GHSA-RVWR-Q5HJ-WQ7G Dolibarr has an Injection issue

A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. This affects the function checkValForAPI of the file htdocs/expedition/class/expedition.class.php of the component Shipments API Endpoint. The manipulation of the argument fields leads to sql injection. The attack is possible to be...

Malicious code in @allyfinancial/allyfinancial-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 274ff2ac2c7d1051fa268e63d390bb70d6b731bcdaebb94f87251067b62d37af The package @allyfinancial/allyfinancial-api was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3290 Malicious code in @allyfinancial/allyfinancial-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 274ff2ac2c7d1051fa268e63d390bb70d6b731bcdaebb94f87251067b62d37af The package @allyfinancial/allyfinancial-api was found to contain malicious code. Source: ghsa-malware...

Malicious code in ally-starter-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ac9875cbfe312bac49b96d321664e13d98ff6214d38db1d0b3339500a83204cc The package ally-starter-api was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-3302 Malicious code in ally-starter-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ac9875cbfe312bac49b96d321664e13d98ff6214d38db1d0b3339500a83204cc The package ally-starter-api was found to contain malicious code. Source: ossf-package-analysis...

OESA-2026-2166 opencryptoki security update

openCryptoki is an implementation of the PKCS 11 API that allows interfacing to devices that hold cryptographic information and perform cryptographic functions. openCryptoki provides application portability by isolating the application from the details of the cryptographic device. Isolating the...

OESA-2026-2162 kubernetes security update

Container cluster management. Security Fixes: A flaw was found in the SPDY streaming code used by Kubelet, CRI-O, and kube-apiserver. An attacker with specific cluster roles, such as those allowing access to pod port forwarding, execution, or attachment, or node proxying, could exploit this...

EUVD-2026-26826

A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. This affects the function checkValForAPI of the file htdocs/expedition/class/expedition.class.php of the component Shipments API Endpoint. The manipulation of the argument fields leads to sql injection. The attack is possible to be...

CVE-2026-7688

A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. This affects the function checkValForAPI of the file htdocs/expedition/class/expedition.class.php of the component Shipments API Endpoint. The manipulation of the argument fields leads to sql injection. The attack is possible to be...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

Copy Fail - CVE-2026-31431 This repository contains a small L...

CVE-2026-7681

A security vulnerability has been detected in jsbroks COCO Annotator up to 0.11.1. Affected by this vulnerability is an unknown functionality of the file backend/webserver/api/datasets.py of the component Dataset API. The manipulation of the argument DatasetId leads to authorization bypass. The...

EUVD-2026-26817

A security vulnerability has been detected in jsbroks COCO Annotator up to 0.11.1. Affected by this vulnerability is an unknown functionality of the file backend/webserver/api/datasets.py of the component Dataset API. The manipulation of the argument DatasetId leads to authorization bypass. The...

CVE-2026-7681 jsbroks COCO Annotator Dataset API datasets.py authorization

A security vulnerability has been detected in jsbroks COCO Annotator up to 0.11.1. Affected by this vulnerability is an unknown functionality of the file backend/webserver/api/datasets.py of the component Dataset API. The manipulation of the argument DatasetId leads to authorization bypass. The...

CVE-2026-7680 jsbroks COCO Annotator Data Endpoint datasets.py path traversal

A weakness has been identified in jsbroks COCO Annotator up to 0.11.1. Affected is an unknown function of the file backend/webserver/api/datasets.py of the component Data Endpoint. Executing a manipulation of the argument folder can lead to path traversal. The attack can be launched remotely. The...

EUVD-2026-26810

A vulnerability was found in kerwincui FastBee up to 1.2.1. The affected element is the function ToolController.download of the file springboot/fastbee-open-api/src/main/java/com/fastbee/data/controller/ToolController.java of the component Tool Download Endpoint. The manipulation of the argument...

AV Stumpfl Pixera Two Media Server 注入漏洞

The AV Stumpfl Pixera Two Media Server is a professional media server system developed by the Austrian company AV Stumpfl. Versions of the AV Stumpfl Pixera Two Media Server 25.2 R2 and earlier had a injection vulnerability. This vulnerability stemmed from unknown functions in the WebSocket API...

PT-2026-39005

Name of the Vulnerable Software and Affected Versions PraisonAI versions 2.5.6 through 4.6.33 Description PraisonAI ships a legacy Flask API server that has authentication disabled by default due to hard-coded AUTH ENABLED = False and AUTH TOKEN = None variables in the api server.py file. This...

PT-2026-36692

A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. This affects the function checkValForAPI of the file htdocs/expedition/class/expedition.class.php of the component Shipments API Endpoint. The manipulation of the argument fields leads to sql injection. The attack is possible to be...

PT-2026-36705

Name of the Vulnerable Software and Affected Versions Telegram Desktop versions prior to 6.7.6 Description A null pointer dereference a condition where a program attempts to read from a memory address that is null, typically causing a crash can be triggered remotely in the Bot API component. The...

clan-nxt-toolkit

🔴 CLAN NXT Toolkit ██████╗██╗ █████╗ ███╗ ██╗...