CVE-2026-32685

Path traversal vulnerability in Gleam's handling of custom documentation pages allows arbitrary file read and file write outside the intended documentation output directory. The documentation.pages entries from gleam.toml are incorporated into filesystem paths without sufficient validation or...

NextCloud Access Control Vulnerability

Nextcloud is an open-source, self-hosted communication platform for file synchronization and sharing developed by the German company Nextcloud. In versions 1.3.6 to 8.4.0, there was a vulnerability related to access control. This vulnerability stemmed from improper checks, allowing users...

EUVD-2026-33229

An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users. This issue affects TFA Basic Plugins: from 7.x-1.0 through 7.x-1.2...

PT-2026-42579

Name of the Vulnerable Software and Affected Versions Simple Hierarchical Select SHS for Drupal 7 versions 7.x-1.0 through 7.x-1.10 Description Cross-site scripting risk exists due to improper output escaping of term-derived text. Malicious taxonomy term names can be rendered unsafely depending o...

CVE-2026-5950

The CVE-2026-5950 issue affects BIND 9 resolver logic, with an unbounded resend loop in the bad-server handling path of the state machine. This leads to remote, unauthenticated attackers exhausting resources by issuing queries that trigger specific retry conditions. Affected series include BIND 9...

CVE-2026-1322 Business Logic Errors in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.0 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with a readapi scoped OAuth application to create issues and add comments to issues in private projects due t...

Valtimo 日志信息泄露漏洞

Valtimo is an open-source low-code platform for business process automation developed by Valtimo in the Netherlands. Versions 12.4.0 to 12.33.0 and 13.26.0 of Valtimo have a vulnerability related to log information leakage. This vulnerability stems from the LoggingRestClientCustomizer automatical...

CVE-2025-29338

NXP moal.ko Wi-Fi driver 5.1.7.10 FW version from v17.92.1.p149.43 To v17.92.1.p149.157 was discovered to contain a buffer overflow via the modpara parameter in the woalinitmoduleparam function...

@0l00000l/auth (>=1.0.0 <=1.0.8), @0xchain/telemetry (>=1.1.0-beta.8 <=1.1.0-beta.18) +990 more potentially affected by CVE-2026-44288 via protobufjs (>=8.0.0 <=8.0.1)

protobufjs NPM version =8.0.0, =1.0.0, =1.1.0-beta.8, =0.8.0, =1.0.0, =1.1.4, =2.1.4, =0.3.1, =0.3.1, =0.7.1, =0.9.0 - @access-mcp/software-discovery =0.8.0 and more Source cves: CVE-2026-44288 Source advisory: SNYK:JS-PROTOBUFJS-16643234...

@ardeora/start-devtools (>=1.0.0 <=1.0.1), @brendonovich/solidjs__start (>=0.0.0 <=0.0.3) +39 more potentially affected by unknown CVE via @tanstack/router-utils (>=1.121.0-alpha.28 <=1.158.0)

@tanstack/router-utils NPM version =1.121.0-alpha.28, =1.0.0, =0.0.0, =1.0.0, =1.0.11, =0.1.0, =1.1.0, =1.121.0-alpha.28, =1.20.3-alpha.1, =1.111.10, =1.20.3-alpha.1, =1.111.10, =1.111.10, =1.121.0-alpha.28, =1.161.3 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-3479...

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +3427 more potentially affected by CVE-2026-42587 via io.netty:netty-codec-compression (>=4.2.0.Alpha3 <=4.2.12.Final)

io.netty:netty-codec-compression MAVEN version =4.2.0.Alpha3, =0.1.0, =0.1.0, =4.7.4, =4.7.4, =4.7.3, =4.7.3, =4.7.3, =4.7.3, =4.7.3, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.1 and more Source cves: CVE-2026-42587 Source advisory: SNYK:JAVA-IONETTY-16438931...

ai.spice:spiceai (=0.6.0), cn.isqing.icloud:icloud-common-utils (>=4.0.3-M1 <=4.0.3.1) +355 more potentially affected by CVE-2026-42586 via io.netty:netty-codec-redis (>=4.2.0.Alpha1 <=4.2.12.Final)

io.netty:netty-codec-redis MAVEN version =4.2.0.Alpha1, =4.0.3-M1, =1.21.9, =3.4.7, =25.4.1, =26.2.1, =7.9.0, =5.1.0, =5.1.0, =6.80, =0.2.2, =0.2.4 and more Source cves: CVE-2026-42586 Source advisory: SNYK:JAVA-IONETTY-16439010...

PT-2026-38595

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions 3.19.1 through 3.19.5 GitHub Enterprise Server versions 3.20.0 through 3.20.1 Description A reflected HTML injection issue exists in the Management Console login page. The redirect to query parameter on the...

Bitcoin Core 安全漏洞

Bitcoin Core is an open-source client for verifying the validity of blockchain transactions. There are security vulnerabilities in versions 0.14 to 28.x of Bitcoin Core, and these vulnerabilities stem from security issues, though the details remain undisclosed...

EUVD-2026-26315

ICMPv6 PvD protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

IBM Langflow Desktop 路径遍历漏洞

IBM Langflow Desktop is a desktop application for AI process orchestration developed by IBM. Versions 1.2.0 to 1.8.4 of IBM Langflow Desktop contain a path traversal vulnerability. This vulnerability stems from directory traversal issues, which may allow authenticated attackers to send specially...

africa.absa:inception-application (>=1.1.0 <=1.2.0), africa.absa:inception-test (>=1.1.0 <=1.2.0) +2764 more potentially affected by CVE-2026-22745 via org.springframework:spring-webflux (>=5.0.0.RELEASE <=5.3.4)

org.springframework:spring-webflux MAVEN version =5.0.0.RELEASE, =1.1.0, =1.1.0, =0.5.0, =0.5.0, =0.5.0, =j8.2.2.0, =0.0.1, =v0.3.12, =v0.3.10, =v0.3.12, =2.1.2.RELEASE, =4.1.36, =4.1.7, =4.7.1 - br.com.m4rc310:br-com-m4rc310-graphql =1.0.1 - br.com.m4rc310:br-com-m4rc310-libs =1.0.1 and more...

a-mailx (=0.1.0), a-move-files-by-excel (>=0.1.0 <=0.1.1) +4285 more potentially affected by CVE-2026-41066 via lxml (>=3.2.3 <=6.0.4)

lxml PYPI version =3.2.3, =0.1.0, =0.1.0, =0.1.0, =0.9.1, =1.0.2, =0.1.0, =0.3.0, =0.3.5, =0.3.0, =0.3.0, =0.2.5, =0.1.0, =0.0.2, =1.13.4 and more Source cves: CVE-2026-41066 Source advisory: OSV:GHSA-VFMQ-68HX-4JFW...

CVE-2026-35074

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of special elements used in an OS Command Injection vulnerability. A high privileged attacker...

PT-2026-33444

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain with Data Domain Operating System DD OS versions 7.7.1.0 through 8.5 Dell PowerProtect Data Domain with Data Domain Operating System DD OS versions 8.3.1.0 through 8.3.1.20 Dell PowerProtect Data Domain with Data...