CVE-2024-41112

streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the palette variable in pages/1📷Timelapse.py takes user input, which is later used in the eval function on line 380, leading to remote code execution. Commit...

CVE-2024-41117

streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the visparams variable on line 115 in pages/10🌍EarthEngineDatasets.py takes user input, which is later used in the eval function on line 126, leading to remote...

CVE-2026-21851 MONAI has Path Traversal (Zip Slip) in NGC Private Bundle Download

MONAI Medical Open Network for AI is an AI toolkit for health care imaging. In versions up to and including 1.5.1, a Path Traversal Zip Slip vulnerability exists in MONAI's downloadfromngcprivate function. The function uses zipfile.ZipFile.extractall without path validation, while other similar...

CVE-2026-21854

CVE-2026-21854 affects the Tarkov Data Manager. The vulnerability is an authentication bypass in the login endpoint, enabling unauthenticated access to the admin panel via a JavaScript prototype property access vulnerability combined with loose equality type coercion. Affected are versions prior ...

PT-2026-2159

Name of the Vulnerable Software and Affected Versions OpenLDAP Lightning Memory-Mapped Database LMDB versions up to and including 0.9.14 Description The software contains a heap buffer underflow in the readline function of mdb load. Processing malformed input with an embedded NUL byte can cause a...

PT-2026-2104

Name of the Vulnerable Software and Affected Versions Tarkov Data Manager versions prior to commit 9bdb3a75a98a7047b6d70144eb1da1655d6992a8 Description The Tarkov Data Manager is a tool used to manage Tarkov item data. Prior to commit 9bdb3a75a98a7047b6d70144eb1da1655d6992a8, a time-based blind S...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000393)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000393 advisory. Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more th...

SUSE CVE-2025-67269

An integer underflow vulnerability exists in the nextstate function in gpsd/packet.c of gpsd versions prior to commit ffa1d6f40bca0b035fc7f5e563160ebb67199da7. When parsing a NAVCOM packet, the payload length is calculated using lexer-length = sizetc - 4 without checking if the input byte c is le...

CVE-2026-21484

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to commit e287fab56089cf8fcea9ba579a3ecdeca0daa313, the password recovery endpoint returns different error messages depending on whether a username exists, so enabling...

CVE-2026-21484 AnythingLLM Vulnerable to Username Enumeration w/ Password Recovery

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to commit e287fab56089cf8fcea9ba579a3ecdeca0daa313, the password recovery endpoint returns different error messages depending on whether a username exists, so enabling...

CVE-2026-21484 AnythingLLM Vulnerable to Username Enumeration w/ Password Recovery

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to commit e287fab56089cf8fcea9ba579a3ecdeca0daa313, the password recovery endpoint returns different error messages depending on whether a username exists, so enabling...

CVE-2026-21484 AnythingLLM Vulnerable to Username Enumeration w/ Password Recovery

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to commit e287fab56089cf8fcea9ba579a3ecdeca0daa313, the password recovery endpoint returns different error messages depending on whether a username exists, so enabling...

Exploit for Out-of-bounds Write in Google Chrome

CVE-2025-14174 Analysis: ANGLE Metal Staging Buffer Out-of-Bou...

CVE-2025-67268

gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/drivernmea2000.c file. The hnd129540 function, which handles NMEA2000 PGN 129540 GNSS Satellites in View packets, fails to validate the user-supplied satellite count against the size of the skyview...

PT-2026-6123

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a deadlock issue involving NFSv4.1 state recovery. The deadlock occurs when kthreadd attempts to reclaim memory by calling the nfs release folio function, which...

CVE-2025-34468

libcoap versions up to and including 4.3.5, prior to commit 30db3ea, contain a stack-based buffer overflow in address resolution when attacker-controlled hostname data is copied into a fixed 256-byte stack buffer without proper bounds checking. A remote attacker can trigger a crash and potentiall...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993031)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993031 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: unset reloc control if transaction commit fails in preparetorelocate In...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992944)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992944 advisory. In the Linux kernel, the following vulnerability has been resolved: jbd2: fix assertion 'jh-bfrozendata == NULL' failure when journal aborted Following process will...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992758)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992758 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null check for toppipetoprogram in commitplanesforstream This commit address...

EUVD-2023-60422

In the Linux kernel, the following vulnerability has been resolved: Revert "IB/isert: Fix incorrect release of isert connection" Commit: 699826f4e30a "IB/isert: Fix incorrect release of isert connection" is causing problems on OPA when DEVICEREMOVAL is happening. ------------ cut here -----------...