CVE-2026-50590

In Mimecast Incydr before 2.6.0, arbitrary file access can occur...

EUVD-2026-34777

In Mimecast Incydr before 2.6.0, arbitrary file access can occur...

CVE-2026-50590

In Mimecast Incydr before 2.6.0, arbitrary file access can occur...

CVE-2026-25118 immich-server: Insecure Transmission of Authentication Credentials via Password Parameter in HTTP Request Query String When Accessing Shared Albums

immich is a high performance self-hosted photo and video management solution. Prior to version 2.6.0, the Immich application is vulnerable to credential disclosure when a user authenticates to a shared album. During the authentication process, the application transmits the album password within t...

CVE-2026-28503 Tandoor Recipes has Cross-Space IDOR in SyncViewSet.query_synced_folder: missing space scoping on get_object_or_404

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the SyncViewSet.querysyncedfolder action in cookbook/views/api.py line 903 fetches a Sync object using getobjector404Sync, pk=pk without including space=request.space i...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-pip (UTSA-2026-006147)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006147 advisory. urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded...

CBL Mariner 2.0 Security Update: CBL-Mariner Releases (CVE-2025-66471)

The version of CBL-Mariner Releases installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-66471 advisory. - urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior t...

PT-2026-3323

Name of the Vulnerable Software and Affected Versions Modular DS versions 2.5.2 through 2.5.9 Description An incorrect privilege assignment exists in the Modular DS modular-connector component, potentially allowing for privilege escalation. The issue allows an attacker to gain elevated privileges...

UBUNTU-CVE-2025-66471

urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than...

EUVD-2025-93477

Buffer overflow for some IntelR QAT Windows software before version 2.6.0. within Ring 3: User Applications may allow a denial of service. System software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via...

CVE-2025-27713

Out-of-bounds write for some IntelR QAT Windows software before version 2.6.0. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may...

Intel QAT 代码问题漏洞

Intel QAT Windows software refers to the collection of Intel® Data Protection and Compression Acceleration Technology software components that provide support for the Windows operating system. A code issue vulnerability exists in Intel QAT Windows software that originates from an improper conditi...

PT-2025-46391

Name of the Vulnerable Software and Affected Versions IntelR QAT Windows software versions prior to 2.6.0 Description A buffer overflow issue exists in some IntelR QAT Windows software. This flaw may allow an attacker with local access to escalate privileges. The attack requires an authenticated...

PT-2025-46432

Name of the Vulnerable Software and Affected Versions IntelR QAT Windows software versions prior to 2.6.0 Description A buffer overflow issue exists in some IntelR QAT Windows software. This can potentially allow a denial of service. A system software adversary with an authenticated user and a lo...

CVE-2023-52309 Heap buffer overflow in paddle.repeat_interleave

Heap buffer overflow in paddle.repeatinterleave in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible...

CVE-2023-52307 Stack overflow in paddle.linalg.lu_unpack

Stack overflow in paddle.linalg.luunpack in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage...

CVE-2023-52303 Segfault in paddle.put_along_axis

Nullptr in paddle.putalongaxis in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service...

PT-2024-14520 · Unknown · Paddlepaddle

Name of the Vulnerable Software and Affected Versions: PaddlePaddle versions prior to 2.6.0 Description: The issue is related to a flaw in paddle.argmin and paddle.argmax that can cause a runtime crash and a denial of service. This flaw can lead to a denial of service. Recommendations: For versio...

PT-2024-14510 · Unknown · Paddlepaddle

Name of the Vulnerable Software and Affected Versions: PaddlePaddle versions prior to 2.6.0 Description: The issue is related to a nullptr in paddle.put along axis in PaddlePaddle, which can cause a runtime crash and a denial of service. Recommendations: For versions prior to 2.6.0, update to...

Resque Cross-Site Scripting Vulnerability

Resque is a Redis-powered library open-sourced by Resque for creating background jobs, placing them on multiple queues and processing them later. A cross-site scripting vulnerability exists in versions of Resque prior to 2.6.0, which stems from vulnerability to reflective cross-site scripting XSS...