PT-2026-32572

Name of the Vulnerable Software and Affected Versions Emissary versions prior to 8.42.0 Description A framework-level defect in the Executrix.getCommand function allows for arbitrary OS command execution in the JVM security context. The issue occurs because the function constructs shell commands ...

Payload 授权问题漏洞

Payload is a headless CMS and application framework built using TypeScript, Node.js, React, and MongoDB. Versions of Payload prior to 3.79.1 have a security vulnerability related to authorization processes. This vulnerability stems from defects in the password recovery mechanism, which may allow...

CVE-2026-34553

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a defect in LUT dump/iteration logic affecting CIccCLUT::Iterate and output produced by CIccMBB::Describe via CLUT dumping. This issue has been patched in version 2.3.1....

EUVD-2026-17718

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a defect in LUT dump/iteration logic affecting CIccCLUT::Iterate and output produced by CIccMBB::Describe via CLUT dumping. This issue has been patched in version 2.3.1....

CVE-2026-34553

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a defect in LUT dump/iteration logic affecting CIccCLUT::Iterate and output produced by CIccMBB::Describe via CLUT dumping. This issue has been patched in version 2.3.1....

CVE-2026-34218

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to version 4.2.14, two related startup defects created a window during which only the single compile-time baseline rule was enforced by opfilter. All managed MDM-delivered and user-defined...

NewStart CGSL MAIN 7.02 : python3.11 Vulnerability (NS-SA-2026-0034)

The remote NewStart CGSL host, running version MAIN 7.02, has python3.11 packages installed that are affected by a vulnerability: - There is a defect in the CPython tarfile module affecting the TarFile extraction and entry enumeration APIs. The tar implementation would process tar archives with...

PYSEC-2026-27

Briefcase is a tool for converting a Python project into a standalone native application. Starting in version 0.3.0 and prior to version 0.3.26, if a developer uses Briefcase to produce an Windows MSI installer for a project, and that project is installed for All Users i.e., per-machine scope, th...

Ory Kratos SQL注入漏洞

Ory Kratos is an open-source system developed by Ory, designed with developers in mind, featuring strong security measures and proven reliability. Prior to version 26.2.0, Ory Kratos had a SQL injection vulnerability. This vulnerability stemmed from defects in the pagination implementation, which...

Ory Keto SQL注入漏洞

Ory Keto is an open-source authorization server developed by Ory. Versions of Ory Keto prior to 26.2.0 contained a SQL injection vulnerability. This vulnerability stemmed from defects in the pagination implementation, which could lead to SQL injections...

Ory Hydra SQL注入漏洞

Ory Hydra is an OpenID connection tool developed by Ory. Versions of Ory Hydra prior to 26.2.0 had a SQL injection vulnerability. This vulnerability stemmed from defects in the pagination implementation, which could lead to SQL injections...

DesDev DedeCMS 安全漏洞

DesDev DedeCMS is an open-source content management system CMS developed by DesDev Corporation in China. It is built using PHP. This system offers functions such as content publishing, content management, content editing, and content retrieval. Versions of DesDev DedeCMS 5.7.118 and earlier conta...

Exploit for CVE-2002-0526

Local Exploits Various local exploits CVE-2020-7247 root...

NewStart CGSL MAIN 6.06 (SP) : glibc Multiple Vulnerabilities (NS-SA-2026-0027)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has glibc packages installed that are affected by multiple vulnerabilities: - The mqnotify function in the GNU C Library aka glibc versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object passed...

CVE-2026-23235

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix out-of-bounds access in sysfs attribute read/write Some f2fs sysfs attributes suffer from out-of-bounds memory access and incorrect handling of integer values whose size is not 4 bytes. For example: vm: echo 65537...

CVE-2026-27835 wger: IDOR in RepetitionsConfig and MaxRepetitionsConfig API leak other users' workout data

wger is a free, open-source workout and fitness manager. In versions up to and including 2.4, RepetitionsConfigViewSet and MaxRepetitionsConfigViewSet return all users' repetition config data because their getqueryset calls .all instead of filtering by the authenticated user. Any registered user...

Statamic 授权问题漏洞

Statamic is a powerful flat-file CMS built using Laravel by Statamic Inc. It allows for storing all content, templates, assets, and settings in files rather than in a database. Versions of Statamic prior to 6.3.3 and 5.73.10 contained authorization vulnerabilities due to defects in the password...

Cloud hypervisor 安全漏洞

Cloud Hypervisor is a virtual machine monitor developed by Cloud Hypervisor Company, designed for modern cloud workloads. Versions 34.0 to 50.0 of Cloud Hypervisor contain security vulnerabilities. These vulnerabilities stem from defects in the virtio-block device supported by original images,...

CLSA-2026-1771597308 Fix CVE(s): CVE-2025-15366

SECURITY UPDATE: defect in imaplib module, when passed a user-controlled command, commands can be injected using newlines - debian/patches/CVE-2025-15366.patch: Fix command injection by rejecting commands containing control characters - CVE-2025-15366...

rs-soroban-sdk 安全漏洞

rs-soroban-sdk is a Rust development toolkit open source by Stellar. Versions of rs-soroban-sdk prior to 22.0.10, 23.5.2, and 25.1.1 have security vulnerabilities. These vulnerabilities stem from defects in the contractimpl macro when it is called during connection functions, which may lead to...