CVE-2026-3495

CVE-2026-3495 affects Mattermost versions 11.5.x up to 11.5.1 and 10.11.x up to 10.11.13. The root cause is failure to escape certain variables during error page composition, enabling an attacker with access to edit site configuration to inject JavaScript and execute malicious code. The connected...

EUVD-2026-30742

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to escape some variables that could contain malicious content during error page composition which allows an attacker with access to edit some site configuration to execute some malicious code via injecting some JS as part of those...

CVE-2026-3495

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to escape some variables that could contain malicious content during error page composition which allows an attacker with access to edit some site configuration to execute some malicious code via injecting some JS as part of those...

@ai-sdk/provider-utils has an Uncontrolled Resource Consumption issue

A vulnerability was determined in Vercel AI up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource consumption. The...

CVE-2025-56352

CVE-2025-56352 affects the tinyMQTT broker. When processing a CONNECT packet with a zero-length Client ID and CleanSession=0, the broker returns CONNACK 0x02 (Identifier Rejected) but fails to explicitly close the TCP connection, leaving the socket open. Repeated invalid CONNECT attempts can exha...

Mattermost 跨站脚本漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier 11.5.x series as well as 10.11.13 and earlier 10.11.x series have a cross-site scripting vulnerability. This vulnerability arises from variables that...

PT-2026-41641

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to escape some variables that could contain malicious content during error page composition which allows an attacker with access to edit some site configuration to execute some malicious code via injecting some JS as part of those...

amf 缓冲区错误漏洞

AMF is an open-source library under the Apache License, developed by Free5GC. Versions of AMF such as 2.1.3-dev and earlier contain a buffer error vulnerability. This vulnerability arises from the operation of the NGSetupRequest function in the ngap/handler.go file, which leads to memory corrupti...

amf 缓冲区错误漏洞

AMF is an open-source library under the Apache License, developed by Free5GC. Versions of AMF such as 2.1.3-dev and earlier contain a buffer error vulnerability. This vulnerability stems from unknown functions in the ngap/dispatcher.go file within the NGAP Message Handler component, which can lea...

PT-2026-41779

Name of the Vulnerable Software and Affected Versions NiceGUI versions prior to 3.12.0 Description Two FastAPI routes used for serving per-component static assets accept a sub-path parameter that can resolve to a directory instead of a file. When a request resolves to a directory, it triggers an...

PT-2026-41686

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A malicious input file can cause an out-of-bounds read of a single byte when writing an IPTC output file. An out-of-bounds read occurs when a program reads data...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: undertow (UTSA-2026-021479)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021479 advisory. A flaw was found in Undertow. Servlets using a method that calls HttpServletRequestImpl.getParameterNames can cause an OutOfMemoryError when the client sends a reque...

NetBSD 输入验证错误漏洞

NetBSD is an open-source Unix-like operating system developed by the NetBSD Foundation. Prior to version ec8451, there was a vulnerability related to input validation. This vulnerability stemmed from the fact that the local variable iovlen was declared as a signed integer in the cryptodevop...

PT-2026-41800

Name of the Vulnerable Software and Affected Versions iskorotkov/avro versions prior to 2.33.0 github.com/hamba/avro/v2 versions prior to 2.32.0 Description Remote, unauthenticated denial-of-service occurs due to CPU exhaustion in the Avro array and map decoders. The issue arises because the...

Alibaba Cloud Linux 3 : 0113: python3 (ALINUX3-SA-2026:0113)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0113 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-4786: Mitgation ofCVE-2026-4519 w...

CVE-2026-8769

CVE-2026-8769 affects vercel ai up to 3.0.97, specifically the provider-utils file response-handler.ts (functions createJsonResponseHandler and createJsonErrorResponseHandler). The issue enables resource consumption that can be triggered remotely; exploit publicly disclosed. Details on affected v...

[SECURITY] [DSA 6279-1] redis security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6279-1 [email protected] https://www.debian.org/security/ Aron Xu May 17, 2026 https://www.debian.org/security/faq - -------------------------------------------------------------------------...

CVE-2026-8738

Sanluan PublicCMS 5.202506.d contains a vulnerability affecting the Trade payment flow. Specifically, the methods TradeOrderController.pay, TradePaymentController.pay, and AccountGatewayComponent.pay in the publiccms-trade module are affected, with the root cause described as a business logic man...

Debian dsa-6279 : redis - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6279 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6279-1 [email protected]...

PT-2026-41524

A security vulnerability has been detected in Sanluan PublicCMS 5.202506.d. Impacted is the function TradeOrderController.pay/TradePaymentController.pay/AccountGatewayComponent.pay of the file publiccms-trade/src/main/java/com/publiccms/controller/web/trade/TradeOrderController.java of the...