Prefect SSRF Bypass via DNS Rebinding in validate_restricted_url

A vulnerability has been found in PrefectHQ prefect up to 3.6.28.dev1. Affected by this vulnerability is the function validaterestrictedurl of the component Webhook/Notification. The manipulation leads to time-of-check time-of-use. It is possible to initiate the attack remotely. The attack is...

CVE-2026-7724

A vulnerability has been found in PrefectHQ prefect up to 3.6.28.dev1. Affected by this vulnerability is the function validaterestrictedurl of the component Webhook/Notification. The manipulation leads to time-of-check time-of-use. It is possible to initiate the attack remotely. The attack is...

CVE-2026-7727

Technical details about CVE-2026-7727 are not publicly available in the provided documents. Monitor for updates.

EUVD-2026-26879

A vulnerability has been found in PrefectHQ prefect up to 3.6.28.dev1. Affected by this vulnerability is the function validaterestrictedurl of the component Webhook/Notification. The manipulation leads to time-of-check time-of-use. It is possible to initiate the attack remotely. The attack is...

dotnet: .NET: Denial of Service via Infinite Recursion in XmlDecryptionTransform

A flaw was found in .NET. A remote attacker could exploit this vulnerability by crafting a malicious XML document that triggers an infinite recursion within the XmlDecryptionTransform component. This could lead to a Denial of Service DoS, making the affected system unresponsive...

CVE-2026-7716 code-projects Gym Management System In PHP/Windows NT index.php sql injection

A vulnerability was found in code-projects Gym Management System In PHP and Windows NT 1.0. This vulnerability affects unknown code of the file /index.php. Performing a manipulation of the argument day results in sql injection. The attack can be initiated remotely. The exploit has been made publi...

CVE-2026-7714

A flaw has been found in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this issue is some unknown functionality of the file cps/cwafunctions.py of the component Admin Endpoint. This manipulation causes missing authentication. It is possible to initiate the attack remotely. The...

CVE-2026-7713

CVE-2026-7713 affects crocodilestick Calibre-Web-Automated up to 4.0.6. The vulnerable component is the Kobo auth-token Route, specifically the generate_auth_token function in cps/kobo_auth.py, where improper authorization may be exploited remotely. An exploit has been published and publicized. A...

EUVD-2025-209622

An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXConverter.cpp, FBXConverter::ConvertMeshMultiMaterial components...

Linux Distros Unpatched Vulnerability : CVE-2026-7734

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been found in osrg GoBGP up to 4.3.0. This impacts the function SRv6L3ServiceAttribute.DecodeFromBytes of the file pkg/packet/bgp/prefixsid....

MCP Server for ArangoDB 路径遍历漏洞

MCP Server for ArangoDB is a database interaction tool based on ArangoDB, developed by Alp Sarıyer. Versions of MCP Server for ArangoDB 0.4.7 and earlier had a path traversal vulnerability. This vulnerability stemmed from the function arangobackup in the MCP Interface component, which allowed for...

TOTOLINK WA300 注入漏洞

TOTOLINK WA300 is a wireless access point produced by TOTOLINK, a Chinese company. The version 5.2cu.7112B20190227 of Totolink WA300 has a vulnerability caused by command injection. This vulnerability arises from the operation of the setWebWlanIdx function in the POST Request Handler component’s...

Test Runner MCP 命令注入漏洞

Test Runner MCP is a multi-framework testing and result-analysis tool for PrivSim individual developers. Version 0.2.0 of Test Runner MCP contains a command injection vulnerability. This vulnerability stems from the use of the childprocess.spawn function in the MCP Interface component, which allo...

TOTOLINK N300RH 缓冲区错误漏洞

TOTOLINK N300RH is a long-range wireless router produced by TOTOLINK Corporation. The version TOTOLINK N300RH 3.2.4-B20220812 contains a buffer overflow vulnerability. This vulnerability arises from the loginauth function in the Parameter Handler component, where the handling of the Password...

PT-2026-36783

A security vulnerability has been detected in justdan96 tsMuxer up to 2.7.0. This issue affects the function VvcVpsUnit::setFPS of the file tsMuxer/vvc.cpp. Such manipulation of the argument track id leads to denial of service. An attack has to be approached locally. The exploit has been disclose...

PT-2026-36990

Name of the Vulnerable Software and Affected Versions apko affected versions not specified Description apko verifies the signature on 'APKINDEX.tar.gz' but fails to compare individually downloaded '.apk' packages against the checksum recorded in the signed index. Although the checksum is parsed v...

Revisiting JBShield: Breaking and Rebuilding Representation-Level Jailbreak Defenses

Defending large language models LLMs against jailbreak attacks, such as Greedy Coordinate Gradient GCG, remains a challenge, particularly under adaptive threat models where an attacker directly targets the defense mechanism. JBShield, a recent jailbreak defense with a 0% attack success rate in so...

PT-2026-36806

Name of the Vulnerable Software and Affected Versions Ansible Automation Platform Gateway versions 2.6 and later Description A flaw in the AAP gateway involves the user auto-link strategy, which automatically links an external Identity Provider IDP identity to an existing user account based on...

PT-2026-36809

Name of the Vulnerable Software and Affected Versions Assimp version 6.0.2 Description A remote attacker can cause a denial of service through the MeshGeometry::MeshGeometry function within the FBXMeshGeometry.cpp file. Recommendations At the moment, there is no information about a newer version...

Apache HTTP Server 安全漏洞

Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server is known for its speed, reliability, and ability to be expanded through simple APIs. Version 2.4.66 of Apache HTTP Server contains a security vulnerability, which stems from a timi...