PT-2026-29618

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a remote attacker to conduct phishing attacks, caused by an...

Low: libheif

Issue Overview: A vulnerability was determined in strukturag libheif up to 1.21.2. This affects the function vvdecpushdata2 of the file libheif/plugins/decodervvdec.cc of the component HEIF File Parser. Executing a manipulation of the argument size can lead to out-of-bounds read. The attack needs...

ROS-20260401-73-0032

Vulnerability in libpng15 related to buffer copying without checking input size. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260401-73-0043

Vulnerability in pdns-recursor related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260401-73-0030

Vulnerability in libpng related to buffer copying without checking input size. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260401-73-0028

Vulnerability in libpng12 related to buffer copying without checking input size. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

CVE-2026-30273

CVE-2026-30273 affects pandas-ai v3.0.0 via the pandasai.agent.base._execute_sql_query component, introducing a SQL injection vulnerability. Root cause: improper handling of SQL query execution within the agent. Impact per CVSS: HIGH (7.3), with network attack vector, no user interaction required...

PT-2026-29553

A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could...

PT-2026-33861

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.28 Description An environment variable injection issue occurs because the software loads the .env file from the current working directory before the trusted state-dir configuration. This allows untrusted...

PT-2026-29515

A local file inclusion vulnerability in the upload/download flow of the VertiGIS FM application allows authenticated attackers to read arbitrary files from the server by manipulating a file's path during its upload. When the file is subsequently downloaded, the file in the attacker controlled pat...

Linux Distros Unpatched Vulnerability : CVE-2026-5287

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in PDF in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file...

Cisco IOS XE Software Secure Channel for Meraki Information Disclosure (cisco-sa-iosxe_infodis-6J847uEB)

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. - A vulnerability in Cisco IOS XE Software for Cisco Meraki could allow a remote, unauthenticated attacker to view confidential device information. This vulnerability is due to a device configuration...

Linux Distros Unpatched Vulnerability : CVE-2026-5185

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security flaw has been discovered in Nothings stbimage up to 2.30. This affects the function stbigifloadnext of the file stbimage.h of the component Multi-fra...

CVE-2026-34872

An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values lack of contributor...

Replay Attack

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Replay Attack in the webhook-security.ts process. An attacker can bypass replay protection by capturing a valid signed webhook and resending it with reordered query parameters, thereby...

Replay Attack

Overview @openclaw/voice-call is an OpenClaw voice-call plugin Affected versions of this package are vulnerable to Replay Attack in the webhook-security.ts process. An attacker can bypass replay protection by capturing a valid signed webhook and resending it with reordered query parameters, there...

CVE-2026-5240

CVE-2026-5240 affects code-projects BloodBank Managing System 1.0. The issue arises in an unknown part of /admin_state.php where manipulating the statename argument causes a cross-site scripting (XSS) vulnerability. The description notes remote initiation and that the exploit has been publicly di...

CVE-2026-5240

A security vulnerability has been detected in code-projects BloodBank Managing System 1.0. This affects an unknown part of the file /adminstate.php. The manipulation of the argument statename leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been...

CVE-2026-5238

Affects itsourcecode Payroll Management System 1.0. The vulnerability exists in the Parameter Handler’s view_employee.php, where manipulating the ID parameter leads to SQL injection. This is a remote exploit with public proof-of-concept; CVSS metrics indicate high impact (network access, no authe...

SUSE CVE-2026-5185

A security flaw has been discovered in Nothings stbimage up to 2.30. This affects the function stbigifloadnext of the file stbimage.h of the component Multi-frame GIF File Handler. The manipulation results in heap-based buffer overflow. The attack requires a local approach. The exploit has been...