PT-2026-32191

Name of the Vulnerable Software and Affected Versions Tenda F451 version 1.0.0.7 cn svn7958 Description A remote stack-based buffer overflow exists in the fromSafeUrlFilter function within the /goform/SafeUrlFilter file. This issue occurs when the page argument is manipulated, allowing an attacke...

PT-2026-32186

Name of the Vulnerable Software and Affected Versions zhatujie chatgpt-on-wechat CowAgent versions up to 2.0.4 Description A flaw exists in the Agent Mode Service component of zhayujie chatgpt-on-wechat CowAgent up to version 2.0.4, allowing for missing authentication. This issue can be exploited...

PT-2026-32153

A vulnerability was detected in Tenda F451 1.0.0.7. Affected is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. The manipulation of the argument page results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public a...

PT-2026-32129

A vulnerability was found in 1Panel-dev MaxKB up to 2.6.1. The affected element is the function execute of the file apps/application/flow/step node/mcp node/impl/base mcp node.py of the component Model Context Protocol Node. Performing a manipulation results in os command injection. The attack is...

PT-2026-32144

Name of the Vulnerable Software and Affected Versions FoundationAgents MetaGPT versions up to 0.8.1 Description A security flaw exists in FoundationAgents MetaGPT versions up to 0.8.1. The decode image function within the metagpt/utils/common.py file is susceptible to server-side request forgery...

PT-2026-32156

A vulnerability was found in Tenda F451 1.0.0.7. This affects the function fromAddressNat of the file /goform/addressNat of the component httpd. Performing a manipulation of the argument entrys results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has...

PT-2026-32193

Name of the Vulnerable Software and Affected Versions Tenda F451 version 1.0.0.7 cn svn7958 Description A remote stack-based buffer overflow exists in the fromSetIpBind function within the /goform/SetIpBind file. This issue occurs when the page argument is manipulated. A stack-based buffer overfl...

PT-2026-32188

Name of the Vulnerable Software and Affected Versions chatboxai chatbox versions up to 1.20.0 Description A flaw exists in the StdioClientTransport function within the src/main/mcp/ipc-stdio-transport.ts file of the Model Context Protocol Server Management System component. Manipulation of the...

PT-2026-32151

A vulnerability was identified in AstrBotDevs AstrBot up to 4.22.1. The affected element is the function post data.get of the component API Endpoint. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The exploit is publicly available and might be use...

PT-2026-32194

Name of the Vulnerable Software and Affected Versions Tenda F451 version 1.0.0.7 cn svn7958 Description A stack-based buffer overflow can be triggered remotely via the frmL7ImForm function within the '/goform/L7Im' file. This issue occurs through the manipulation of the page argument...

PT-2026-32149

A vulnerability was found in AstrBotDevs AstrBot up to 4.22.1. This issue affects the function install plugin upload of the file astrbot/dashboard/routes/plugin.py of the component install-upload Endpoint. The manipulation of the argument File results in sandbox issue. The attack can be executed...

CVE-2026-6105

A security vulnerability has been detected in perfree go-fastdfs-web up to 1.3.7. This affects an unknown part of the file src/main/java/com/perfree/controller/InstallController.java of the component doInstall Interface. The manipulation leads to improper authorization. The attack may be initiate...

CVE-2026-6106 1Panel-dev MaxKB Public Chat static_headers_middleware.py StaticHeadersMiddleware cross site scripting

A vulnerability was detected in 1Panel-dev MaxKB up to 2.2.1. This vulnerability affects the function StaticHeadersMiddleware of the file apps/common/middleware/staticheadersmiddleware.py of the component Public Chat Interface. The manipulation of the argument Name results in cross site scripting...

CVE-2026-6106

CVE-2026-6106 affects 1Panel-dev MaxKB

CVE-2026-6105

A security vulnerability has been detected in perfree go-fastdfs-web up to 1.3.7. This affects an unknown part of the file src/main/java/com/perfree/controller/InstallController.java of the component doInstall Interface. The manipulation leads to improper authorization. The attack may be initiate...

CVE-2026-6105 perfree go-fastdfs-web doInstall InstallController.java improper authorization

A security vulnerability has been detected in perfree go-fastdfs-web up to 1.3.7. This affects an unknown part of the file src/main/java/com/perfree/controller/InstallController.java of the component doInstall Interface. The manipulation leads to improper authorization. The attack may be initiate...

CVE-2026-6105 perfree go-fastdfs-web doInstall InstallController.java improper authorization

A security vulnerability has been detected in perfree go-fastdfs-web up to 1.3.7. This affects an unknown part of the file src/main/java/com/perfree/controller/InstallController.java of the component doInstall Interface. The manipulation leads to improper authorization. The attack may be initiate...

OESA-2026-1895 gdk-pixbuf2 security update

gdk is written in C but has been designed from the ground up to support a wide range of languages. It provide a complete set of widgets,and suitable for projects ranging from small one-off tools to complete application suites. Security Fixes: A flaw was found in the gdk-pixbuf library. This...

CVE-2026-5802

A vulnerability was identified in idachev mcp-javadc up to 1.2.4. Impacted is an unknown function of the component HTTP Interface. Such manipulation of the argument jarFilePath leads to os command injection. It is possible to launch the attack remotely. The exploit is publicly available and might...

CVE-2026-3691

The CVE-2026-3691 entry describes an information disclosure in the OpenClaw Client PKCE verifier within OAuth flows. Affected component is the OpenClaw client’s OAuth authorization implementation, where sensitive data is exposed in the authorization URL query string. This permits remote disclosur...