type of attack where an attacker can...

PT-2026-42024

Trilium Notes is an open-source, cross-platform hierarchical note taking application for building large personal knowledge bases. Versions 0.102.1 and prior are vulnerable to Local File Inclusion, allowing an authenticated attacker to read sensitive arbitrary files from the server's filesystem. T...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. In versions prior to 148.0.7778.179, there was a resource management vulnerability that stemmed from the reuse of GPU resources after they were released. This vulnerability could allow remote attackers to execute arbitrary code within a...

Scalar 安全漏洞

Scalar is an interactive API documentation and testing tool developed by Scalar OpenSource. Version 0.1.13 of Scalar contains a security vulnerability. This vulnerability stems from an arbitrary file upload vulnerability in the scalarurl query parameter of the Scalar Proxy endpoint, which could...