PT-2026-45550

A vulnerability has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this issue is the function KanbanScrumHelper::recordUpdated of the file app/Helpers/KanbanScrumHelper.php of the component Ticket Handler. The manipulation leads to improper authorization. The attack i...

FastGPT 安全漏洞

FastGPT is an open-source knowledge base question-answering system based on large language models developed by Labring. Versions of FastGPT prior to 4.15.0-beta1 contained a security vulnerability. This vulnerability stemmed from the JavaScript sandbox worker’s use of regular expressions. It test...

Adobe Commerce 安全漏洞

Adobe Commerce is a leading global digital business solution for businesses and brands offered by Adobe in the United States. There is a security vulnerability in Adobe Commerce, which stems from improper authorization. This vulnerability may allow security features to be bypassed, enabling...

CVE-2026-33951 signalk-server: Unauthenticated Source Priorities Manipulation

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.1, the SignalK Server exposes an unauthenticated HTTP endpoint that allows remote attackers to modify navigation data source priorities. This endpoint, accessible via PUT...

PT-2026-29797

Summary The SignalK Server exposes an unauthenticated HTTP endpoint that allows remote attackers to modify navigation data source priorities. This endpoint, accessible via PUT /signalk/v1/api/sourcePriorities, does not enforce authentication or authorization checks and directly assigns...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (=0.8.3-beta.1) +10 more potentially affected by CVE-2026-35663 via openclaw (>=2026.3.22 <=2026.3.24)

openclaw NPM version =2026.3.22, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.15.0 Source cves: CVE-2026-35663 Source advisory: SNYK:JS-OPENCLAW-15797938...

CVE-2026-4175

A vulnerability was determined in Aureus ERP up to 1.3.0-BETA2. The affected element is an unknown function of the file plugins/webkul/chatter/resources/views/filament/infolists/components/messages/content-text-entry.blade.php of the component Chatter Message Handler. Executing a manipulation of...

CVE-2026-1106 Chamilo LMS Legal Consent SocialController.php deleteLegal improper authorization

A security flaw has been discovered in Chamilo LMS up to 2.0.0 Beta 1. This issue affects the function deleteLegal of the file src/CoreBundle/Controller/SocialController.php of the component Legal Consent Handler. Performing a manipulation of the argument userId results in improper authorization...

CVE-2025-66308 Grav Admin Plugin vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/config/site` parameter `data[taxonomies]`

This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a Stored Cross-Site Scripting XSS vulnerability was identified in the /admin/config/site endpoint of the Grav application. This...

ZenTao多款产品 安全漏洞

ZenTao Biz and others are a project management software from the Chinese company ZenTao. A security vulnerability exists in several ZenTao products, which stems from insufficient validation of the parameter account in the file /zentao/user-login.html, which could lead to an SQL injection attack...

SuiteCRM 安全漏洞

SuiteCRM is a customer relationship management system from the SuiteCRM team. A security vulnerability exists in SuiteCRM versions 7.14.7 and earlier and 8.0.0-beta.1 through 8.9.0, which stems from a user session not being disabled when the account is deactivated, which could result in elevated...

CVE-2025-10751 MacForge 1.2.0 Beta 1 - Local Privilege Escalation

MacForge contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root.This issue affects MacForge: 1.2.0 Beta 1...

UBUNTU-CVE-2025-53538

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. In versions 7.0.10 and below and 8.0.0-beta1 through 8.0.0-rc1, mishandling of data on HTTP2 stream 0 can lead to uncontrolled memory usage, leading to loss of...

Zulip 跨站脚本漏洞

Zulip is a powerful open source group chat application from Zulip, Inc. for combining the immediacy of real-time chat with the productivity benefits of threaded conversations. A security vulnerability exists in Zulip version 7.0-beta1, 7.0-beta2, which stems from a problem with the tooltip of the...

PT-2023-24203 · Unknown · Zulip Server

Name of the Vulnerable Software and Affected Versions: Zulip Server versions 7.0-beta1 through 7.0-beta2 and the main development branch from May 2, 2023 and later Description: The issue is related to a cross-site scripting vulnerability in tooltips on the message feed. An attacker who can send...

kubernetes-client: Insecure deserialization in unmarshalYaml method

A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privileged attacker to supply malicious YAML...

SUSE CVE-2010-3399

The jsInitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a context pointer in conjunction with its successor pointer for seeding of a random number generator, which makes it easier for remote attackers to guess th...

kubernetes-client: Insecure deserialization in unmarshalYaml method

A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privileged attacker to supply malicious YAML...

PT-2021-10508 · Baigo Cms · Baigo Cms

Name of the Vulnerable Software and Affected Versions: baigo CMS version 4.0-beta-1 Description: A cross-site scripting issue allows attackers to execute arbitrary web scripts or HTML via the post parameter to the "/public/console/profile/info-submit/" API endpoint. Recommendations: For baigo CMS...

Cross-site Scripting (XSS)

Overview org.jboss.resteasy:resteasy-jaxrs is a JCP specification that provides a Java API for RESTful Web Services over the HTTP protocol. Affected versions of this package are vulnerable to Cross-site Scripting XSS. It did not properly handle URL encoding when the RESTEASY003870 exception occur...