CVE-2026-43859

Mutt vulnerability CVE-2026-43859 affects mutt before 2.3.2, where IMAP auth_cram MD5 digest computation may use strfcpy instead of memcpy. Root cause is choosing the wrong string copy function in the digest pathway. Impact (per CVSS 3.1) is Confidentiality: None, Integrity: Low, Availability: No...

CVE-2026-33152 Tandoor Recipes Vulnerable to Unrestricted Brute-Force via BasicAuthentication

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, Tandoor Recipes configures Django REST Framework with BasicAuthentication as one of the default authentication backends. The AllAuth rate limiting configuration...

CVE-2026-32515 WordPress Miraculous theme < 2.1.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in kamleshyadav Miraculous miraculous allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Miraculous: from n/a through 2.1.2...

CVE-2026-32489 WordPress B Blocks plugin < 2.0.30 - Broken Access Control vulnerability

Missing Authorization vulnerability in bPlugins B Blocks b-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects B Blocks: from n/a through 2.0.30...

CVE-2026-1632

MOMA Seismic Station Version v2.4.2520 and prior exposes its web management interface without requiring authentication, which could allow an unauthenticated attacker to modify configuration settings, acquire device data or remotely reset the device...

CVE-2026-24368 WordPress The Grid plugin < 2.8.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Grid: from n/a through 2.8.0...

AZL-74636 CVE-2026-0861 affecting package glibc for versions less than 2.35-9

Passing too large an alignment to the memalign suite of functions memalign, posixmemalign, alignedalloc in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size a...

GHSA-V492-6XX2-P57G Chainlit contains an authorization bypass vulnerability

Chainlit versions prior to 2.8.5 contain an authorization bypass through user-controlled key vulnerability. If this vulnerability is exploited, threads may be viewed or thread ownership may be obtained by an attacker who can log in to the product...

CVE-2023-4829

Cross-site Scripting XSS - Stored in GitHub repository froxlor/froxlor prior to 2.0.22...

PT-2025-50909

Name of the Vulnerable Software and Affected Versions Simcenter Femap versions prior to 2512 Description An uninitialized memory issue exists in Simcenter Femap. The application is affected when processing specially crafted SLDPRT files, potentially allowing an attacker to execute code within the...

FileRise 跨站脚本漏洞

FileRise is a lightweight, self-hosted web-based file manager by Ryan Personal Developer. A cross-site scripting vulnerability exists in FileRise versions prior to 2.2.3, which stems from improper handling of SVG files and could lead to stored cross-site scripting...

CVE-2025-32446

Summary: CVE-2025-32446 affects Intel QuickAssist Technology (QAT) software prior to version 2.6.0. An untrusted pointer dereference in Ring 3 (User Applications) could allow an attacker with local access and an authenticated, low‑complexity user to escalate privileges and potentially manipulate ...

EUVD-2021-11725

Malware in sbrugna...

EUVD-2023-43737

Malicious code in bioql PyPI...

CVE-2025-41092

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to time records details using unauthorised internal identifiers...

CVE-2025-41091 Insecure Direct Object Reference in GPS BOLD Workplanner

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to calendar details using unauthorised internal identifiers...

CVE-2025-9844

CVE-2025-9844 (Salesforce CLI on Windows) Affected software: Salesforce CLI (Salesforce) on Windows.Root cause: Uncontrolled Search Path Element that can lead to replacement of a trusted executable.Impact: Potential code execution through replacing a trusted executable; CVSS v3.1 base score 8.8 (...

CVE-2025-58450 pREST has Systemic SQL Injection Vulnerability

pREST PostgreSQL REST, is an API that delivers an application on top of a Postgres database. SQL injection is possible in versions prior to 2.0.0-rc3. The validation present in versions prior to 2.0.0-rc3 does not provide adequate protection from injection attempts. Version 2.0.0-rc3 contains a...

CVE-2025-7361

A code injection vulnerability due to an improper initialization check exists in NI LabVIEW that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI using a CIN node. This vulnerability affects 32-bit NI LabVIEW 2025 Q1...

CVE-2021-24341

When deleting a date in the Xllentech English Islamic Calendar WordPress plugin before 2.6.8, the yearnumber and monthnumber POST parameters are not sanitised, escaped or validated before being used in a SQL statement, leading to SQL injection...