CVE-2026-38807

Insecure Permissions vulnerability in kvf-admin v1.0.0 allows a remote attacker to escalate privileges via the UserController.java component...

CVE-2026-38807

Insecure Permissions vulnerability in kvf-admin v1.0.0 allows a remote attacker to escalate privileges via the UserController.java component...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a failure in the spisetup function during spi device registration, resulting in the controller...

IBM Controller 信任管理问题漏洞

IBM Controller is a web-based financial consolidation tool developed by the American multinational company International Business Machines IBM. Versions 11.0.1, 11.1.0, 11.1.1, and 11.1.2 of IBM Controller contain vulnerabilities related to trust management. These vulnerabilities stem from the us...

PT-2026-44013

Name of the Vulnerable Software and Affected Versions Jenkins Email Extension Plugin versions prior to 1933.v45cec755423f Description The plugin allows inlining images as base64 in email content by setting the data-inline attribute. Because there are no restrictions on the image URLs that can be...

PT-2026-43863

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the SPI subsystem of the Linux kernel. The subsystem frees the controller and any allocated driver data during deregistration, unless the allocation is...

CVE-2026-9580 JeecgBoot selectDepart LoginController.selectDepart access control

A vulnerability was determined in JeecgBoot up to 3.9.1. The affected element is the function LoginController.selectDepart of the file /sys/selectDepart. This manipulation causes improper access controls. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and m...

kernel: can: raw: fix ro->uniq use-after-free in raw_rcv()

A flaw was found in the Linux kernel's Controller Area Network CAN raw socket implementation. A use-after-free vulnerability can occur due to a timing window during the unregistration of CAN receive filters, allowing a freed memory region to be accessed. This could lead to system instability or a...

CVE-2026-9518

The vulnerability CVE-2026-9518 affects hemant6488’s CodeIgniter-StudentManagementSystem, specifically the Students Controller function addStudent in view_students.php. The issue is cross site scripting caused by manipulating the Name argument, enabling remote exploitation. Documents indicate the...

Snipe-IT 安全漏洞

Snipe-IT is a set of open-source IT asset/license management systems developed by Grokability. Versions of Snipe-IT prior to 8.4.1 contained security vulnerabilities. These vulnerabilities stemmed from the API controller, which only removed the superuser key from the permission array, potentially...

kavita 访问控制错误漏洞

Kavita is a fast and feature-rich cross-platform reading server developed by Kavita OpenSource. Versions of Kavita prior to 0.9.0 contained an access control vulnerability. This vulnerability stemmed from the ReaderController.GetImage endpoint, which allowed completely unauthenticated access,...

UBUNTU-CVE-2026-3238

Denial of service against AD DC WINS server...

Student Management System 代码注入漏洞

Student Management System is a student management system developed by Krishanmurariji. There is a code injection vulnerability in Student Management System. This vulnerability stems from improper handling of the Name parameter in the addStudent function of the Students Controller component, which...

CVE-2026-3238

Denial of service against AD DC WINS server...

FuzzPilot: Plateau-Triggered Recipe Validation for Structured Text Fuzzing

FuzzPilot is a controller for AFL++ that moves expensive reasoning out of the mutation hot path. When coverage plateaus, it snapshots the corpus, prepares candidate mutation recipes, evaluates them in short isolated AFL++ micro-campaigns, and promotes only recipes with positive validation reward...

CVE-2026-46680 vulnerabilities

Vulnerabilities for packages: helm-push, helm-operator, docker-cli-buildx, kots, skaffold, eksctl, spegel, dagger, opa-envoy, envoy-gateway, newrelic-infrastructure-agent, headlamp, cluster-api-helm-controller, kubescape, k8sgpt, grype, kargo, containerd, syft, opa, helm-mapkubeapis, k3s,...

GHSA-FQW6-GF59-QR4W vulnerabilities

Vulnerabilities for packages: helm-push, helm-operator, docker-cli-buildx, kots, skaffold, eksctl, spegel, dagger, opa-envoy, envoy-gateway, newrelic-infrastructure-agent, headlamp, cluster-api-helm-controller, kubescape, k8sgpt, grype, kargo, containerd, syft, opa, helm-mapkubeapis, k3s,...

CVE-2026-46680 vulnerabilities

Vulnerabilities for packages: trivy, kubescape, cluster-api-helm-controller, helm-mapkubeapis, amazon-ecs-agent, grype-fips, opa, gitlab-rails-ce-fips, fuse-overlayfs-snapshotter, k8sgpt, grype, steampipe, buildkitd, spegel-fips, kube-mgmt-fips, cloudbeat-fips, packer-fips, envoy-gateway-fips,...

EUVD-2026-31369

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file star. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonatan Dror...

CVE-2026-7882

Summary: Concrete CMS 9.5.0 and earlier is vulnerable to unauthorized file deletion due to an inverted CSRF token check in the DeleteFile controller. The code treats a valid token as an error and proceeds with deletion when the token is invalid or missing, effectively disabling CSRF protection fo...