CVE-2026-39970

TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain a critical stored XSS vulnerability in the app.typebot.io profile picture upload form. The application fails to sanitize or restrict SVG/XML-based uploads and directly renders them when accessed through the domain. By uploading ...

CVE-2026-48225 Open ISES Tickets < 3.44.2 Reflected XSS via landb.php _type Parameter

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in landb.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the type POST parameter directly into an HTML form hidden input value attribute. Attacker...

CVE-2026-44003 vm2: Transformer Fast-Path Bypass Exposes Internal State Variable

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, vm2's code transformer has a performance optimization that skips AST analysis when the code does not contain catch, import, or async keywords. This fast-path bypass allows sandboxed code to directly access the internal...

EUVD-2025-209795

Uncontrolled search path for some AI Playground software before version 3.0.0 alpha within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This...

VulnCheck KEV: CVE-2023-47783

Missing Authorization vulnerability in Thrive Themes Thrive Theme Builder.This issue affects Thrive Theme Builder: from n/a before 3.24.0...

UTT HiPER 1250GW 缓冲区错误漏洞

UTT HiPER 1250GW is a wireless gateway device developed by UTT Corporation. Versions of UTT HiPER 1250GW prior to 3.2.7-210907-180535 contained a buffer overflow vulnerability. This vulnerability stemmed from an operation involving the parameter “Profile” in the function strcpy within the file...

Linux Distros Unpatched Vulnerability : CVE-2026-34517

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, for some multipart form fields, aiohttp read the entire...

CVE-2026-2339 RCE in TUBITAK BILGEM's Liderahenk

Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Remote Code Inclusion, Privilege Abuse, Command Injection. This issue affects Liderahenk: before 3.5.1...

CVE-2025-67111

Vulnerability summary: CVE-2025-67111 affects OpenDDS DDS prior to 3.33.0. The issue is an integer overflow in the RTPS protocol implementation, enabling a Denial of Service via a crafted message. What’s affected: OpenDDS DDS (RTPS protocol implementation) before v3.33.0. Impact (as stated): Deni...

CVE-2025-64322

Incorrect Permission Assignment for Critical Resource vulnerability in Salesforce Agentforce Vibes Extension allows Manipulating Writeable Configuration Files.This issue affects Agentforce Vibes Extension: before 3.3.0...

Siemens SiPass integrated 安全漏洞

Siemens SiPass Integrated is a powerful and extremely flexible access control system from Siemens, Germany. A security vulnerability exists in Siemens SiPass integrated prior to version V3.0, which stems from improper access control and could allow an attacker to manipulate other users' data...

EUVD-2025-32708

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Callvision Healthcare Callvision Emergency Code allows SQL Injection, Blind SQL Injection.This issue affects Callvision Emergency Code: before V3.0...

CVE-2025-0603

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Callvision Healthcare Callvision Emergency Code allows SQL Injection, Blind SQL Injection. This issue affects Callvision Emergency Code: before V3.0...

CVE-2025-0603 SQLi in Callvision Healthcare's Callvision Emergency Code

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Callvision Healthcare Callvision Emergency Code allows SQL Injection, Blind SQL Injection. This issue affects Callvision Emergency Code: before V3.0...

CVE-2025-9229 Information Disclosure in MiR robots and MiR fleet through verbose error pages

Information disclosure vulnerability in error handling in MiR software prior to version 3.0.0 allows unauthenticated attackers to view detailed error information, such as file paths and other data, via access to verbose error pages...

CVE-2025-8748

MiR software versions prior to 3.0.0 are affected by a command injection vulnerability that allows an authenticated user to execute arbitrary OS commands via a crafted HTTP request. Affected product: MiR robots software. Root cause: inadequate input handling in HTTP request processing leading to ...

appleple a-blog cms 代码问题漏洞

appleple a-blog cms is a content management system from appleple. A code issue vulnerability exists in versions of appleple a-blog cms prior to Ver.3.1.37, which stems from improper handling of deserialization of untrustworthy data, which could lead to the execution of arbitrary script...

Astra Linux – Vulnerability in Jinja2

Jinja is an extensible templating engine. In versions on the 3.x branch prior to 3.1.5, a bug in the Jinja compiler allowed an attacker who controlled both the content and the filename of a template to execute arbitrary Python code, regardless of whether Jinja’s sandbox was used. To exploit this...

REXML 安全漏洞

REXML is a Ruby open source XML toolkit for Ruby. A security vulnerability exists in REXML versions prior to 3.3.9, which stems from a vulnerability to a regular expression denial of service attack when parsing XML referenced by hexadecimal numeric characters containing a large number of digits...

CVE-2024-8264

Fortra's Robot Schedule Enterprise Agent prior to version 3.05 writes FTP username and password information to the agent log file when detailed logging is enabled...