PT-2026-29306

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, updating a category description via API is not sanitizing the description string, which can lead to XSS attacks. This issu...

PT-2026-29219

Name of the Vulnerable Software and Affected Versions 1millionbot Millie chatbot affected versions not specified Description A prompt injection issue exists in the 1millionbot Millie chatbot. This occurs when a user bypasses chat restrictions using Boolean prompt injection techniques, constructin...

Botan C++ Crypto Algorithms Library 3.11.1

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS 10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to...

Efficient Software Vulnerability Detection Using Transformer-Based Models

Detecting software vulnerabilities is critical to ensuring the security and reliability of modern computer systems. Deep neural networks have shown promising results on vulnerability detection, but they lack the capability to capture global contextual information on vulnerable code. To address th...

PT-2026-29333

Name of the Vulnerable Software and Affected Versions Nautobot versions prior to 2.4.30 Nautobot versions prior to 3.0.10 Description The application fails to enforce password validation rules defined by Django's AUTH PASSWORD VALIDATORS setting when creating or editing users via the REST API. Th...

PT-2026-29152

baserCMS is a website development framework. Prior to version 5.2.3, a path traversal vulnerability exists in the theme file management API /baser/api/admin/bc-theme-file/theme files/add.json that allows arbitrary file write. An authenticated administrator can include ../ sequences in the path...

Sulu 安全漏洞

Sulu is a scalable Symfony framework based on PHP, developed by the Austrian company Sulu. Versions of Sulu from 1.0.0 to 2.6.22 and from 3.0.0 to 3.0.5 contained security vulnerabilities due to improper permission checks. These vulnerabilities could allow unauthorized access to contact...

Nautobot 安全漏洞

Nautobot is a web automation platform developed by the Nautobot team. Versions prior to Nautobot 2.4.30 and 3.0.10 contained security vulnerabilities. These vulnerabilities stemmed from the failure to apply the password validation rules defined by Django’s AUTHPASSWORDVALIDATORS when creating and...

CVE-2026-0562

A critical security vulnerability in parisneo/lollms versions up to 2.2.0 allows any authenticated user to accept or reject friend requests belonging to other users. The respondrequest function in backend/routers/friends.py does not implement proper authorization checks, enabling Insecure Direct...

EUVD-2026-17180

An incomplete fix for CVE-2024-36137 leaves FileHandle.chmod and FileHandle.chown in the promises API without the required permission checks, while their callback-based equivalents fs.fchmod, fs.fchown were correctly patched. As a result, code running under --permission with restricted...

EUVD-2026-17216

A weakness has been identified in YunaiV yudao-cloud up to 2026.01. This vulnerability affects unknown code of the file /admin-api/system/mail-log/page. This manipulation of the argument toMail causes sql injection. The attack can be initiated remotely. The exploit has been made available to the...

CVE-2026-32275

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. From version 1.3.10 to before version 2.17.0, an unsanitized JSONP callback parameter allows cross-origin script injection and API key theft. This issue has been patched in version 2.17.0...

CVE-2026-31799

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. From version 2.14.2 to before version 2.17.0 for parameters "before" and "after" and from version 2.1.0-beta to before version 2.17.0 for parameters "sectionid" and "userid", the /api/v2?cmd=gethomestats endpoint passe...

ALPINE-CVE-2026-21716

An incomplete fix for CVE-2024-36137 leaves FileHandle.chmod and FileHandle.chown in the promises API without the required permission checks, while their callback-based equivalents fs.fchmod, fs.fchown were correctly patched. As a result, code running under --permission with restricted...

CVE-2026-21716

An incomplete fix for CVE-2024-36137 leaves FileHandle.chmod and FileHandle.chown in the promises API without the required permission checks, while their callback-based equivalents fs.fchmod, fs.fchown were correctly patched. As a result, code running under --permission with restricted...

Security Bulletin: Multiple Vulnerabilities in IBM API Connect

Summary Multiple vulnerabilities were addressed in IBM API Connect version v12.1.0.2 Vulnerability Details CVEID:CVE-2012-6708 DESCRIPTION: jQuery before 1.9.0 is vulnerable to Cross-site Scripting XSS attacks. The jQuerystrInput function does not differentiate selectors from HTML in a reliable...

CVE-2026-5148

CVE-2026-5148 affects YunaiV yudao-cloud (up to 2026.01). The vulnerability is in the /admin-api/system/mail-log/page path, caused by manipulation of the toMail argument that leads to SQL injection. It can be triggered remotely; a public exploit is available. The vendor was contacted early but di...

CVE-2026-32275

CVE-2026-32275 affects Tautulli (Python-based Plex monitoring) with an unsanitized JSONP callback parameter. From version 1.3.10 up to, but not including, 2.17.0, this allows cross-origin script injection and API key theft. The issue is fixed in version 2.17.0. Affected range: 1.3.10 through 2.16...

CVE-2026-32275 Tautulli: Unsanitized JSONP callback parameter allows cross-origin script injection and API key theft

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. From version 1.3.10 to before version 2.17.0, an unsanitized JSONP callback parameter allows cross-origin script injection and API key theft. This issue has been patched in version 2.17.0...

CVE-2026-32275

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. From version 1.3.10 to before version 2.17.0, an unsanitized JSONP callback parameter allows cross-origin script injection and API key theft. This issue has been patched in version 2.17.0...