PT-2026-40315

Pillow is a Python imaging library. From version 10.3.0 to before version 12.2.0, processing a malicious PSD file could lead to memory corruption, potentially resulting in a crash or arbitrary code execution. This issue has been patched in version 12.2.0...

DEBIAN-CVE-2026-35385

In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O legacy scp protocol and without -p preserve mode...

CVE-2026-35387

OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms...

CVE-2026-35387

OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms...

OpenSSH 安全漏洞

OpenSSH OpenBSD Secure Shell is a set of open-source tools developed by OpenBSD in Canada, designed for secure access to remote computers. This tool is an open-source implementation of the SSH protocol, supporting encryption of all transmissions. It effectively prevents eavesdropping, connection...

DoS (Denial of Service) glob-parent Dependency in Jira Software Data Center

This High severity DoS Denial of Service vulnerability was introduced in versions 9.15.2, 9.16.0, 9.17.0, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, and 11.2.0 of Jira Software Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector o...

CVE-2026-25537 jsonwebtoken has Type Confusion that leads to potential authorization bypass

jsonwebtoken is a JWT lib in rust. Prior to version 10.3.0, there is a Type Confusion vulnerability in jsonwebtoken, specifically, in its claim validation logic. When a standard claim such as nbf or exp is provided with an incorrect JSON type Like a String instead of a Number, the library’s...

DoS (Denial of Service) ansi-regex Dependency in Jira Software Data Center and Server

This High severity DoS Denial of Service vulnerability was introduced in version 9.15.2, 9.16.0, 9.17.0, 10.1.1, 10.3.13, 11.2.0 of Jira Software Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of code:java...

CVE-2025-63054

CVE-2025-63054 is a Missing Authorization issue in WordPress plugin Quiz And Survey Master (QSM) – Quiz Master Next. The vulnerability arises from incorrectly configured access control, enabling unauthorized access due to insufficient authorization checks. Affected software: Quiz And Survey Maste...

EUVD-2025-199821

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Apache SkyWalking. This issue affects Apache SkyWalking: = 10.2.0. Users are recommended to upgrade to version 10.3.0, which fixes the issue...

VulnCheck KEV: CVE-2025-1302

Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of eval='safe' mode. Note: This is caused by an incomplete fix for...

Ozeki SMS Gateway 安全漏洞

Ozeki SMS Gateway is an SMS gateway from Ozeki UK. A security vulnerability exists in Ozeki SMS Gateway version 10.3.208 and earlier, which stems from a path traversal issue that could lead to the disclosure of sensitive information...

CVE-2025-64216

CVE-2025-64216 is a Local File Inclusion vulnerability in WordPress theme SmartMag (versions

EUVD-2025-28135

Malicious code in bioql PyPI...

WordPress plugin YouTube Embed 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2024-5030 · Artifex +4 · Artifex Ghostscript +4

Name of the Vulnerable Software and Affected Versions: Artifex Ghostscript versions prior to 10.03.0 Description: The issue is related to a heap-based overflow when the PDFPassword parameter has a 000 byte in the middle, which can be exploited by a remote attacker to cause a denial of service...

Sitecore 代码问题漏洞

Sitecore is an online marketing content management system CMS from Sitecore, Denmark. The system supports content editing, multiple languages, multi-site deployment, digital asset management and more. A security vulnerability exists in Sitecore XP/XM version 10.3, which stems from the presence of...

SUSE CVE-2020-5968

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which the software does not restrict or incorrectly restricts operations within the boundaries of a resource that is accessed by using an index or pointer, such as memory or files, which may lead to code execution, denial ...

PT-2023-19046 · Microsoft +1 · Outlook +1

Name of the Vulnerable Software and Affected Versions: Axigen version 10.3.3.52 Description: A 2-Step Verification issue allows an attacker to access a mailbox by bypassing 2-Step Verification when trying to add an account to any third-party webmail service with IMAP or POP3 without any...

CVE-2022-2277

Improper Input Validation vulnerability exists in the Hitachi Energy MicroSCADA X SYS600's ICCP stack during the ICCP communication establishment causes a denial-of-service when ICCP of SYS600 is request to forward any data item updates with timestamps too distant in the future to any remote ICCP...