CVE-2026-46383

Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.13.0, Microsoft APM contains a Windows-specific archive extraction boundary failure in the legacy-bundle probe used by apm install on supported Python 3.10 and 3.11 runtimes. When apm install is given a...

CVE-2026-40300

Zulip is an open-source team collaboration tool. Prior to 12.0, With messageedithistoryvisibilitypolicy set to "moves", /api/v1/messages/id/history still returns historical content values, allowing low-privilege users to recover text that was edited away from other users' messages. This...

CVE-2026-3692

In Progress Flowmon versions prior to 12.5.8, a vulnerability exists whereby an authenticated low-privileged user may craft a request during the report generation process that results in unintended commands being executed on the server...

CVE-2025-13774 SQL injection leading to privilege escalation in Progress Flowmon ADS

A vulnerability exists in Progress Flowmon ADS versions prior to 12.5.4 and 13.0.1 where an SQL injection vulnerability allows authenticated users to execute unintended SQL queries and commands...

HarfBuzz 安全漏洞

HarfBuzz is HarfBuzz open source a text engine for OpenType fonts. HarfBuzz version before 12.3.0 has a security vulnerability , the vulnerability stems from the SubtableUnicodesCache::create function does not check the hbmalloc return value , which may lead to null pointer dereferencing and...

CVE-2018-4399

An access issue existed with privileged API calls. This issue was addressed with additional restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5...

CVE-2025-68915

Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/loginbannerw.cgi XSS via a crafted banner...

PT-2025-48987

Buffer Overflow was found in SmallBASIC community SmallBASIC with SDL Before v12 28, and commit sha:298a1d495355959db36451e90a0ac74bcc5593fe in the function main.cpp, which can lead to potential information leakage and crash...

CVE-2025-50361

Buffer Overflow was found in SmallBASIC community SmallBASIC with SDL Before v1228, and commit sha:298a1d495355959db36451e90a0ac74bcc5593fe in the function main.cpp, which can lead to potential information leakage and crash...

CVE-2025-54315

The Matrix specification before 1.16 i.e., with a room version before 12 lacks create event uniqueness...

KEYENCE KV STUDIO 安全漏洞

KEYENCE KV STUDIO is a PLC programming and debugging software from KEYENCE Japan. A security vulnerability exists in KEYENCE KV STUDIO version 12.23 and earlier, which originates from a buffer overflow and could lead to the execution of arbitrary code...

CVE-2025-54315

The CVE-2025-54315 issue affects the Matrix protocol: prior to matrix 1.16 (room version

CVE-2025-54315

The Matrix specification before 1.16 i.e., with a room version before 12 lacks create event uniqueness...

BIT-MONGODB-2025-10060 MongoDB may be susceptible to Invariant Failure in Transactions due Upsert Operation

MongoDB Server may allow upsert operations retried within a transaction to violate unique index constraints, potentially causing an invariant failure and server crash during commit. This issue may be triggered by improper WriteUnitOfWork state management. This issue affects MongoDB Server v6.0...

Linux Distros Unpatched Vulnerability : CVE-2015-5791

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service...

PT-2025-36382

Name of the Vulnerable Software and Affected Versions: versions prior to 12.0 Hotfix 91155 Description: Improper restriction of operations in the IOMMU could allow a malicious hypervisor to access guest private memory, resulting in a loss of integrity. Recommendations: At the moment, there is no...

CVE-2025-48921

Cross-Site Request Forgery CSRF vulnerability in Drupal Open Social allows Cross Site Request Forgery.This issue affects Open Social: from 0.0.0 before 12.3.14, from 12.4.0 before 12.4.13...

PT-2024-15347 · Nvidia +1 · Nvidia Cuda Toolkit +1

Name of the Vulnerable Software and Affected Versions: NVIDIA CUDA Toolkit versions prior to 12.6 Description: The issue is related to a command cuobjdump in NVIDIA CUDA Toolkit, where passing a malformed ELF file can cause a crash. This can lead to an out of bounds read in the unprivileged proce...

CVE-2024-22102

Denial of Service DoS vulnerability in Jungo WinDriver before 12.6.0 allows local attackers to cause a Windows blue screen error...

CVE-2023-47788

Missing Authorization vulnerability in Automattic Jetpack.This issue affects Jetpack: from n/a before 12.7...