CVE-2026-44249

Netty CVE-2026-44249 details a subnet filter bypass in netty-handler due to an incorrect masking operation in IpSubnetFilterRule.compareTo(). Affected are Netty versions prior to 4.1.135.Final and 4.2.15.Final. An attacker could bypass IPv6 subnet restrictions, allowing valid public IPs to bypass...

EUVD-2026-33613

SOPlanning is vulnerable to Path Traversal in backup endpoints. Authenticated remote attacker is able to exploit a vulnerable endpoint and construct payloads that allow reading and executing files previously added through the backup functionality. Critically, due to CVE-2026-40543 Missing...

CVE-2026-33523 affecting package httpd for versions less than 2.4.67-1

CVE-2026-33523 affecting package httpd for versions less than 2.4.67-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-33893

A vulnerability has been identified in Teamcenter V2312 All versions V2312.0014, Teamcenter V2406 All versions V2406.0012, Teamcenter V2412 All versions V2412.0009, Teamcenter V2506 All versions V2506.0005, Teamcenter V2512 All versions. The affected application contains hardcoded key which is us...

PT-2026-35047

Name of the Vulnerable Software and Affected Versions Axios versions 1.0.0 through 1.15.0 Description The FormDataPart constructor in lib/helpers/formDataToStream.js interpolates the value.type property directly into the Content-Type header of each multipart part without sanitizing CRLF carriage...

Tinyauth 竞争条件问题漏洞

Tinyauth is an authentication and authorization server developed by Stavros personally. Versions of Tinyauth prior to 5.0.5 had a race condition vulnerability; this issue stemmed from race conditions in the OAuth service, which could lead to session hijacking...

EUVD-2026-15665

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skygroup Miti miti allows Reflected XSS.This issue affects Miti: from n/a through 1.5.3...

CVE-2025-13690 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to cause a denial of service condition due to improper input validation on webhook custom header names under...

Chamilo 代码问题漏洞

Chamilo is an open-source learning management system developed by Chamilo. Versions of Chamilo prior to 1.11.34 contained code vulnerabilities. These vulnerabilities stemmed from improper validation of uploaded files, which could allow low-privilege users who are authenticated to upload specially...

PT-2026-20255

Name of the Vulnerable Software and Affected Versions Dell Avamar versions prior to 19.12 with patch 338905 Description Dell Avamar contains an Improper Limitation of a Pathname to a Restricted Directory vulnerability, also known as a 'Path Traversal' issue, in the Security component. A...

Roundcube Webmail 安全漏洞

Roundcube Webmail is an open-source browser-based IMAP client developed by Roundcube. It supports address book management, information search, spelling checking, and more. Versions of Roundcube Webmail prior to 1.5.13, as well as versions 1.6 through 1.6.13, had security vulnerabilities. These...

Everest-core authorization issue vulnerability

Everest-core is a major component of the open-source electric vehicle charging software stack developed by EVerest. Versions of Everest-core prior to 2025.12.1 contained an authorization vulnerability. This vulnerability stemmed from the default configuration of...

PT-2026-2243

Name of the Vulnerable Software and Affected Versions Mailpit versions prior to 1.28.2 Description Mailpit, an email testing tool and API for developers, contains a Cross-Site WebSocket Hijacking CSWSH issue in its WebSocket server. The server, in versions prior to 1.28.2, does not validate the...

PT-2025-52613

Name of the Vulnerable Software and Affected Versions SeaCMS versions prior to 13.4 Description A flaw exists in SeaCMS that allows for SQL injection. The issue is located in an unknown function within the js/player/dmplayer/dmku/class/mysqli.class.php file. Manipulation of the page/limit argumen...

CVE-2025-11371 Gladinet CentreStack and TrioFox Local File Inclusion Flaw

In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild. This issue impacts Gladinet CentreStack and...

EUVD-2023-51894

Malicious code in bioql PyPI...

EUVD-2025-25452

Malicious code in bioql PyPI...

NewStart CGSL MAIN 6.06 : e2fsprogs Multiple Vulnerabilities (NS-SA-2025-0221)

The remote NewStart CGSL host, running version MAIN 6.06, has e2fsprogs packages installed that are affected by multiple vulnerabilities: - Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafte...

Linux Distros Unpatched Vulnerability : CVE-2022-31251

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm use...

GitLab Enterprise Edition（EE）和GitLab Community Edition（CE） 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab Enterprise Edition EE and GitLab Community...