CVE-2026-10205 Metasoft 美特软件 MetaCRM upload.jsp unrestricted upload

A security vulnerability has been detected in Metasoft 美特软件 MetaCRM 6.4.0. The impacted element is an unknown function of the file develop/systparam/softlogo/upload.jsp. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed publicly an...

CVE-2026-49102

Webmin versions prior to 2.640 are affected by CVE-2026-49102. The issue is an XSS in the mailboxes/detach.cgi component triggered by viewing an SVG document attachment, caused by using image/svg+xml instead of a safe type (e.g., text/plain). Impact is potential cross-site scripting within the ma...

SUSE-SU-2026:1691-1 Security update for the Linux Kernel RT (Live Patch 8 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise kernel 6.4.0-150700.7.28 fixes various security issues The following security issues were fixed: - CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in etsqdiscchange bsc1258005. - CVE-2026-23004: dst: fix races in...

CVE-2026-6629 Metasoft 美特软件 MetaCRM Interface sql.jsp Statement.executeUpdate sql injection

A vulnerability has been found in Metasoft 美特软件 MetaCRM up to 6.4.0. This vulnerability affects the function Statement.executeUpdate of the file sql.jsp of the component Interface. Such manipulation of the argument sql leads to sql injection. The attack can be launched remotely. The exploit has...

PT-2026-28649

Name of the Vulnerable Software and Affected Versions plank/laravel-mediable versions through 6.4.0 Description The software is susceptible to arbitrary file upload when it accepts or prefers a client-supplied MIME type during file upload handling. An attacker can submit a file containing...

Laravel-Mediable 安全漏洞

Laravel-Mediable is a Laravel media file management package developed by Plank. Versions of Laravel-Mediable 6.4.0 and earlier contain security vulnerabilities. These vulnerabilities stem from the application accepting or favoring the MIME types provided by the client when processing file uploads...

CVE-2026-28423

Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.11 and 6.4.0, when Glide image manipulation is used in insecure mode which is not the default, the image proxy can be abused by an unauthenticated user to make the server send HTTP requests to arbitrary...

CVE-2026-27939

Statmatic is a Laravel and Git powered content management system CMS. Starting in version 6.0.0 and prior to version 6.4.0, Authenticated Control Panel users may under certain conditions obtain elevated privileges without completing the intended verification step. This can allow access to sensiti...

GHSA-RW9X-PXQX-Q789 Statamic allows Authenticated Control Panel users to escalate privileges via elevated session bypass

Impact Authenticated Control Panel users may under certain conditions obtain elevated privileges without completing the intended verification step. This can allow access to sensitive operations and, depending on the user’s existing permissions, may lead to privilege escalation. Patches This has...

PT-2026-22406

Name of the Vulnerable Software and Affected Versions Statmatic versions 6.0.0 through 6.3.9 Description Statmatic is a Laravel and Git powered content management system CMS. Authenticated Control Panel users may, under certain conditions, obtain elevated privileges without completing the intende...

CVE-2025-14510

Incorrect Implementation of Authentication Algorithm vulnerability in ABB ABB Ability OPTIMAX.This issue affects ABB Ability OPTIMAX: 6.1, 6.2, from 6.3.0 before 6.3.1-251120, from 6.4.0 before 6.4.1-251120...

CVE-2025-14510

Incorrect Implementation of Authentication Algorithm vulnerability in ABB ABB Ability OPTIMAX.This issue affects ABB Ability OPTIMAX: 6.1, 6.2, from 6.3.0 before 6.3.1-251120, from 6.4.0 before 6.4.1-251120...

CVE-2025-14510 ABB Ability OPTIMAX Authentication Bypass in Single-Sign On

Incorrect Implementation of Authentication Algorithm vulnerability in ABB ABB Ability OPTIMAX.This issue affects ABB Ability OPTIMAX: 6.1, 6.2, from 6.3.0 before 6.3.1-251120, from 6.4.0 before 6.4.1-251120...

CVE-2025-14510

CVE-2025-14510 affects ABB Ability OPTIMAX: 6.1, 6.2, and 6.3.0 before 6.3.1-251120, 6.4.0 before 6.4.1-251120. Root cause: incorrect implementation of the authentication algorithm, described as an authentication bypass in single sign-on. Administrative/impact details are not expanded beyond the ...

CVE-2025-67876 ChurchCRM has Stored XSS in Group Role Name Leading to Admin Session Hijacking

ChurchCRM is an open-source church management system. A stored cross-site scripting XSS vulnerability exists in ChurchCRM versions 6.4.0 and prior that allows a low-privilege user with the “Manage Groups” permission to inject persistent JavaScript into group role names. The payload is saved in th...

Linux Distros Unpatched Vulnerability : CVE-2025-66019

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to version 6.4.0, an attacker who uses this vulnerability can craft a PDF which leads to a memory...

pypdf 安全漏洞

pypdf is py-pdf open source a free open source pure python PDF library . It is able to split, merge, crop and convert pages of a PDF file. pypdf versions prior to 6.4.0 has a security vulnerability , the vulnerability stems from the LZWDecode filter parsing PDF content streams may lead to excessi...

CVE-2025-66019

pypdf is a free and open-source pure-python PDF library. Prior to version 6.4.0, an attacker who uses this vulnerability can craft a PDF which leads to a memory usage of up to 1 GB per stream. This requires parsing the content stream of a page using the LZWDecode filter. This issue has been patch...

CVE-2025-66019 pypdf manipulated LZWDecode streams can exhaust RAM

pypdf is a free and open-source pure-python PDF library. Prior to version 6.4.0, an attacker who uses this vulnerability can craft a PDF which leads to a memory usage of up to 1 GB per stream. This requires parsing the content stream of a page using the LZWDecode filter. This issue has been patch...

SUSE SLES15 Security Update : kernel (Live Patch 11 for SLE 15 SP6) (SUSE-SU-2025:3755-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:3755-1 advisory. This update for the Linux Kernel 6.4.0-1506002350 fixes several issues. The following security issues were fixed: - CVE-2025-38678: netfilter:...