CVE-2024-41799

tgstation-server is a production scale tool for BYOND server management. Prior to 6.8.0, low permission users using the "Set .dme Path" privilege could potentially set malicious .dme files existing on the host machine to be compiled and executed. These .dme files could be uploaded via...

PT-2026-1884

Name of the Vulnerable Software and Affected Versions Area9 Rhapsode version 1.47.3 Description Area9 Rhapsode version 1.47.3 is susceptible to SQL Injection through multiple API endpoints accessible to authenticated users. Insufficient input validation allows remote attackers to inject arbitrary...

CVE-2026-21639

A malicious actor in Wi-Fi range of the affected product could leverage a vulnerability in the airMAX Wireless Protocol to achieve a remote code execution RCE within the affected product. Affected Products: airMAX AC Version 8.7.20 and earlier airMAX M Version 6.3.22 and earlier airFiber AF60-XG...

CVE-2026-21639

Summary (CVE-2026-21639) A remote code execution vulnerability exists in multiple Ubiquiti airMAX/airFiber devices due to a flaw in the airMAX Wireless Protocol. Affected products and versions: airMAX AC ≤ 8.7.20, airMAX M ≤ 6.3.22, airFiber AF60-XG ≤ 1.2.2, and airFiber AF60 ≤ 2.6.7. The issue c...

CVE-2025-1003

A potential vulnerability has been identified in HP Anyware Agent for Linux which might allow for authentication bypass which may result in escalation of privilege. HP is releasing a software update to mitigate this potential vulnerability...

CVE-2022-27595

An insecure library loading vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local attackers who have gained user access to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QVPN Windo...

PT-2026-2086

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.2 Description iccDEV is a set of libraries and tools for interacting with International Color Consortium ICC color management profiles. A Type Confusion issue exists in the CIccProfileXml::ParseBasic function...

PT-2026-1939

Name of the Vulnerable Software and Affected Versions pnpm versions 6.25.0 through 10.26.2 Description pnpm is a package manager susceptible to a Command Injection issue when utilizing environment variable substitution within .npmrc configuration files, specifically with tokenHelper settings...

PT-2026-1600

Name of the Vulnerable Software and Affected Versions WP Enable WebP versions up to and including 1.0 Description The WP Enable WebP plugin for WordPress has a flaw allowing unauthorized file uploads. This is due to insufficient file type validation within the wpse file and ext webp function...

PT-2026-1622

Name of the Vulnerable Software and Affected Versions Viitor Button Shortcodes plugin for WordPress versions up to and including 3.0.0 Description The Viitor Button Shortcodes plugin for WordPress is susceptible to Stored Cross-Site Scripting through the link shortcode attribute. Insufficient inp...

PT-2026-2070

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.2 Description iccDEV is a set of libraries and tools used for interacting with, manipulating, and applying ICC color management profiles. A heap buffer overflow exists in the ToneMap parser in versions prior to...

Important: amazon-ecr-credential-helper

Issue Overview: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not...

Debian dla-4433 : ruby-rmagick - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4433 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-4433-1 [email protected] https://www.debian.org/lts/security/...

PT-2026-1295

Name of the Vulnerable Software and Affected Versions Tumult Hype Animations versions through 1.9.11 Description A flaw exists in Tumult Hype Animations that allows for DOM-Based Cross-site Scripting XSS. This issue is due to improper neutralization of input during web page generation. The...

CVE-2026-21437 eopkg vulnerable to package file list integrity bypass

eopkg is a Solus package manager implemented in python3. In versions prior to 4.4.0, a malicious package could include files that are not tracked by eopkg. This requires the installation of a package from a malicious or compromised source. Files in such packages would not be shown by lseopkg and...

CVE-2025-69204

CVE-2025-69204 (ImageMagick) : In ImageMagick prior to 7.1.2-12, the WriteSVGImage function used an int to store number_attributes, which caused an integer overflow and a subsequent buffer overflow, enabling a DoS. Affected product/version: ImageMagick before 7.1.2-12. Impact per the description:...

PT-2025-53897

Name of the Vulnerable Software and Affected Versions averta Shortcodes and extra features for Phlox theme auxin-elements versions through 2.17.12 Description An authorization issue exists in averta Shortcodes and extra features for Phlox theme auxin-elements, allowing exploitation due to...

[SECURITY] Fedora 42 Update: gdu-5.32.0-1.fc42

Fast disk usage analyzer with console interface written in Go...

PT-2025-53647

Name of the Vulnerable Software and Affected Versions ZSPACE Z4Pro+ version 1.0.0440024 Description A flaw exists in ZSPACE Z4Pro+ that allows for command injection. The issue is located within the zfilev2 api open function, accessible through the /v2/file/safe/open endpoint of the HTTP POST...

CVE-2025-67450

CVE-2025-67450 affects Eaton UPS Companion software due to insecure library loading in the executable. An attacker with access to the software package could perform arbitrary code execution (Local, High impact). The issue is fixed in the latest Eaton EUC version available from the Eaton download ...