Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from not considering ParseQuery’s limitation on the total number of query parameters. Thi...

PT-2026-38568

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The Dial and LookupPort functions panic on Windows when they receive an input containing a NUL 0 character. A panic is a runtime error that causes the program to...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the GetSession function. An attacker can access sensitive SSH session data belonging to other tenants by providing a valid session UID and authenticating with any user account...

Timing Attack

Overview pyquorum is a Cryptographic library for secret sharing and key management, powered by Rust Affected versions of this package are vulnerable to Timing Attack via mulmod function implements multiplication via a binary expansion loop whose execution time depends on the Hamming weight of the...

CVE-2026-43207

A flaw was found in the Linux kernel's mtk-mdp media driver. Improper error handling in the probe function could lead to a resource leak. Additionally, a missing check for the return value of vpugetplatdevice could result in a null pointer dereference, potentially causing a system crash and leadi...

kernel: scsi: qla2xxx: Fix improper freeing of purex item

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix improper freeing of purex item In qla2xxxprocesspurlsiocb, an item is allocated via qla27xxcopymultiplepkt, which internally calls qla24xxallocpurexitem. The qla24xxallocpurexitem function may return a...

CVE-2026-40329

Masa CMS is an open source content management system. In versions 7.5.2 and earlier, a SQL injection vulnerability exists in the beanFeed.cfc component within the getQuery function's processing of the sortBy parameter. The application fails to properly sanitize or parameterize this input before...

CVE-2026-44116

OpenClaw before 2026.4.22 contains a server-side request forgery vulnerability in the Zalo plugin's sendPhoto function that fails to validate outbound photo URLs through the SSRF guard. Attackers can bypass SSRF protection by providing malicious photo URLs to the Zalo Bot API, enabling unauthoriz...

Improper Encoding or Escaping of Output

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in the Utils::parseUrl function during comment rendering. An attacker can execute arbitrary JavaScript in the...

CSV Injection

Overview Affected versions of this package are vulnerable to CSV Injection via the export function. An attacker can execute arbitrary spreadsheet formulas in the context of an administrator's local machine by injecting formula payloads into profile fields, which are then exported and opened in...

EUVD-2026-28154

Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cUsers.updateAddress function does not properly validate anti-CSRF tokens for user address management operations. An attacker can induce a logged-in administrator to submit a forged request that adds,...

CVE-2026-40174

Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cUsers.updateAddress function does not properly validate anti-CSRF tokens for user address management operations. An attacker can induce a logged-in administrator to submit a forged request that adds,...

CVE-2026-8033

A vulnerability has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. This affects an unknown function of the file /cdemos/echs/api/v2/ of the component Response Header Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The exploit ha...

Kimai's Twig function config() leaks server-wide secrets (LDAP bind password, SAML SP private key) via invoice/export templates

Summary Kimai's Twig sandbox StrictPolicy, used for admin-uploaded invoice and export templates allow-lists the config Twig function with no key filtering. configname delegates to App\Configuration\SystemConfiguration::find$name, which returns arbitrary entries from the flattened kimai.config...

CVE-2025-71291

A flaw was found in the Linux kernel's bcmvk module. A null-pointer dereference can occur within the bcmvkread function if a specific condition is met where a pointer entry is NULL and an error code -EMSGSIZE is returned. This vulnerability could allow a local attacker to cause system instability...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the UI server WebSocket. An attacker can gain unauthorized access to sensitive endpoints, such as streaming real-time pod logs, opening an interactive shell inside a running pod, or...

Missing Authentication for Critical Function

Overview github.com/0xJacky/Nginx-UI is a yet another Nginx Web UI, developed by 0xJacky and Hintay. Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the POST /api/install endpoint during the initial setup 10 minutes window, which is accessible...

CVE-2026-23870

CVE-2026-23870 is a denial-of-service vulnerability in react-server-dom-webpack, react-server-dom-parcel, and react-server-dom-turbopack. It affects versions 19.0.0–19.0.5, 19.1.0–19.1.6, and 19.2.0–19.2.5. Triggered by specially crafted HTTP requests to server function endpoints, it can cause se...

CLSA-2026-1778082886 libssh: Fix of CVE-2026-0966

CVE-2026-0966: avoid 1-byte heap buffer underflow in sshgethexa on NULL/zero-length input...

EUVD-2026-27832

A vulnerability was detected in FlowiseAI Flowise up to 3.0.12. This affects the function verify of the file packages/server/src/enterprise/services/account.service.ts of the component Endpoint. Performing a manipulation results in information disclosure. Remote exploitation of the attack is...