PT-2026-51002

Name of the Vulnerable Software and Affected Versions PhpWeasyPrint versions prior to 2.6.0 Description PhpWeasyPrint is a PHP library used for generating PDFs from HTML pages or URLs. The library fetches content of option values server-side using the file get contents function when a value is...

EUVD-2026-36305

FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. Prior to version 2.6.7, an attacker can upload a small, malicious PDF file that will cause the server-side script to crash due to memory exhaustion or a script...

CVE-2026-33273

Unrestricted upload of file with dangerous type issue exists in MATCHA INVOICE 2.6.6 and earlier. If this vulnerability is exploited, an arbitrary file may be created by an administrator of the product. As a result, arbitrary code may be executed on the server...

CVE-2026-45701

Sulu is an open-source PHP content management system based on the Symfony framework. Prior to versions 2.6.23 and 3.0.6, the password reset tokenand API key generation uses a weak cryptographical hash algorithm. This issue has been patched in versions 2.6.23 and 3.0.6...

EUVD-2026-33664

Sulu is an open-source PHP content management system based on the Symfony framework. Prior to versions 2.6.23 and 3.0.6, the password reset tokenand API key generation uses a weak cryptographical hash algorithm. This issue has been patched in versions 2.6.23 and 3.0.6...

CLEANSTART-2026-AD27625 Security fixes for CVE-2022-25881, CVE-2022-33987, CVE-2025-25285, CVE-2025-62718, CVE-2025-69873, CVE-2026-21637, CVE-2026-23745, CVE-2026-24842, CVE-2026-26960, CVE-2026-2950, CVE-2026-29786, CVE-2026-31802, CVE-2026-33036, CVE-2026-33349, CVE-2026-33750, CVE-2026-33916, CVE-2026-33937, CVE-2026-41650, CVE-2026-4800, CVE-2026-4923, CVE-2026-4926, ghsa-23c5-xmqv-rm74, ghsa-2qvq-rjwj-gvw9, ghsa-2w6w-674q-4c4q, ghsa-3mfm-83xf-c92r, ghsa-3p68-rc4w-qgx5, ghsa-3ppc-4f35-3m26, ghsa-3v7f-55p6-f55p, ghsa-442j-39wm-28r2, ghsa-48c2-rrv3-qjmp, ghsa-72xf-g2v4-qvf3, ghsa-7r86-cg39-jmmj, ghsa-7rx3-28cr-v5wh, ghsa-9cx6-37pm-9jff, ghsa-c2c7-rcm5-vvqj, ghsa-chqc-8p9q-pq6q, ghsa-f23m-r3pf-42rh, ghsa-f886-m6hf-6m8v, ghsa-gh4j-gqv2-49f6, ghsa-j3q9-mxjg-w52f, ghsa-pfrx-2q88-qq97, ghsa-r5fr-rjxr-66jc, ghsa-rc47-6667-2j5j, ghsa-rmvr-2pp2-xj38, ghsa-rp42-5vxx-qpwr, ghsa-w5hq-g745-h8pq, ghsa-xhpv-hc6g-r9c6, ghsa-xjpj-3mr7-gcpf applied in versions: 2.6.0-r1, 2.6.0-r2, 2.6.0-r3, 2.6.0-r4

Multiple security vulnerabilities affect the mongosh package. These issues are resolved in later releases. See references for individual vulnerability details...

PT-2026-41635

Name of the Vulnerable Software and Affected Versions Feeds for YouTube versions prior to 2.6.4 Description A missing capability check in the actions function allows users with subscriber privileges or higher to unauthorizedly modify or delete the plugin license key. Recommendations Update to...

Important: Red Hat Security Advisory: multicluster engine for Kubernetes v2.6.11 security update

The multicluster engine for Kubernetes 2.6 General Availability release images, which add new features and enhancements, bug fixes, and updated container images. The multicluster engine for Kubernetes v2.6 images The multicluster engine for Kubernetes provides the foundational components that are...

CVE-2026-44484

PyTorch Lightning PyPI package versions 2.6.2 and 2.6.3 have been compromised, introducing functionality consistent with a credential harvesting mechanism. This is reflected across CVE-2026-44484 and associated advisories (GHSA-w37p-236h-pfx3; OSV). The root cause is under investigation; affected...

PyTorch Lightning 安全漏洞

PyTorch Lightning is an open-source deep learning model pre-training and fine-tuning framework developed by Lightning AI. Version 2.6.2 and 2.6.2 of PyTorch Lightning contain security vulnerabilities, which stem from the introduction of features similar to those used in credential collection...

PyTorch Lightning load_from_checkpoint has an insecure checkpoint deserialization

PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability CWE-502 in the checkpoint loading mechanism. The LightningModule.loadfromcheckpoint method, which is commonly used to load saved model states, internally calls torch.load without setting the...

CVE-2026-43983 Pocket ID: OIDC refresh token flow bypasses authorization revocation, account disabling, and group restrictions

Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services. Prior to 2.6.0, The createTokenFromRefreshToken function oidcservice.go validates the refresh token's cryptographic integrity but does not re-validate the user's current authorization state befor...

CVE-2026-42286

Emlog is an open source website building system. Prior to version 2.6.11, missing CSRF protection in critical admin functions allows attackers to trick authenticated administrators into performing unauthorized actions like system registration, plugin management, and configuration changes. This...

PT-2026-40098

Null pointer dereference for some IntelR QAT software drivers for Windows before version 2.6.0 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result...

Intel QAT software drivers for Windows 输入验证错误漏洞

Intel QAT software drivers for Windows are a set of encryption and compression hardware acceleration drivers for the Windows platform developed by Intel Corporation. The version 2.6 of Intel QAT software drivers for Windows contained a vulnerability related to input validation errors. This...

CVE-2026-43968 CR Injection in SSE Encoder Enables Event Splitting via cow_sse:event/1

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in ninenines cowlib allows SSE event splitting and injection via unvalidated field values. cowsse:event/1 in cowlib guards the id and event fields against \n but not against bare \r, and the internal prefixlines/2 function...

CVE-2026-42286

The CVE-2026-42286 entry concerns Emlog, an open source website building system. Affected versions prior to 2.6.11 lack CSRF protection in critical admin functions, enabling an attacker to coerce authenticated admins into actions such as system registration, plugin management, and configuration c...

PT-2026-39203

Name of the Vulnerable Software and Affected Versions Emlog versions prior to 2.6.11 Description Direct SQL injection in article creation and update functions allows attackers to execute arbitrary SQL commands. This can lead to complete database compromise, data theft, or system destruction...

GHSA-W37P-236H-PFX3 Compromise of PyTorch Lightning PyPi Package Versions

Security Advisory: Compromise of PyTorch Lightning PyPI Package Versions Published: 2026-04-30 Last Updated: 2026-05-12 Github Advisory: CVE-2026-44484 We have identified a security incident affecting certain versions of one of our PyPI packages. What happened We have determined that one or more...

PT-2026-38407

Name of the Vulnerable Software and Affected Versions PyTorch Lightning versions 2.6.2 through 2.6.3 Description PyTorch Lightning, a deep learning framework used to pretrain and finetune AI models, contains compromised versions that include malicious code. This code introduces functionality...