PT-2026-40463

ChurchCRM is an open-source church management system. From 7.2.0 to 7.2.2, The fix for CVE-2026-4058 is incomplete. The hardening commit was merged and then silently stripped from src/api/routes/public/public-user.php by an unrelated PR before any 7.2.x tag was cut. Every shipped 7.2.x release...

CVE-2026-7714 crocodilestick Calibre-Web-Automated Admin Endpoint cwa_functions.py missing authentication

A flaw has been found in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this issue is some unknown functionality of the file cps/cwafunctions.py of the component Admin Endpoint. This manipulation causes missing authentication. It is possible to initiate the attack remotely. The...

Astra Linux - уязвимость в firefox

In some cases, JIT-compiled code might have dereferenced a wild pointer value. This could lead to a exploitable crash. This vulnerability affects Firefox versions earlier than 122...

Astra Linux - уязвимость в unbound

Before version 1.9.5, Unbound allowed assertion failures due to a compressed name in dnamepktcopy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, an ongoing Unbound installation cannot be exploited remotely or locally...

Astra Linux - уязвимость в thunderbird

Unexpected data returned from the Safe Browsing API could lead to memory corruption and potentially exploitable crashes. This vulnerability affects Thunderbird 102.10 and Firefox ESR 102.10...

Astra Linux - уязвимость в firefox, thunderbird

An error in the ECMA-262 specification related to Async Generators could lead to a type confusion, potentially causing memory corruption and an exploitable crash. This vulnerability affects Firefox 128, Firefox ESR 115.13, Thunderbird 115.13, and Thunderbird 128...

Astra Linux - уязвимость в firefox

When manipulating the selection node cache, an attacker may have been able to cause unexpected behavior, potentially leading to a exploitable crash. This vulnerability affects Firefox versions earlier than 131.0.3...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

A vulnerability, classified as problematic, has been identified in the Linux kernel. This issue affects the function nilfsattachlogwriter in the file fs/nilfs2/segment.c of the BPF component. The manipulation leading to this issue results in a memory leak. The attack can be initiated remotely. It...

Astra Linux - уязвимость в firefox, thunderbird

It was possible to cause the use of a MessagePort after it had already been freed, which could potentially lead to an exploitable crash. This vulnerability affects Firefox 120, Firefox ESR 115.5.0, and Thunderbird 115.5...

Astra Linux - уязвимость в firefox, thunderbird

Uninitialized memory in a canvas object could have led to an incorrect free operation, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 78.13, Thunderbird 91, Firefox ESR 78.13, and Firefox 91...

Astra Linux - уязвимость в firefox, thunderbird

Session history navigations may have led to a use-after-free condition, potentially causing exploitable crashes. This vulnerability affects Firefox 102, Firefox ESR 91.11, Thunderbird 102, and Thunderbird 91.11...

CVE-2026-7675

A vulnerability has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. Impacted is the function startlan of the file /apply.cgi. The manipulation of the argument Channel/ApCliSsid leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been...

Imagination Graphics DDK 资源管理错误漏洞

Imagination Graphics DDK is a suite of GPU driver tools from Imagination UK. The Imagination Graphics DDK suffers from a Resource Management Error vulnerability that originates when WebGPU content is loaded into the GPU GLES rendering process triggering a write-release-after-reuse crash, which...

CVE-2026-7228

A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is the function getcartcount of the file /admin/ajax.php?action=getcartcount. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has be...

CVE-2026-7029

A weakness has been identified in Tenda F456 1.0.0.5. The impacted element is the function fromaddressNat of the file /goform/addressNat. Executing a manipulation of the argument menufacturer/Go can lead to buffer overflow. The attack may be performed from remote. The exploit has been made...

PT-2026-35272

Name of the Vulnerable Software and Affected Versions BidingCC BuildingAI versions prior to 26.0.2 Description The Remote Upload API contains a server-side request forgery SSRF issue. This occurs when the uploadRemoteFile function in the...

OESA-2026-2025 openjpeg2 security update

OpenJPEG is an open-source JPEG 2000 codec written in C language. It has been developed in order to promote the use of JPEG 2000, a still-image compression standard from the Joint Photographic Experts Group JPEG. Since April 2015, it is officially recognized by ISO/IEC and ITU-T as a JPEG 2000...

EUVD-2026-23813

A vulnerability was identified in BichitroGan ISP Billing Software 2025.3.20. This affects an unknown function of the file /?\route=customers/edit/ of the component Customer Handler. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit is publicly...

CVE-2025-8095

The OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform. It has been identified as cryptographically weak and unsuitable for stored encodings and enterprise applications. OECH1 encodings should be considered exploitable and immediately replaced by any other...

What Is Threat Exposure Management? A Complete Guide

Most security teams can tell you how many vulnerabilities they found last quarter. Very few can tell you which of those vulnerabilities an attacker could actually exploit to breach a critical system. That gap between "found" and "actually dangerous" is the problem threat exposure management was...