CVE-2026-10273

Affected software: php-censor (up to 2.1.6). The vulnerability is in the Webhook Endpoint, specifically the file src/Model/Build/GitBuild.php, where manipulating the commitId argument can lead to operating system command injection. Impact is remote: attacker can exploit over the network. The expl...

CVE-2024-40646

Vertex is a management tool for PT (Private Tracker) users. CVE-2024-40646 describes a path traversal vulnerability in Vertex versions prior to commit fbde301b97986d5913fc4bc95f5445750d282e11. A patch is included in versions containing that commit; upgrading to that version mitigates the issue. C...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

A heap out-of-bounds write vulnerability in the Linux Kernel Performance Events perf component of the Linux kernel can be exploited to achieve local privilege escalation. If the perfreadgroup function is called when the siblinglist of an event is smaller than that of its child, it may increment o...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013247)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013247 advisory. Two memory leaks in the mwifiexpcieinitevtring function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a...

CVE-2026-40164

jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784, jq used MurmurHash3 with a hardcoded, publicly visible seed 0x432A9843 for all JSON object hash table operations, which allowed an attacker to precompute key collisions offline. By supplying a crafted JSO...

GHSA-XGF2-VXV2-RRMG OpenClaw's shell startup env injection bypasses system.run allowlist intent (RCE class)

Summary system.run environment sanitization allowed shell-startup env overrides HOME, ZDOTDIR that can execute attacker-controlled startup files before allowlist-evaluated command bodies. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.2.22 Technical Details In affected...

PT-2025-45586

A vulnerability was identified in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. This issue affects the function GlobalResult of the file src/main/java/com/rymcu/forest/web/api/bank/BankController.java. The manipulation leads to missing authorization. The attack may be initiated...

EUVD-2025-34813

An arbitrary file upload vulnerability in SageMath, Inc CoCalc before commit 0d2ff58 allows attackers to execute arbitrary code via uploading a crafted SVG file...

Linux Distros Unpatched Vulnerability : CVE-2023-46566

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer Overflow vulnerability in msoulier tftpy commit 467017b844bf6e31745138a30e2509145b0c529c allows a remote attacker to cause a denial of service via the...

CVE-2025-5878

A vulnerability was found in ESAPI esapi-java-legacy and classified as problematic. This issue affects the interface Encoder.encodeForSQL of the SQL Injection Defense. An attack leads to an improper neutralization of special elements. The attack may be initiated remotely and an exploit has been...

CVE-2025-5878 ESAPI esapi-java-legacy SQL Injection Defense Encoder.encodeForSQL special element

A vulnerability was found in ESAPI esapi-java-legacy and classified as problematic. This issue affects the interface Encoder.encodeForSQL of the SQL Injection Defense. An attack leads to an improper neutralization of special elements. The attack may be initiated remotely and an exploit has been...

CVE-2024-4286

Mintplex-Labs' anything-llm application is vulnerable to improper neutralization of special elements used in an expression language statement, identified in the commit id 57984fa85c31988b2eff429adfc654c46e0c342a. The vulnerability arises from the application's handling of user modifications by...

CVE-2024-4286 Improper Neutralization of Special Elements in mintplex-labs/anything-llm

Mintplex-Labs' anything-llm application is vulnerable to improper neutralization of special elements used in an expression language statement, identified in the commit id 57984fa85c31988b2eff429adfc654c46e0c342a. The vulnerability arises from the application's handling of user modifications by...

PT-2024-13757 · Wwbn · Avideo

Name of the Vulnerable Software and Affected Versions: WWBN AVideo dev master commit 15fed957fb Description: An insufficient entropy issue exists in the userRecoverPass.php recoverPass generation functionality. This can be exploited by sending a specially crafted HTTP request, potentially leading...

GHSA-5W96-866F-6RM8 TensorFlow has Floating Point Exception in TFLite in conv kernel

Impact Constructing a tflite model with a paramater filterinputchannel of less than 1 gives a FPE. Patches We have patched the issue in GitHub commit 34f8368c535253f5c9cb3a303297743b62442aaa. The fix will be included in TensorFlow 2.12. We will also cherrypick this commit on TensorFlow 2.11.1. Fo...

GSD-2023-1002421 net: USB: Fix wrong-direction WARNING in plusb.c

net: USB: Fix wrong-direction WARNING in plusb.c This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.306 by commit...

CVE-2023-26033

Gentoo soko is the code that powers packages.gentoo.org. Versions prior to 1.0.1 are vulnerable to SQL Injection, leading to a Denial of Service. If the user selects in user preferences the "Recently Visited Packages" view for the index page, the value of the searchhistory cookie is used as a...

Sql injection

Gentoo soko is the code that powers packages.gentoo.org. Versions prior to 1.0.1 are vulnerable to SQL Injection, leading to a Denial of Service. If the user selects in user preferences the "Recently Visited Packages" view for the index page, the value of the searchhistory cookie is used as a...

Improper access control

Improper access control in the Crypto API Toolkit for IntelR SGX before version 2.0 commit ID 91ee496 may allow an authenticated user to potentially enable escalation of privilege via local access...

vSphere_selfuse 安全漏洞

vSphereselfuse is a vSphere automation attempt project by Henry Sun Personal Developer. A security vulnerability exists in vSphereselfuse commit number: 2a9fe074a64f6a0dd8ac02f21e2f10d66cac5749, which stems from the fact that it allows an attacker to execute a backdoor through the code of a reque...