Linux Distros Unpatched Vulnerability : CVE-2026-9973

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds write in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.12 contained security vulnerabilities. These vulnerabilities stemmed from a permission escalation flaw in Slack plugin approval processes, allowing authorized users with exec...

Interinfo DreamMaker 代码问题漏洞

Interinfo DreamMaker is an application developed by Interinfo Corporation in China. Interinfo DreamMaker has a code vulnerability that stems from arbitrary file uploads. This vulnerability could allow unauthenticated remote attackers to upload and execute a Web shell backdoor, thereby enabling...

PT-2026-44980

Name of the Vulnerable Software and Affected Versions FastGPT versions prior to 4.15.0-beta1 Description The JavaScript sandbox worker fails to properly block dynamic import calls due to an insufficient regular expression. The regex /bimports/.testcode only accounts for ASCII whitespace and does...

TRENDnet TEW-432BRP 安全漏洞

TRENDnet TEW-432BRP is a dual-band wireless router produced by TRENDnet Corporation. Version 3.10B20 of TRENDnet TEW-432BRP contains a security vulnerability. This vulnerability stems from a stack buffer overflow in the parameter peerPin within the goform/formWPS file, which could allow remote...

Waterfall WF-500 操作系统命令注入漏洞

The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. The Waterfall WF-500 TX and RX Hosts 7.9.1.0 R2502171040 version contains an operating system command injection vulnerability. This...

PT-2026-44858

Falco Solutions PHPPageBuilder v0.31.0 contains an unrestricted file upload vulnerability in the pagemanager/pagebuilder module that allows remote attackers to upload arbitrary files and achieve remote code execution. The vulnerability exists due to insufficient validation of uploaded file types...

PT-2026-44831

Path traversal vulnerability in Remote Spark https://www.Remotespark.Com/ SparkView allows reading and writing arbitrary files in all directories as root. This leads to RCE. The affected component is the RDP drive redirection. Depending on implementation, the vulnerability can be exploited by an...

PT-2026-44939

Name of the Vulnerable Software and Affected Versions Trilium Notes versions prior to 0.102.2 Description A malicious ZIP archive imported with safe import enabled can lead to remote code execution RCE and cross-site scripting XSS. This occurs by combining a payload note type: code, mime:...

PT-2026-44962

Name of the Vulnerable Software and Affected Versions JetBrains IntelliJ IDEA versions prior to 2026.1 Description Code execution is possible through template injection within the Copyright plugin. Template injection occurs when untrusted input is embedded into a template and executed by the...

PT-2026-44816

Nozomi Networks Labs identified a CWE-125: Out-of-bounds Read in Waterfall WF-500 RX Host in version 7.10.0.0 R2601141040 that allows attackers with access to the TX Host to execute code on the RX Host...

Interinfo DreamMaker 代码问题漏洞

Interinfo DreamMaker is an application developed by Interinfo Corporation in China. Interinfo DreamMaker has a code vulnerability that stems from arbitrary file uploads. This vulnerability could allow a privileged remote attacker to upload and execute a Web shell backdoor, thereby enabling...

Dokploy 安全漏洞

Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy 0.26.6 and earlier contain security vulnerabilities. These vulnerabilities stem from command injection in the /docker-container-logs WebSocket endpoint. The tail and since parameters are concatenated directly into...

Dokploy 安全漏洞

Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy prior to 0.26.5 contain security vulnerabilities. These vulnerabilities stem from path traversal during the application deployment process, which allows authenticated users to write arbitrary files on the file...

CVE-2026-39276

The template upload feature in Emlog Pro v2.6.9 has a path traversal vulnerability, allowing authenticated administrators to execute arbitrary PHP code. By uploading a malicious ZIP archive containing directory traversal sequences in filenames, an attacker can overwrite default template files or...

PT-2026-45539

Name of the Vulnerable Software and Affected Versions Microsoft Office SharePoint affected versions not specified Description Deserialization of untrusted data allows an authorized attacker to execute arbitrary code over a network, which can affect the system. Deserialization is the process of...

Linux Distros Unpatched Vulnerability : CVE-2026-10013

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in WebCodecs in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML pag...

SUSE SLES15 / openSUSE 15 Security Update : samba (SUSE-SU-2026:2074-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2074-1 advisory. This update for samba fixes the following issues - CVE-2026-2340: vfsworm does not block directory modification...

RHEL 10 : flatpak (RHSA-2026:21757)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:21757 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fixes: flatpak: Flatpak:...

Linux Distros Unpatched Vulnerability : CVE-2026-9883

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Base in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security...