CVE-2026-41149

A flaw was found in Mermaid, a JavaScript tool for creating diagrams and charts. A remote attacker could exploit this vulnerability by injecting malicious HTML through the classDef directive in Mermaid state diagrams. This allows for Document Object Model DOM injection, which escapes the Scalable...

EUVD-2025-199988

Insufficient argument validation in OpenVPN 2.7alpha1 through 2.7rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses...

OpenVPN 安全漏洞

OpenVPN is a software package for creating encrypted tunnels for virtual private networks VPNs from US-based OpenVPN, which uses the OpenSSL library to encrypt data and control information and allows the created VPN to be authenticated using a public key, an electronic certificate, or a...

CVE-2025-66017

CGGMP24 is a state-of-art ECDSA TSS protocol that supports 1-round signing requires 3 preprocessing rounds, identifiable abort, and a key refresh protocol. In versions 0.6.3 and prior of cggmp21 and version 0.7.0-alpha.1 of cggmp24, presignatures can be used in the way that significantly reduces...

CVE-2025-66017 CGGMP21 presignatures can be used in the way that significantly reduces security

CGGMP24 is a state-of-art ECDSA TSS protocol that supports 1-round signing requires 3 preprocessing rounds, identifiable abort, and a key refresh protocol. In versions 0.6.3 and prior of cggmp21 and version 0.7.0-alpha.1 of cggmp24, presignatures can be used in the way that significantly reduces...

PT-2025-38623

Name of the Vulnerable Software and Affected Versions Tandoor Recipes versions 2.0.0-alpha-1 Description Tandoor Recipes 2.0.0-alpha-1 is susceptible to privilege escalation. This issue stems from a rework of the API, specifically within the User Profile API Endpoint. The endpoint contains two...

PT-2025-32863 · Adobe · Commerce

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.9-alpha1 through 2.4.4-p14 and earlier Description: Adobe Commerce is affected by an improper input validation issue that could lead to a denial-of-service DoS. An attacker could exploit this issue by providing...

com.charlyghislain.keycloak:keycloak-importexport (=21.0.0), com.github.vzakharchenko:chillispot-radius-plugin (>=1.4.10 <=1.4.11) +79 more potentially affected by CVE-2023-3597 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=22.0.1)

org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =0.3.0-20.0.1, =0.4.5-20.0.2, =1.0.1, =1.3.2, =1.3.6 - io.github.jeff-tian:keycloak-phone-provider =2.3.10 and more Source cves: CVE-2023-3597 Source advisor...

PT-2007-6586 · Phpcms · Phpscms

Name of the Vulnerable Software and Affected Versions: phpSCMS versions 0.0.1-Alpha1 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter in the includes/functions.php file. This is a remote file inclusion issue. Note that the identified code...