CVE-2026-26378

Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via file upload function in Invoice features...

Synology Hyper Backup Explorer 安全漏洞

Synology Hyper Backup Explorer is a backup file viewing tool developed by Synology, a Chinese company, for browsing, retrieving, and restoring backup version data. Versions of Synology Hyper Backup Explorer prior to 3.0.1-0156 contained security vulnerabilities. These vulnerabilities stemmed from...

Moonshot AI Kimi AI 安全漏洞

Moonshot AI Kimi AI is an artificial intelligence assistant developed by the company Moonshot AI. It features long-text comprehension, multi-modal interaction, intelligent search capabilities, and agent functions. Version 1.0 of Moonshot AI Kimi AI contains a security vulnerability. This...

Koha 安全漏洞

Koha is a library automation management system developed by the Koha organization. Versions of Koha prior to 25.11 contained security vulnerabilities, which originated from the Z39.50 configuration module. These vulnerabilities could allow remote attackers to execute arbitrary code...

📄 MCPJam Inspector 1.4.2 Command Injection

This is an advanced Python proof of concept for CVE-2026-23744 demonstrating command injection through a vulnerable MCP API endpoint, leading to remote code execution and reverse shell access. The script supports multiple payload types, endpoint discovery, listener management, and several...

AlmaLinux 8 : samba (ALSA-2026:22644)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:22644 advisory. samba: group policy certificate enrollment uses without validation CVE-2026-3012 samba: Samba: Remote Code Execution in printing subsystem via unescaped...

ALSA-2026:22963 Critical: samba security update

Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fixes: samba: Missing access check on reparse point operations...

RockyLinux 10 : python3.12 (RLSA-2026:19064)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19064 advisory. expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing CVE-2025-59375...

PT-2026-46103

Impact In versions = 2.82.0, 2.91.0, if the HTML backend was explicitly configured for rendering rendering option by default deactivated, then the Playwright-based rendering feature could allow JavaScript execution and unrestricted network access when processing untrusted HTML documents. An...

ROS-20260603-73-0003

The vulnerability in rubygem-activestorage relates to insufficient checking of the intentions by the recipient of the broadcast message. Exploiting this vulnerability allows a perpetrator to execute arbitrary code...

Hugging Face Transformers 安全漏洞

Hugging Face Transformers is an open-source framework developed by Hugging Face for defining state-of-the-art machine learning models. It covers text, visual, audio, and multimodal models, and can be used for both inference and training. Version 5.2.0 of Hugging Face Transformers contains a...

PT-2026-46094

Impact In versions 2.91.0, The EasyOCR model download functionality extracted ZIP archives without validating member paths, enabling Zip Slip attacks. If an attacker could compromise the model download source via supply chain attack, DNS spoofing, or MITM, they could write arbitrary files to any...

PT-2026-46085

When using React Router v7 in Framework Mode, there exists a combination of steps that could potentially allow unauthorized RCE through external requests. This first requires the application code to have an existing prototype pollution vulnerability. This can be leveraged into a 2-step attack in...

PT-2026-46908

Name of the Vulnerable Software and Affected Versions Joomla JCE Editor versions 1.0.0 through 2.9.99.4 Description Improper access control in the JCE editor extension for Joomla allows unauthenticated users to create new editor profiles. This flaw enables the upload and execution of arbitrary PH...

PT-2026-45898

Name of the Vulnerable Software and Affected Versions SourceCodester Pizzafy E-Commerce System version 1.0 Description An SQL injection issue exists in the Administrative Control Panel component. The Login function within the /admin/admin class novo.php file is susceptible to remote attacks throu...

PT-2026-45928

An inclusion of functionality from untrusted control sphere vulnerability in MinGW DLL component in Synology Hyper Backup Explorer before 3.0.1-0156 allows local users to execute arbitrary code via unspecified vectors...

EUVD-2026-34098

A DLL hijacking vulnerability in Wassimulator GitHub CactusViewer v2.3.0 allows attackers to escalate privileges and execute arbitrary code via a crafted DLL...

PT-2026-45952

Name of the Vulnerable Software and Affected Versions CactusViewer version 2.3.0 Description A DLL hijacking issue in CactusViewer allows attackers to escalate privileges and execute arbitrary code by using a crafted DLL. DLL hijacking is a technique where an application is tricked into loading a...

CVE-2026-36574

A DLL hijacking vulnerability in Wassimulator GitHub CactusViewer v2.3.0 allows attackers to escalate privileges and execute arbitrary code via a crafted DLL...

PT-2026-46005

Name of the Vulnerable Software and Affected Versions Kimi AI version 1.0 Description A Cross Site Scripting issue exists in the 'Preview' feature of the web interface. The application does not properly sanitize or encode HTML or JavaScript payloads produced by the AI model. When a user accesses...