CVE-2026-40295

CVE-2026-40295 affects Devise (Rails/Warden) where FailureApp#redirect_url returns request.referrer for non-GET timeouts, enabling open redirects to attacker-controlled URLs. This occurs in Devise 5.0.3 and earlier and can cause phishing or malware delivery by redirecting expired-session users to...

EUVD-2026-31269

Request Tracker is vulnerable to a reflected cross-site scripting XSS vulnerability via the "Page" parameter in GET requests. An attacker can craft a URL that, when opened, results in arbitrary JavaScript execution in the victim’s browser. This vulnerability affects versions from 5.0.4 up to 5.0....

CVE-2026-6841

Request Tracker is vulnerable to a reflected cross-site scripting XSS vulnerability via the "Page" parameter in GET requests. An attacker can craft a URL that, when opened, results in arbitrary JavaScript execution in the victim’s browser. This vulnerability affects versions from 5.0.4 up to 5.0....

[SECURITY] Fedora 43 Update: pdns-5.0.4-1.fc43

The PowerDNS Nameserver is a modern, advanced and high performance authoritative-only name server. It is written from scratch and conforms to all relevant DNS standards documents. Furthermore, PowerDNS interfaces with almost any database...

Fedora 44 : pdns (2026-f416c4ba87)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-f416c4ba87 advisory. - Update to 5.0.4 Release notes: https://doc.powerdns.com/authoritative/changelog/5.0.htmlchange-5.0.4 Security advisory:...

EUVD-2026-23486

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the xdrstatusvector function does not handle the iscargcstring type when decoding an opresponse packet, causing a server crash when one is encountered in the status vector. An...

CVE-2026-28224

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when the server receives an opcryptkeycallback packet without prior authentication, the portservercryptcallback handler is not initialized, resulting in a null pointer dereference and...

PT-2026-33483

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the xdr status vector function does not handle the isc arg cstring type when decoding an op response packet, causing a server crash when one is encountered in the status vector. An...

Firebird 安全漏洞

Firebird is a set of open-source, cross-platform relational database management systems provided by the Firebird Foundation, which include multiple ANSI SQL-92 functions. Vulnerabilities exist in versions prior to Firebird 5.0.4, 4.0.7, and 3.0.14. These vulnerabilities stem from the Wide type...

Firebird 安全漏洞

Firebird is a set of open-source, cross-platform relational database management systems provided by the Firebird Foundation, offering multiple ANSI SQL-92 features. Vulnerabilities exist in versions prior to Firebird 5.0.4, 4.0.7, and 3.0.14. These vulnerabilities stem from the lack of validation...

CVE-2026-40191

Summary: CVE-2026-40191 affects ClearanceKit on macOS, where the Endpoint Security event handler prior to 5.0.4-beta-1f46165 only validated the source path of dual-path file operations against FAA rules and App Jail policies, ignoring the destination path. As a result, a local process could bypas...

CVE-2026-40191 ClearanceKit has a policy bypass via dual-path Endpoint Security events checking only source path

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.4-beta-1f46165, ClearanceKit's Endpoint Security event handler only checked the source path of dual-path file operations against File Access Authorization FAA rules and App Jail...

CVE-2024-32537

Cross-Site request forgery CSRF vulnerability in joshuae1974 Flash Video Player allows Cross Site Request Forgery.This issue affects Flash Video Player: from n/a through 5.0.4...

CVE-2024-32537

Cross-Site request forgery CSRF vulnerability in joshuae1974 Flash Video Player allows Cross Site Request Forgery.This issue affects Flash Video Player: from n/a through 5.0.4...

Fortinet FortiSandbox Cloud OS Command Injection Vulnerability

Fortinet FortiSandbox Cloud is a malware sandbox analysis platform from US-based Fiat Fortinet. Fortinet FortiSandbox Cloud version 5.0.4 suffers from an OS command injection vulnerability. The vulnerability stems from improper neutralization of special elements in os commands and can be exploite...

Fortinet FortiSandbox Cloud 操作系统命令注入漏洞

Fortinet FortiSandbox Cloud is a malware sandbox analysis platform from US-based Fiat Fortinet. Fortinet FortiSandbox Cloud version 5.0.4 suffers from an OS command injection vulnerability. The vulnerability stems from improper neutralization of special elements in os commands and can be exploite...

CVE-2025-48723 Qsync Central

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 2026/01/20 and...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003797)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003797 advisory. An issue was discovered in the Linux kernel before 5.0.4. The 9p filesystem did not protect isizewrite properly, which causes an isizeread infinite loop and denial o...

CVE-2025-14390

Summary: The WordPress Video Merchant plugin (versions

CVE-2025-66083 WordPress WpEvently plugin <= 5.0.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in magepeopleteam WpEvently mage-eventpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpEvently: from n/a through = 5.0.4...