CVE-2026-35193

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header for requests bearing that header without Cache-Control: public, which allows remote attackers to read private...

CVE-2026-6873 Signed cookie salt namespace collision in django.http.HttpRequest.get_signed_cookie

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.http.HttpRequest.getsignedcookie in Django uses a non-injective salt derivation concatenating the cookie name and salt argument, which allows a remote attacker to use a cookie in a context different from the one wher...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-016791)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016791 advisory. An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on RasterField only implemented on PostGIS allows remote...

be.yildiz-games:module-messaging-activemq (=2.0.0), com.codbex.atlas:codbex-atlas-application (>=1.1.0 <=2.107.0) +101 more potentially affected by CVE-2026-41044 via org.apache.activemq:activemq-broker (>=6.0.0 <=6.2.4)

org.apache.activemq:activemq-broker MAVEN version =6.0.0, =1.1.0, =2.55.0, =1.0.5, =1.1.0, =1.1.0, =1.1.0, =0.2.0, =1.1.0, =0.2.2, =1.4.0, =2.2.0 - io.mats3:mats-spring-test =B-2.0.0.B0+2025-10-22 and more Source cves: CVE-2026-41044 Source advisory: OSV:GHSA-MR6M-XJ7V-3CV3...

EUVD-2026-20956

Integer Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT. The fix for "CVE-2025-66168: MQTT control packet remaining length field is not properly validated" was only applied to 5.19.2 and future 5.19.x releases but was missed for all 6.0.0+...

UBUNTU-CVE-2026-3902

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGIRequest allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants with hyphens or with underscores to a single version with underscores. Earlier, unsupported Django...

Pi-hole Web Interface 跨站脚本漏洞

The Pi-hole Web Interface is an open-source dashboard web interface developed by Pi-hole. Versions of the Pi-hole Web Interface from 6.0 to 6.5 had a cross-site scripting vulnerability. This vulnerability stemmed from the formatInfo function in queries.js, which failed to escape special character...

Pi-Hole Adminlte 跨站脚本漏洞

Pi-Hole Adminlte is a control panel used for collecting more data. Versions of Pi-Hole Adminlte from 6.0 to 6.5 had a cross-site scripting vulnerability. This vulnerability occurred due to the direct insertion of configuration values into HTML attributes without escaping, which could lead to HTML...

PT-2026-22742

Name of the Vulnerable Software and Affected Versions Django versions 4.2 before 4.2.29 Django versions 5.2 before 5.2.12 Django versions 6.0 before 6.0.3 Django versions 3.2.x and earlier Django versions 4.1.x and earlier Django versions 5.0.x and earlier Description A race condition exists in...

WordPress Essential Addons for Elementor plugin <= 6.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Filterable Gallery Widget vulnerability discovered by zer0gh0st in WordPress Plugin Essential Addons for Elementor versions = 6.0.3...

CVE-2025-21589

An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router may allows a network-based attacker to bypass authentication and take administrative control of the device. This issue affects Session Smart Router: from 5.6.7 before 5.6.17, from...

CVE-2025-12466

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Simple OAuth OAuth2 & OpenID Connect allows Authentication Bypass.This issue affects Simple OAuth OAuth2 & OpenID Connect: from 6.0.0 before 6.0.7...

CVE-2025-12466

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Simple OAuth OAuth2 & OpenID Connect allows Authentication Bypass.This issue affects Simple OAuth OAuth2 & OpenID Connect: from 6.0.0 before 6.0.7...

EUVD-2025-32721

Improper Resource Locking vulnerability in B&R Industrial Automation Automation Runtime.This issue affects Automation Runtime: from 6.0 before 6.3, before Q4.93...

PT-2025-41145

Name of the Vulnerable Software and Affected Versions B Industrial Automation Automation Runtime versions 6.0 through 6.4 Description A flaw exists in the generation of numbers or identifiers within B Industrial Automation Automation Runtime. This issue could potentially compromise the security o...

EUVD-2025-31265

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2017-0599

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A remote denial of service vulnerability in libhevc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. Th...

IBM Sterling B2B Integrator和IBM Sterling File Gateway 安全漏洞

IBM Sterling B2B Integrator and IBM Sterling File Gateway are both products of International Business Machines IBM.IBM Sterling B2B Integrator is a suite of software that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B...

zlt-microservices-platform 输入验证错误漏洞

zlt-microservices-platform is a platform system for zlt individual developers. An input validation error vulnerability exists in zlt-microservices-platform version 6.0.0 and earlier, which stems from an open redirect due to incorrect operation of the parameter redirecturl...

pybbs 代码注入漏洞

pybbs is a community platform for Java development by iuiu individual developers. A code injection vulnerability exists in pybbs 6.0.0 and earlier versions, which stems from improper handling of the parameter Username in the file /admin/topic/list, which could lead to a cross-site scripting attac...