CVE-2026-3145

A flaw has been found in libvips up to 8.18.0. The affected element is the function vipsforeignloadmatrixfileisa/vipsforeignloadmatrixheader of the file libvips/foreign/matrixload.c. Executing a manipulation can lead to memory corruption. The attack needs to be launched locally. This patch is...

CVE-2026-3145

A flaw has been found in libvips up to 8.18.0. The affected element is the function vipsforeignloadmatrixfileisa/vipsforeignloadmatrixheader of the file libvips/foreign/matrixload.c. Executing a manipulation can lead to memory corruption. The attack needs to be launched locally. This patch is...

CVE-2026-3145

CVE-2026-3145 affects libvips

CVE-2026-3135

A weakness has been identified in itsourcecode News Portal Project 1.0. The impacted element is an unknown function of the file /admin/add-category.php. This manipulation of the argument Category causes sql injection. It is possible to initiate the attack remotely. The exploit has been made...

SUSE CVE-2026-25798

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a NULL pointer dereference in ClonePixelCacheRepository allows a remote attacker to crash any application linked against ImageMagick by supplying a crafted imag...

CVE-2026-3135

A weakness has been identified in itsourcecode News Portal Project 1.0. The impacted element is an unknown function of the file /admin/add-category.php. This manipulation of the argument Category causes sql injection. It is possible to initiate the attack remotely. The exploit has been made...

Predicting Known Vulnerabilities from Attack Descriptions Using Sentence Transformers

Modern infrastructures rely on software systems that remain vulnerable to cyberattacks. These attacks frequently exploit vulnerabilities documented in repositories such as MITRE's Common Vulnerabilities and Exposures CVE. However, Cyber Threat Intelligence resources, including MITRE ATT&CK and CV...

CVE-2026-26717

An issue in OpenFUN Richie LMS in src/richie/apps/courses/api.py. The application used the non-constant time == operator for HMAC signature verification in the synccourserunfromrequest function. This allows remote attackers to forge valid signatures and bypass authentication by measuring response...

PT-2026-21958

Name of the Vulnerable Software and Affected Versions OpenFUN Richie LMS affected versions not specified Description The application uses a non-constant time comparison operator for HMAC signature verification within the sync course run from request function, located in...

PT-2026-21877

Name of the Vulnerable Software and Affected Versions itsourcecode News Portal Project version 1.0 Description A SQL injection issue exists due to the improper handling of the pagetitle argument in the processing of the /admin/contactus.php file. This allows for remote attacks. The exploit has be...

CVE-2026-26717

OpenFUN Richie (LMS) is affected. The issue is in src/richie/apps/courses/api.py: sync_course_run_from_request uses a non-constant time == operator for HMAC signature verification, enabling timing-based forgery of valid signatures and authentication bypass. Documented in Red Hat/Snyk advisories w...

PT-2026-21963

Name of the Vulnerable Software and Affected Versions Chia Blockchain version 2.1.0 Description A cross-site request forgery condition exists in Chia Blockchain version 2.1.0. The issue is related to an unknown function within the /send transaction file. The attack can be performed remotely and...

CVE-2026-26717

An issue in OpenFUN Richie LMS in src/richie/apps/courses/api.py. The application used the non-constant time == operator for HMAC signature verification in the synccourserunfromrequest function. This allows remote attackers to forge valid signatures and bypass authentication by measuring response...

Richie 安全漏洞

Richie is an open-source educational content management system developed by France Université Numérique. Richie has a security vulnerability. This vulnerability stems from the use of the non-constant time == operator in the synccourserunfromrequest function for HMAC signature verification. This...

CVE-2026-3134 itsourcecode News Portal Project edit-category.php sql injection

A security flaw has been discovered in itsourcecode News Portal Project 1.0. The affected element is an unknown function of the file /newsportal/admin/edit-category.php. The manipulation of the argument Category results in sql injection. The attack may be performed from remote. The exploit has be...

CVE-2026-3015

A vulnerability was determined in UTT HiPER 810G up to 1.7.7-171114. Impacted is the function strcpy of the file /goform/formPolicyRouteConf. Executing a manipulation of the argument GroupName can lead to buffer overflow. The attack may be launched remotely. The exploit has been publicly disclose...

CVE-2026-24443

EventSentry versions prior to 6.0.1.20 contain an unverified password change vulnerability in the account management functionality of the Web Reports interface. The password change mechanism does not require validation of the current password before allowing a new password to be set. An attacker...

CVE-2026-25882 Fiber has a Denial of Service Vulnerability via Route Parameter Overflow

Fiber is an Express inspired web framework written in Go. A denial of service vulnerability exists in Fiber v2 and v3 that allows remote attackers to crash the application by sending requests to routes with more than 30 parameters. The vulnerability results from missing validation during route...

CVE-2026-23858

Dell Wyse Management Suite, versions prior to WMS 5.5, contain an Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Script Injection...

CVE-2026-24443

EventSentry versions prior to 6.0.1.20 contain an unverified password change vulnerability in the account management functionality of the Web Reports interface. The password change mechanism does not require validation of the current password before allowing a new password to be set. An attacker...