CVE-2026-7666

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2...

CVE-2026-24574

Cross-Site Request Forgery CSRF vulnerability in Recorp Export WP Page to Static HTML/CSS allows Cross Site Request Forgery. This issue affects Export WP Page to Static HTML/CSS: from n/a through 6.0.0...

UBUNTU-CVE-2026-41074

RT is an open source, enterprise-grade issue and ticket tracking system. Versions 6.0.0 through 6.0.2 contain a Cross-Site Request Forgery CSRF vulnerability. An attacker who can induce a logged-in RT user to visit a malicious web page can trigger arbitrary state-changing actions in RT on that...

EUVD-2026-31506

RT is an open source, enterprise-grade issue and ticket tracking system. Versions 6.0.0 through 6.0.2 contain a Cross-Site Request Forgery CSRF vulnerability. An attacker who can induce a logged-in RT user to visit a malicious web page can trigger arbitrary state-changing actions in RT on that...

CVE-2026-28751

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS...

CVE-2026-27648

in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps...

CVE-2026-25781

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS and it cannot be recovered...

CVE-2026-27781

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS...

EUVD-2026-30834

in OpenHarmony v6.0 and prior versions allow a local attacker arbitrary code execution...

CVE-2026-27766 multimedia_audio_framework has a Race Condition vulnerability

in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak...

CVE-2026-25850

in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak...

EUVD-2026-30831

in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak...

EUVD-2026-30832

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS and it cannot be recovered...

OpenHarmony 缓冲区错误漏洞

OpenHarmony is an open-source project for a Harmony operating system developed by the OpenAtom Foundation in China. Versions of OpenHarmony 6.0 and earlier contained a buffer error vulnerability. Attackers could exploit this vulnerability to cause denial-of-service attacks that were irreversible...

Revive Adserver: PHP code injection via unexpected delivery limitation parameter

A vulnerability was reported in Revive Adserver 6.0.6 and earlier versions where user input was not properly validated when saving delivery limitations. This allowed a low-privileged user to inject malicious PHP code into the compiledlimitations field, which could then be executed during banner...

CVE-2026-42444

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a denial-of-service vulnerability exists in the littlefs filesystem image parser in NanaZip. The handler's Open method reads BlockCount directly from the attacker-controlled superblock without any validation against the...

SUSE-SU-2026:21547-1 Security update for strongswan

This update for strongswan fixes the following issues: Update to version 6.0.6 jscPED-16145. Security issued fixed: - CVE-2026-35328: infinite loop when handling supported versions TLS extension bsc1261712. - CVE-2026-35329: NULL pointer dereference when processing padding in PKCS7 bsc1261717. -...

CVE-2026-40323

SP1 is a zero‑knowledge virtual machine that proves the correct execution of programs compiled for the RISC-V architecture. In versions 6.0.0 through 6.0.2, a soundness vulnerability in the SP1 V6 recursive shard verifier allows a malicious prover to construct a recursive proof from a shard proof...

CVE-2026-32272

Craft Commerce is an ecommerce platform for Craft CMS. In versions 5.0.0 through 5.5.4, an SQL injection vulnerability exists where the ProductQuery::hasVariant and VariantQuery::hasProduct properties bypass the input sanitization blocklist added to ElementIndexesController in a prior security fi...

DEBIAN-CVE-2026-4277

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged POST data in GenericInlineModelAdmin. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...