Adobe Acrobat Reader 代码问题漏洞

Adobe Acrobat Reader is a PDF viewer developed by Adobe Inc. in the United States. This software is used for printing, signing, and annotating PDF documents. Versions of Adobe Acrobat Reader such as 24.001.30365, 26.001.21651, and earlier versions have code vulnerabilities. These vulnerabilities...

Adobe Campaign Classic 安全漏洞

Adobe Campaign Classic is a enterprise-level marketing automation and campaign management platform developed by Adobe Inc. Adobe Campaign Classic 7.4.3 build 9394 and earlier versions have a security vulnerability that stems from improper authorization, which may allow for the execution of...

Adobe Dreamweaver Desktop 缓冲区错误漏洞

Adobe Dreamweaver Desktop is a web design and development software provided by Adobe, a company based in America. Versions of Adobe Dreamweaver Desktop starting from 21.7 and earlier contain a buffer error vulnerability. This vulnerability stems from accessing uninitialized pointers, which may...

PT-2026-48269

Name of the Vulnerable Software and Affected Versions ColdFusion versions 2023.19 and earlier ColdFusion versions 2025.8 and earlier Description An incorrect authorization flaw allows a high-privileged attacker to achieve arbitrary code execution in the context of the current user. This issue...

PT-2026-48271

Name of the Vulnerable Software and Affected Versions ColdFusion versions 2023.19 through 2025.8 ColdFusion versions prior to 2025.8 Description Improper input validation allows for arbitrary code execution in the context of the current user. This issue can be exploited without requiring any user...

The Clock Is Already Ticking: Why Post-Quantum Cryptography Can’t Wait

There is a question I have been hearing more and more from CISOs, compliance officers, and security architects over the past year. It does not start with "we had a breach" or "we failed an audit." It starts with something that sounds almost philosophical: " Are we quantum-safe?" A year ago, that...

CVE-2026-8327

Concrete CMS below 9.5.0 and below is vulnerable to password change without reauthorization and session-hardening bypass. The user-profile edit controller passes the entire raw POST array to UserInfo::update without field whitelisting resulting in password change without requiring the current...

CVE-2026-34660

Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially...

CVE-2026-44798

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, a user with access to add/change a GitRepository record could use the REST API to directly set the currenthead field on the record, which was not intended to be user-editable. Doing so could cause...

[slackware-security] libinput

New libinput packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libinput-1.31.3-i586-1slack15.0.txz: Upgraded. This update fixes a security issue: libinput-device-group unescaped phys output can...

[slackware-security] net-tools

New net-tools packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/net-tools-201811030eebece-i586-4slack15.0.txz: Rebuilt. This update fixes a security issue: interface.c: Stack-based Buffer Overfl...

[slackware-security] tigervnc

New tigervnc packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: extra/tigervnc/tigervnc-1.16.2-i586-3slack15.0.txz: Rebuilt. Patched with fixes for the following xorg-server security issues: Font Alias Stack-based...

[slackware-security] httpd

New httpd packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/httpd-2.4.67-i586-2slack15.0.txz: Rebuilt. This update fixes "HTTP/2 Bomb", a resource exhaustion denial-of-service attack against...

CVE-2026-46257

In the Linux kernel, the following vulnerability has been resolved: clocksource/drivers/timer-sp804: Fix an Oops when readcurrenttimer is called on ARM32 platforms where the SP804 is not registered as the schedclock. On SP804, the delay timer shares the same clkevt instance with schedclock. On so...

EUVD-2026-34112

In the Linux kernel, the following vulnerability has been resolved: MIPS: Work around LLVM bug when gp is used as global register variable On MIPS, currentthreadinfo is defined as global register variable locating in $gp, and is simply assigned with new address during kernel relocation. This...

CVE-2026-10159 TRENDnet TEW-432BRP formSysLog stack-based overflow

A weakness has been identified in TRENDnet TEW-432BRP 3.10B20. Affected by this vulnerability is the function formSysLog of the file /goform/formSysLog. This manipulation of the argument currentpage causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been mad...

TRENDnet TEW-432BRP 安全漏洞

TRENDnet TEW-432BRP is a dual-band wireless router produced by TRENDnet Corporation. Version 3.10B20 of TRENDnet TEW-432BRP has a security vulnerability. This vulnerability stems from an operation on the currentpage parameter in the formSysLog function located in the file/goform/formSysLog,...

GCVE: A Decentralized Model for Vulnerability Identification, Publication, and Operational Enrichment

The Global CVE initiative GCVE proposes a decentralized, open, and extensible model for vulnerability identification, publication, and enrichment. It addresses a gap in today's vulnerability ecosystem: centralized systems provide rigorous control and widely recognized identifiers, while many...

CVE-2026-49130

Music Player Daemon MPD before version 0.24.11 contains a CRLF injection vulnerability in the xspfchardata function within the XSPF playlist plugin that allows attackers to embed literal CR/LF bytes in URI fields by supplying a malicious XSPF playlist with XML numeric character references...

EUVD-2018-21908

HaPe PKH 1.1 contains multiple SQL injection vulnerabilities in admin/media.php that allow attackers to manipulate database queries by injecting SQL code through the 'id' parameter. An unauthenticated attacker can exploit the desa module module=desa&act=hapus, while authenticated users can exploi...