PerkinElmer ProcessPlus <= 1.11.6507.0 - Local File Inclusion

Files on the Windows system are accessible without authentication to external parties due to a local file inclusion in PerkinElmer ProcessPlus.This issue affects ProcessPlus through 1.11.6507.0. id: CVE-2024-6911 info: name: PerkinElmer ProcessPlus = 1.11.6507.0 - Local File Inclusion author:...

OPENSUSE-SU-2026:20850-1 Security update for evince

This update for evince fixes the following issues: Changes in evince: - Update to version 48.2 bsc1265880 CVE-2026-46529: + shell: Quote strings in arguments used when calling evspawn - Update to version 48.1+6: + build: bump DjVuLibre version required + libview: Fix crash in the accessible code...

CVE-2026-45332

Automad is a flat-file content management system and template engine. From 2.0.0-alpha.1 to 2.0.0-beta.27, a Broken Access Control vulnerability allows an unauthenticated attacker to retrieve the bcrypt password hash of every administrator account with a single POST request. The...

Dompdf RCE via Malicious Font Caching (CVE-2022-28368)

This module exploits CVE-2022-28368, a Remote Code Execution vulnerability in dompdf versions prior to 1.2.1. The vulnerability exists because dompdf preserves the original file extension when caching fonts downloaded via CSS @font-face rules. By pointing a @font-face src to a .php file containin...

PT-2026-42694

Impact The ajax lookup endpoint in application.py bypasses the is accessible access control check that all other endpoints enforce. If a developer restricts model access by overriding is accessible, an authenticated user can still query that model's data through the ajax lookup endpoint — silentl...

PT-2026-42597

Impact The ajax lookup endpoint in application.py bypasses the is accessible access control check that all other endpoints enforce. If a developer restricts model access by overriding is accessible, an authenticated user can still query that model's data through the ajax lookup endpoint — silentl...

CVE-2026-9102 Path Traversal in Altium Enterprise Server ComparisonService Allows Arbitrary File Write

A path traversal vulnerability exists in the Altium Enterprise Server ComparisonService due to missing filename sanitization in the Gerber file upload APIs. A regular authenticated workspace user can supply a crafted filename in the multipart Content-Disposition header to escape the intended...

WordPress plugin My Calendar – Accessible Event Manager 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-44200 Wagtail: Improper permission handling when copying pages

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to pages could copy a page they don't have access to to an area of the site they do. Once coped, they'd be able to view its contents, and potentially publish it...

CVE-2026-41576

Brave CMS is an open-source CMS. Prior to commit 6c56603, the contact form is publicly accessible no authentication required. User-supplied message text is passed through PHP's nl2br function, which converts newlines to tags but does not escape HTML. The resulting string is then passed to a Blade...

CVE-2025-31982 HCL BigFix Service Management (SM) had directories that were not linked or publicly visible but could be accessed directl

HCL BigFix Service Management SM had directories that were not linked or publicly visible but could be accessed directly. This could allow an increased risk of information disclosure or misuse of sensitive functionality...

PT-2026-37635

HCL BigFix Service Management SM had directories that were not linked or publicly visible but could be accessed directly. This could allow an increased risk of information disclosure or misuse of sensitive functionality...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the IMA buffer not verifying whether it is located in accessible RAM, potentially leading to page...

PPTAgent: Arbitrary Code Execution via Python eval() of LLM-Generated Code with Builtins in Scope

Summary This vulnerability has been fixed in https://github.com/icip-cas/PPTAgent/commit/418491a9a1c02d9d93194b5973bb58df35cf9d00. CodeExecutor.executeactions pptagent/apis.py:126-205 processes LLM-generated slide editing actions using Python's eval: python pptagent/apis.py:184-186 partialfunc =...

EUVD-2026-27434

Tunnelblick is an open source graphic user interface for OpenVPN on macOS. In versions 3.3beta26 through 9.0beta01, any local user can read arbitrary root-owned files by exploiting a symlink following vulnerability in tunnelblick-helper, reachable through the world-accessible tunnelblickd Unix...

CVE-2026-5335

The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to leak sensitive user information...

CVE-2026-5335 Magic Export & Import < 1.2.0 - Unauthenticated PII Disclosure

The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to leak sensitive user information...

EUVD-2026-26906

The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to leak sensitive user information...

PT-2026-36778

The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to leak sensitive user information...

Astra Linux - уязвимость в firefox, thunderbird

A malicious web page could have caused a “use-after-free” issue, leading to memory corruption and potentially exploitable crashes. This bug can only be triggered when accessibility is enabled. This vulnerability affects Thunderbird 78.12, Firefox ESR 78.12, and Firefox 90...