Alloksoft AVI DivX MPEG to DVD Converter 安全漏洞

Alloksoft AVI DivX MPEG to DVD Converter is a multimedia conversion tool developed by Alloksoft Corporation, capable of converting video formats such as AVI, DivX, and MPEG, as well as creating DVDs. Version 2.6.1217 of Alloksoft AVI DivX MPEG to DVD Converter contains a security vulnerability...

Z-BlogPHP 安全漏洞

Z-BlogPHP is an open-source PHP-based blog system developed by the Z-Blog community. Version Z-BlogPHP 1.7.4.3430 contains a security vulnerability. This vulnerability stems from an improper authorization in the CheckComment function of the commend Approval Handler component’s csystemevent.php...

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from the ogstimeradd function in the nausf-handler.c file within the...

H2O 安全漏洞

H2O is an open-source memory platform for distributed, scalable machine learning developed by H2O.ai. Versions of H2O such as h2o-3 7402 and earlier contain security vulnerabilities. These vulnerabilities stem from improper access control in the exec function of the AstSetProperty.java file withi...

Kilo Code 信息泄露漏洞

Kilo Code is an open-source AI coding assistant developed by Kilo Code. Versions of Kilo Code 7.0.47 and earlier contained a vulnerability known as information leakage. This vulnerability stemmed from improper handling of the parameter KILOCONFIGCONTENT in the Load function of the Environment...

PT-2026-41549

Allok AVI DivX MPEG to DVD Converter 2.6.1217 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload. Attackers can craft a text file with a specially crafted buffer containing shellcode and SEH...

hive 路径遍历漏洞

Hive is a multi-agent workflow execution engine developed by Aden. Versions of Hive prior to 0.11.0 contained a path traversal vulnerability. This vulnerability stemmed from the readeventstail function in the Delete Request Handler component, where the routessessions.py file exhibited path...

PT-2026-41586

Name of the Vulnerable Software and Affected Versions Kilo-Org kilocode versions prior to 7.0.48 Description A flaw in the Environment Variable Handler component allows remote information disclosure. The issue exists within the Load function located in the packages/opencode/src/config/config.ts...

PT-2026-41541

Name of the Vulnerable Software and Affected Versions h2oai h2o-3 versions prior to 7402 Description A flaw in the JAR Handler component allows remote attackers to trigger deserialization by manipulating the importBinaryModel function within the h2o-core/src/main/java/hex/Model.java file...

PT-2026-41566

Name of the Vulnerable Software and Affected Versions fishaudio Bert-VITS2 versions prior to 8f7fbd8c4770965225d258db548da27dc8dd934c Description A path traversal flaw exists in the Model Handler component, specifically within the get all models function of the hiyoriUI.py file. This issue allows...

PT-2026-41539

A weakness has been identified in Z-BlogPHP 1.7.4.3430. This affects the function CheckComment of the file zb system/function/c system event.php of the component Commend Approval Handler. This manipulation causes improper authorization. The attack may be initiated remotely. The exploit has been...

PT-2026-41538

A security flaw has been discovered in Open5GS up to 2.7.7. Affected by this issue is the function discover handler in the library /lib/sbi/nghttp2-server.c of the component NRF. The manipulation results in use after free. The attack can be launched remotely. The exploit has been released to the...

AstrBot 路径遍历漏洞

AstrBot is an open-source multi-platform LLM chatbot and development framework developed by AstrBot. Versions of AstrBot 4.23.5 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the improper handling of the postfile function in the File Upload Handler component...

Exploit for Classic Buffer Overflow in Cisco Adaptive_Security_Appliance_Software

CVE-2025-20333 Scanner A Python-based diagnostic scanner for...

CVE-2026-45037

Tabby (formerly Terminus) is affected prior to version 1.0.232. The terminal linkifier passes any detected URI directly to the OS protocol handler without validating the protocol scheme, allowing a malicious SSH or Telnet server to deliver crafted terminal output containing dangerous protocol URI...

CLSA-2026-1778820779 tar: Fix of CVE-2023-39804

CVE-2023-39804: fix crash on PAX archive with malformed extended header attributes in locatehandler and xattrdecoder...

CLSA-2026-1778828497 tar: Fix of CVE-2023-39804

CVE-2023-39804: fix crash on PAX archive with malformed extended header attributes in locatehandler and xattrdecoder...

CVE-2025-54517

CVE-2025-54517: Out of bounds write in the AMD AMDGV_CMD_GET_DIAG_DATA ioctl handler could allow a local user to escalate privileges via remote code execution. Affected component: AMD graphics driver/kernel ioctl path (AMDGV_CMD_GET_DIAG_DATA). Root cause: out-of-bounds write in the ioctl handler...

CVE-2025-54517

Out of bounds write in AMD AMDGVCMDGETDIAGDATA ioctl handler could allow a local user to escalate privileges via remote code execution...

PT-2026-41320

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.233, Tabby registers itself as the handler for the tabby:// URL scheme on all platforms. The URL scheme handler supports a run command that directly executes OS commands with no user confirmation, sanitization, or...