120646 matches found
CVE-2026-27965 Vitess users with backup storage access can gain unauthorized access to production deployment environments
Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that arbitrary code is later executed when that backup is restored...
USN-8066-1 ruby-rack vulnerabilities
Minh Pham Quang discovered that Rack did not correctly handle parsing certain paths, which could lead to a path traversal attack. An attacker could possibly use this issue to leak sensitive information. CVE-2026-22860 Ali Firas discovered that Rack did not correctly sanitize certain inputs. An...
PT-2026-22151
Name of the Vulnerable Software and Affected Versions Flair versions 0.4.1 through latest Description The deserialization of untrusted data in the LanguageModel class can lead to arbitrary code execution when loading a malicious model. Recommendations Versions prior to 0.4.1 are not affected. At...
CVE-2026-26682
Summary: fastCMS prior to v0.1.6 contains a security issue in the PluginController.java that enables a local attacker to execute arbitrary code. Affected software/component: fastCMS (PluginController.java). Impact: local code execution with high impact (per CVSS) as described in referenced record...
Agenta 代码注入漏洞
Agenta is an open-source platform developed by Agenta for building production-grade large language model applications. Versions of Agenta prior to 0.48.1 contained a code injection vulnerability. This vulnerability stemmed from a sandbox error that allowed the numpy package, potentially leading t...
Wolters Kluwer A3factura 跨站脚本漏洞
Wolters Kluwer A3factura is a billing management software developed by the German company Wolters Kluwer. Wolters Kluwer A3factura has a cross-site scripting vulnerability. This vulnerability stems from the reflective cross-site scripting in the parameter name located at the endpoint...
flair 安全漏洞
Flair is a very simple and advanced NLP framework developed by Flair OpenSource. There are security vulnerabilities in Flair versions 0.4.1 onwards. These vulnerabilities stem from the LanguageModel class’s ability to deserialize untrusted data, which may allow arbitrary code to be executed when...
CVE-2025-50857
ZenTaoPMS v18.11 through v21.6.beta is vulnerable to Directory Traversal in /module/ai/control.php. This allows attackers to execute arbitrary code via a crafted file upload...
PT-2026-22161
Name of the Vulnerable Software and Affected Versions fastCMS versions prior to 0.1.6 Description An issue exists in fastCMS that allows a local attacker to execute arbitrary code via the PluginController.java component. Recommendations Update to version 0.1.6 or later...
CVE-2026-26682
An issue in fastCMS before v.0.1.6 allows a local attacker to execute arbitrary code via the PluginController.java component...
FastCMS 安全漏洞
FastCMS is a content management system developed by FastCMS Inc. Versions of FastCMS prior to 0.1.6 contained security vulnerabilities. These vulnerabilities were caused by issues with the PluginController.java component, which could allow local attackers to execute arbitrary code...
Vitess 操作系统命令注入漏洞
Vitess is an open-source database cluster system developed by Vitess, designed for horizontal scaling of MySQL databases. Versions of Vitess prior to 23.0.3 and 22.0.4 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the possibility of...
PT-2026-22141
Reflected Cross-Site Scripting XSS on the A3factura web platform, in parameter 'name', parameter 'name', in 'a3factura-app.wolterskluwer.es//incomes/customers' endpoint, which could allow an attacker to execute arbitrary code in the victim's browser...
Digital Arts FinalCode Client 代码问题漏洞
Digital Arts FinalCode Client is an enterprise-level information rights management client software developed by Digital Arts in Japan. The Digital Arts FinalCode Client has a code vulnerability that stems from issues with the DLL search path in the installer, which may allow arbitrary code to be...
CVE-2025-50857
ZenTaoPMS versions 18.11 through 21.6.beta are affected by a Directory Traversal vulnerability in /module/ai/control.php that allows arbitrary code execution via a crafted file upload. The root cause is a directory traversal flaw in the file-upload handling, enabling an attacker to place or execu...
PT-2026-22208
Name of the Vulnerable Software and Affected Versions NVDA Dev & Test Toolbox versions 2.0 through 8.0 Description A security issue exists in the Log Reader feature of the NVDA Dev & Test Toolbox add-on. Maliciously crafted log files can lead to arbitrary code execution when a user reads them usi...
CVE-2026-26682
An issue in fastCMS before v.0.1.6 allows a local attacker to execute arbitrary code via the PluginController.java component...
GPAC 安全漏洞
GPAC is an open-source multimedia framework developed by GPAC. Versions of GPAC prior to 26.02.0 contain security vulnerabilities. These vulnerabilities stem from stack buffer overflows during the parsing of NHML files, which may allow for the execution of arbitrary code...
PT-2026-22140
Reflected Cross-Site Scripting XSS on the A3factura web platform, in parameter 'name', in 'a3factura-app.wolterskluwer.es//incomes/representatives-management' endpoint, which could allow an attacker to execute arbitrary code in the victim's browser...
SUSE SLES12 Security Update : postgresql15 (SUSE-SU-2026:0615-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0615-1 advisory. Update to version 15.16. Security issues fixed: - CVE-2026-2003: improper validation of type 'oidvector' may allow disclose a few bytes of serv...