[SECURITY] Fedora 44 Update: rust-sequoia-git-0.6.0-2.fc44

A tool for managing and enforcing a commit signing policy...

CVE-2026-37430

An arbitrary file upload vulnerability in the ShopOrderImportController.java component of qihang-wms commit 75c15a allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2024-55045

Firmament-Autopilot FMT-Firmware commit de5aec was discovered to contain a buffer overflow via the taskmavobcentry function at /comm/taskcomm.c...

CVE-2026-41576

Brave CMS is an open-source CMS. Prior to commit 6c56603, the contact form is publicly accessible no authentication required. User-supplied message text is passed through PHP's nl2br function, which converts newlines to tags but does not escape HTML. The resulting string is then passed to a Blade...

EUVD-2024-55580

Firmament-Autopilot FMT-Firmware commit de5aec was discovered to contain a buffer overflow via the taskmavobcentry function at /comm/taskcomm.c...

CVE-2026-37430

An arbitrary file upload vulnerability in the ShopOrderImportController.java component of qihang-wms commit 75c15a allows attackers to execute arbitrary code via uploading a crafted file...

BIT-MONGODB-2025-14345 Cross-Shard Failovers May Lead to Partial Transaction Commit in MongoDB Server

A post-authentication flaw in the network two-phase commit protocol used for cross-shard transactions in MongoDB Server may lead to logical data inconsistencies under specific conditions which are not predictable and exist for a very short period of time. This error can cause the transaction...

CVE-2024-55045

CVE-2024-55045 concerns Firmament-Autopilot’s FMT-Firmware. A buffer overflow is triggered by the function task_mavobc_entry in /comm/task_comm.c due to commit de5aec . This CVE entry, documented across multiple sources, identifies a potential network-accessible issue with low to moderate impact ...

CVE-2024-55045

Firmament-Autopilot FMT-Firmware commit de5aec was discovered to contain a buffer overflow via the taskmavobcentry function at /comm/taskcomm.c...

CVE-2026-37430

An arbitrary file upload vulnerability in the ShopOrderImportController.java component of qihang-wms commit 75c15a allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2026-37430

The vulnerability CVE-2026-37430 affects the qihang-wms project, specifically the ShopOrderImportController.java component (commit 75c15a). An arbitrary file upload flaw allows an attacker to execute arbitrary code by uploading a crafted file. The reported CVSS v3.1 base score is 7.3 (HIGH) with ...

CVE-2025-28344

CVE-2025-28344 affects striso-control-firmware version 54c9722 . The vulnerability is a buffer overflow in the function AuxJack that can impact availability. CVSS:3.1 vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (base score 7.5, HIGH). Connected entries (EUVD-2025-209826, NVD, CVE record e...

PT-2026-40629

Name of the Vulnerable Software and Affected Versions Firmament-Autopilot FMT-Firmware commit de5aec Description A buffer overflow exists in the task mavobc entry function located at /comm/task comm.c. A buffer overflow occurs when a program writes more data to a block of memory, or buffer, than ...

PT-2026-40606

An arbitrary file upload vulnerability in the ShopOrderImportController.java component of qihang-wms commit 75c15a allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2026-37430

An arbitrary file upload vulnerability in the ShopOrderImportController.java component of qihang-wms commit 75c15a allows attackers to execute arbitrary code via uploading a crafted file...

Code-Centric Detection of Vulnerability-Fixing Commits: A Unified Benchmark and Empirical Study

Automated detection of vulnerability-fixing commits VFCs is critical for timely security patch deployment, as advisory databases lag patch releases by a median of 25 days and many fixes never receive advisories. We present a comprehensive evaluation of code language model based VFC detection...

CVE-2026-37428

qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysDeptMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII...

CVE-2026-37430

An arbitrary file upload vulnerability in the ShopOrderImportController.java component of qihang-wms commit 75c15a allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2026-42046

libcaca is a colour ASCII art library. In 0.99.beta20 and earlier, an integer overflow vulnerability in libcaca's canvas import functionality allows an attacker to cause a controlled heap out-of-bounds write heap overflow by supplying a crafted file in the "caca" format. Depending on the build...

CVE-2026-45222

Summarize versions through 0.14.1, fixed in commit 0cfb0fb, creates the daemon configuration directory and file with default filesystem permissions that may be world-readable on Unix-like systems, allowing local attackers to read bearer tokens and API credentials stored in /.summarize/daemon.json...