SmarterTools SmarterMail 路径遍历漏洞

SmarterTools SmarterMail is a set of email server software developed by SmarterTools Corporation. This software supports features such as spam filtering, data statistics, and Simple Mail Transfer Protocol SMTP authentication. Previous versions of SmarterTools SmarterMail version 9560 contained a...

People 安全漏洞

People is an open-source user and team permission management application developed by La Suite numérique. Versions of People prior to 1.25.0 contained a security vulnerability. This vulnerability allowed users with the role of email domain administrators to elevate any existing user to the owner...

EUVD-2026-28419

When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash...

Security Bulletin: Vulnerabilities have been identified in IBM® SDK, Java™ Technology Edition shipped with IBM Buinses Automation Workflow due to the April 2026 Java CPU

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about security vulnerabilities in IBM® SDK, Java™ Technology Edition affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability...

python-markdown: denial of service via malformed HTML-like sequences

A flaw was found in Python-Markdown. Parsing crafted markdown content containing malformed HTML-like sequences causes html.parser.HTMLParser to raise an unhandled AssertionError. This unhandled exception allows an attacker to cause an application crash and potentially disclose sensitive informati...

CVE-2026-8081

A vulnerability has been found in router-for-me CLIProxyAPI 6.9.29. Affected by this issue is some unknown functionality of the file internal/api/handlers/management/apitools.go of the component API Interface. The manipulation of the argument url leads to server-side request forgery. Remote...

Uncontrolled Recursion

@nestjs/microservices is vulnerable to Uncontrolled Recursion. The vulnerability is due to recursive processing of multiple JSON messages in a single TCP frame without proper recursion limits, which allows an attacker to trigger a stack overflow and crash the application...

web-app-pentest-playbook

Web Application Pentest Playbook A structured methodology and...

Security Bulletin: IBM Maximo Application Suite - IoT Component uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary IBM Maximo Application Suite - IoT Component uses cryptography-46.0.5-cp311-abi3-manylinux234x8664.whl, cryptography-46.0.6-cp311-abi3-manylinux234x8664.whl, pyasn1-0.6.2-py3-none-any.whl, requests-2.32.5-py3-none-any.whl, bcprov-jdk18on-1.83.jar, pygments-2.19.2-py3-none-any.whl,...

CVE-2026-6002

CVE-2026-6002 describes an HTML/Script injection (XSS) vulnerability in DivvyDrive Information Technologies’ DivvyDrive. The issue affects DivvyDrive versions 4.8.2.9 up to, but not including, 4.8.3.2. The CVSS 3.1 base metrics indicate HIGH impact on confidentiality, integrity, and availability ...

EUVD-2026-26712

Bandit is vulnerable to CL.CL request smuggling via unrejected duplicate Content-Length header...

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect in the RedirectHandler function. An attacker can obtain sensitive information such as session cookies, proxy credentials, and API keys by inducing a cross-host or cross-scheme redirect, causing these headers to be forwarde...

Exploit for Improper Input Validation in Microsoft

CVE-2026-27960 Overview The OpenCTI platform suffers from...

GHSA-98QH-XJC8-98PQ vulnerabilities

Vulnerabilities for packages: apache-hop, hono, thingsboard, nacos-docker, debezium, flyway-fips, kayenta-fips, ghidra, keycloak-fips, druid, kayenta, dependency-track, keycloak, camunda-zeebe, nuxeo, apicurio-registry, flyway, sonarqube, nacos, geoserver, camunda, apache-hop-fips, seata,...

Race Condition

Overview Affected versions of this package are vulnerable to Race Condition due to improper synchronization in the webhook process. An attacker can cause the application to crash and become unavailable by sending concurrent requests that exploit the reuse of echo.Context objects, leading to a pan...

Race Condition

Overview Affected versions of this package are vulnerable to Race Condition due to improper synchronization in the webhook process. An attacker can cause the application to crash and become unavailable by sending concurrent requests that exploit the reuse of echo.Context objects, leading to a pan...

Session cookies can be replayed after user logout

Impact Admin session cookies were not invalidated when an admin user logged out. An attacker with access to a valid admin session cookie could continue to access admin functionality after logout, until the cookie expired or session secrets were rotated. This affects applications using Koi admin...

PT-2026-38472

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string parameter containing a...

@jupyter-notebook/application (>=7.2.0 <=7.4.7), @jupyterlite/application (>=0.4.0 <=0.6.4) +4 more potentially affected by CVE-2026-42557 via @jupyterlab/rendermime-interfaces (>=3.10.7 <=3.12.10)

@jupyterlab/rendermime-interfaces NPM version =3.10.7, =7.2.0, =0.4.0, =0.4.0, =0.4.0, =0.4.0, =0.1.1, =0.2.2 Source cves: CVE-2026-42557 Source advisory: SNYK:JS-JUPYTERLABRENDERMIMEINTERFACES-16438959...

CVE-2026-40076

OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the module upload endpoint at POST /openmrs/ws/rest/v1/module is vulnerable to a Zip Slip path traversal attack. During automatic extraction of uploaded .omod...