openDCIM 安全漏洞

openDCIM is an open-source data center inventory management DCIM application. Version 23.04 of openDCIM contains a security vulnerability. This vulnerability stems from the lack of authorization checks in the install.php and container-install.php files, which may allow unauthorized application...

PT-2026-22319

The Simple Download Monitor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

PT-2026-22396

Name of the Vulnerable Software and Affected Versions Kiteworks versions prior to 9.2.0 Description Kiteworks Email Protection Gateway contains a flaw that allows authenticated administrators to inject malicious scripts through a configuration interface. These scripts execute when users interact...

PT-2026-22425

Name of the Vulnerable Software and Affected Versions openDCIM version 23.04 through commit 4467e9c4 Description The installer and upgrade handler expose LDAP configuration functionality without enforcing application role checks. This allows any authenticated user to access the functionality...

CLSA-2026-1771855894 python-virtualenv: Fix of CVE-2024-53899

CVE-2024-53899: Quote template strings in activation scripts...

CVE-2026-28279 `osctrl-admin` Vulnerable to OS Command Injection via Environment Configuration

osctrl is an osquery management solution. Prior to version 0.5.0, an OS command injection vulnerability exists in the osctrl-admin environment configuration. An authenticated administrator can inject arbitrary shell commands via the hostname parameter when creating or editing environments. These...

CVE-2026-28279

osctrl is an osquery management solution. Prior to version 0.5.0, an OS command injection vulnerability exists in the osctrl-admin environment configuration. An authenticated administrator can inject arbitrary shell commands via the hostname parameter when creating or editing environments. These...

RLSA-2026:3187 Important: grafana-pcp security update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: golang: net/url: Memory exhaustion in query parameter parsing in net/url...

CVE-2026-27510

CVE-2026-27510 affects Unitree Go2 firmware 1.1.7–1.1.11 with the Go2 Android app (com.unitree.doggo2). The issue is remote code execution due to missing integrity protection and validation of user-created programs. The Android app stores programs in a local SQLite database (unitree_go2.db, table...

Valkey: Valkey: Data tampering and denial of service via improper null character handling in Lua scripts

A flaw was found in Valkey, a distributed key-value database. A malicious user can exploit this vulnerability by using scripting commands to inject arbitrary information into the response stream. This is caused by improper handling of null characters in the error handling code for Lua scripts...

CVE-2026-27900 Terraform Provider Debug Logs Vulnerable to Sensitive Information Exposure

The Terraform Provider for Linode versions prior to v3.9.0 logged sensitive information including some passwords, StackScript content, and object storage data in debug logs without redaction. Provider debug logging is not enabled by default. This issue is exposed when debug/provider logs are...

Google Cloud Vertex AI Workbench 安全漏洞

Google Cloud Vertex AI Workbench is a cloud-based integrated development environment provided by Google, Inc. There is a security vulnerability in Google Cloud Vertex AI Workbench, which allows attackers to exploit the built-in startup scripts to steal valid Google Cloud access tokens from other...

CVE-2026-27613

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. A vulnerability in versions prior to 2.01 allows unauthenticated remote attackers to bypass the web server's CGI parameter security controls. Depending on the server configuration and the specific CGI executable in use, the impact i...

EUVD-2026-8720

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that under certain circumstances, could have allowed an unauthenticated user to inject arbitrary scripts into the Mermaid sandbox UI...

PT-2026-21993

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 16.2 through 18.7.4 GitLab CE/EE versions 18.8 through 18.8.4 GitLab CE/EE versions 18.9 through 18.9.0 Description A flaw exists in GitLab CE/EE that, under specific conditions, could allow an unauthenticated user to...

Drupal Canvas - Moderately critical - Server-side request forgery, Information disclosure - SA-CONTRIB-2026-017

This module enables you to easily theme and build an entire website using only their browser, without the need to write code beyond basic JSX and CSS. Content creators are able to compose content on any part of the page without relying on developers. The project has a hidden sub-module, Drupal...

ai-security-toolkit

...

CVE-2026-25603 Path Traversal vulnerability in Linksys MR9600, Linksys MX4200

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Linksys MR9600, Linksys MX4200 allows that contents of a USB drive partition can be mounted in an arbitrary location of the file system. This may result in the execution of shell scripts in the context o...

EUVD-2026-8446

Malicious scripts could cause desynchronization between the address bar and web content before a response is received in Firefox iOS, allowing attacker-controlled pages to be presented under spoofed domains. This vulnerability affects Firefox for iOS 147.4...

CVE-2026-2634

Malicious scripts could cause desynchronization between the address bar and web content before a response is received in Firefox iOS, allowing attacker-controlled pages to be presented under spoofed domains. This vulnerability was fixed in Firefox for iOS 147.4...