XCharge C6 安全漏洞

XCharge C6 is a series of intelligent electric vehicle DC charging stations developed by the German company XCharge. The XCharge C6 has a security vulnerability, which stems from a stack-based buffer overflow in the signal processing logic. Attackers can exploit this vulnerability by physically...

PT-2026-44209

Name of the Vulnerable Software and Affected Versions GutenBee – Gutenberg Blocks versions prior to 2.20.2 Description The plugin is subject to arbitrary file upload due to a flawed substring check in the gutenbee file and ext json function. The strpos function only verifies if the filename...

Follet School Solutions Destiny 安全漏洞

Follet School Solutions Destiny is a school solution provided by Follet Corporation. Versions of Follet School Solutions Destiny prior to 22.0.1 AU1 contained security vulnerabilities. These vulnerabilities stemmed from a cross-site scripting vulnerability in the showSupportExpiredMessage paramet...

Zed 安全漏洞

Zed is a code editor developed by Zed Industries. Versions of Zed prior to 0.227.1 contained security vulnerabilities. These vulnerabilities stemmed from the lack of shell references or validations for environment variable keys during SSH/WSL remote command execution. This allowed attackers to...

Electerm 安全漏洞

Electerm is a SSH/SFTP client developed by ZXDong262 from China, based on Electron. Versions of Electerm 3.8.8 and earlier have security vulnerabilities. These vulnerabilities stem from the possibility of executing local PTY code when bookmarking or synchronizing targets involves injecting the ex...

CVE-2026-37266

An issue in Responsive File Manager Responsive FileManager Version 9.14.0 allows a remote attacker to execute arbitrary code via the forcedownload.php component...

Electerm 安全漏洞

Electerm is a SSH/SFTP client developed by ZXDong262 from China, based on Electron. Versions 3.0.6 to 3.8.8 of Electerm have security vulnerabilities, which stem from executing local code through Electerm’s single-instance socket...

Veeam Service Provider Console 安全漏洞

Veeam Service Provider Console is a cloud-enabled platform developed by the American company Veeam. There is a security vulnerability in Veeam Service Provider Console, which may lead to remote code execution...

CVE-2026-30761

An arbitrary file upload vulnerability in the pages/admin.uploadmapimg.php component of SourceBans Material Admin v1.1.6 allows attackers to execute arbitrary code via uploading a crafted image file...

PT-2026-44371

An issue in SMSGate sms-core=2.1.13.6 allows a remote attacker to execute arbitrary code via the Cmpp7FDeliverRequestMessageCodec.java component...

PT-2026-44370

An issue in Responsive File Manager Responsive FileManager Version 9.14.0 allows a remote attacker to execute arbitrary code via the force download.php component...

PT-2026-44724

Name of the Vulnerable Software and Affected Versions python311-dulwich versions prior to 1.2.5-1.1 Description Security issues were identified in the python311-dulwich package. Recommendations Update to version 1.2.5-1.1...

PT-2026-44561

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 148.0.7778.216 Description A use after free issue exists in WebAppInstalls. This occurs when a remote attacker convinces a user to perform specific UI gestures, allowing the execution of arbitrary code...

PT-2026-44499

A stack-based buffer overflow vulnerability in the charging controller’s signal-processing logic allows an attacker with physical access to the charging interface to supply message fields that exceed expected bounds. Because the input is not sufficiently validated, memory corruption may occur,...

CVE-2026-37266

An issue in Responsive File Manager Responsive FileManager Version 9.14.0 allows a remote attacker to execute arbitrary code via the forcedownload.php component...

PT-2026-44672

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue exists in the Bluetooth component of Google Chrome on Mac. This occurs when an attacker convinces a user to install a malicious extension, allowing the execution...

WordPress plugin Crawlomatic Multipage Scraper Post Generator 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

PT-2026-44389

Name of the Vulnerable Software and Affected Versions TinyMCE versions 6.8.0 through 7.0.x Description An XSS Cross-Site Scripting issue exists due to improper SVG namespace scope handling within the sanitizer. An attacker can use a crafted payload with nested elements to bypass attribute...

PT-2026-44552

Name of the Vulnerable Software and Affected Versions AnythingLLM versions prior to 1.13.0 Description The filesystem-search-files agent skill passes an LLM-controlled pattern parameter to ripgrep as a positional argument without a -- end-of-options separator. Because ripgrep parses any argument...

ALSA-2026:21756 Important: flatpak security update

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fixes: flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options CVE-2026-34078 flatpak: Flatpak: Arbitrary file deletion on host via improper cache file...