PT-2026-38454

Name of the Vulnerable Software and Affected Versions Ivanti EPMM versions prior to 12.6.1.1 Ivanti EPMM versions prior to 12.7.0.1 Ivanti EPMM versions prior to 12.8.0.1 Description Improper Certificate Validation allows a remote unauthenticated attacker to impersonate registered Sentry hosts an...

PT-2026-38590

Name of the Vulnerable Software and Affected Versions code-projects Feedback System version 1.0 Description A SQL injection flaw exists in the /admin/checklogin.php file. Remote attackers can exploit this by manipulating the email argument. SQL injection is a technique where malicious SQL...

PT-2026-38601

Name of the Vulnerable Software and Affected Versions huangjunsen0406 xiaozhi-mcphub versions prior to 1.0.4 Description A path traversal issue exists in the src/controllers/dxtController.ts file. A remote attacker can exploit this by manipulating the manifest.name argument, allowing unauthorized...

PT-2026-38624

Name of the Vulnerable Software and Affected Versions Microsoft APM versions prior to 0.8.12 Description Microsoft APM normalizes marketplace plugins by copying components referenced in plugin.json into the .apm/ directory. The implementation fails to verify that the paths specified in the agents...

JeecgBoot 注入漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. JeecgBoot versions 3.9.1 and earlier have a vulnerability related to injection attacks. This vulnerability stems from the parameter condition handled by the JSON object processor in the...

PT-2026-38563

Name of the Vulnerable Software and Affected Versions Go affected versions not specified Description The "go bug" command writes to two files with predictable names in the system temporary directory, such as "/tmp". An attacker with access to this directory can create a symbolic link symlink—a fi...

CVE-2026-8086

A vulnerability was identified in OSGeo gdal up to 3.13.0dev-4. This issue affects the function SWnentries of the file frmts/hdf4/hdf-eos/SWapi.c. Such manipulation of the argument DimensionName leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly...

Linux Distros Unpatched Vulnerability : CVE-2026-44599

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Tor before 0.4.9.7 can attempt or accept BEGINDIR via conflux legs, aka TROVE-2026-008. CVE-2026-44599 Note that Nessus relies on the presence of the package as...

PT-2026-38441

Name of the Vulnerable Software and Affected Versions ericmj decimal versions 0.1.0 through 2.x Description Uncontrolled Resource Consumption allows unauthenticated remote Denial of Service. The library does not bound the exponent on parsed input, meaning a decimal with an excessively large...

container: pf Rule Injection via Domain Name Argument in `container system dns create --localhost` Command

The container system dns create --localhost command accepts a domainName argument and passes it unsanitized into the pf anchor file /etc/pf.anchors/com.apple.container as a comment in a rule line. A domain name containing a newline character breaks out of the comment context and injects an...

PT-2026-39445

Name of the Vulnerable Software and Affected Versions PHP versions 8.2.0 through 8.2.30 PHP versions 8.3.0 through 8.3.30 PHP versions 8.4.0 through 8.4.20 PHP versions 8.5.0 through 8.5.5 Description Improper sanitation of user data allows an attacker to compose a URL that executes arbitrary...

PT-2026-38466

Loop with unreachable exit condition 'infinite loop' in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network...

CLSA-2026-1778111838 httpd: Fix of 9 CVEs

CVE-2026-24072: fix modrewrite apexpr privilege escalation in htaccess - CVE-2026-28780: fix modproxyajp ajpmsgcheckheader buffer over-read - CVE-2026-29169: fix moddavlock NULL pointer dereference - CVE-2026-33006: fix modauthdigest timing attack - CVE-2026-33007: fix modauthnsocache NULL...

GHSA-53HJ-R94P-8C8F Kanidm has non-constant-time comparison of OAuth2 client_secret

Summary The kanidmd OAuth2 token-exchange /oauth2/token and token-introspection /oauth2/token/introspect endpoints compare the supplied clientsecret against the stored secret using Rust's PartialEq on String, which short-circuits on the first mismatching byte. This produces an observable timing...

GHSA-MGX6-5CF9-RR43 Keras vulnerable to DoS via Malicious .keras Model (HDF5 Shape Bomb Causes Petabyte Allocation in KerasFileEditor)

Summary Keras’s model loader KerasFileEditor unsafely loads user-supplied .keras model files containing HDF5-based weight files without performing any validation on HDF5 dataset metadata. An attacker can craft a .keras archive containing a valid model.weights.h5 file whose dataset declares an...

Timing Attack

Overview pyquorum is a Cryptographic library for secret sharing and key management, powered by Rust Affected versions of this package are vulnerable to Timing Attack via mulmod function implements multiplication via a binary expansion loop whose execution time depends on the Hamming weight of the...

pyquorum: Timing side‑channel in mul_mod

Impact The mulmod function implements multiplication via a binary expansion loop whose execution time depends on the Hamming weight of the second operand the exponent. An attacker who can measure the time of secret‑sharing operations e.g., via a remote service could progressively recover the valu...

GHSA-MQCG-5X36-VFCG JupyterLab's command linker attributes in HTML enable one-click command execution from untrusted content

JupyterLab's HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements, while CommandLinker listens for all click events on document.body and executes the named command without checking whether the element came from trusted JupyterLab UI. A notebook with ...

JupyterLab's command linker attributes in HTML enable one-click command execution from untrusted content

JupyterLab's HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements, while CommandLinker listens for all click events on document.body and executes the named command without checking whether the element came from trusted JupyterLab UI. A notebook with ...

EUVD-2026-28139

Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via malicious network traffic. Chromium security severity: Low...