EUVD-2026-19484

OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft...

kernel security update

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...

RLSA-2026:6037 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel: Use-After-Free vulnerability in ATM subsystem CVE-2025-38180 kernel: macvlan: fix error recovery in macvlancommonnewlink CVE-2026-23209 kernel: net/sched: clsu32: use...

Django 安全漏洞

Django is a set of open-source web frameworks based on the Python language, developed by the Django Foundation. This framework includes an object-oriented mapper, view system, template system, etc. Versions of Django prior to 6.0.4, 5.2.13, and 4.2.30 contained security vulnerabilities. These...

PT-2026-30867

Name of the Vulnerable Software and Affected Versions Django versions 6.0 through 6.0.3, 5.2 through 5.2.12, and 4.2 through 4.2.29 Description The ASGIRequest component allows a remote attacker to spoof headers due to an ambiguous mapping of header variants with hyphens or with underscores to a...

Django 安全漏洞

Django is an open-source web framework based on the Python language, developed by the Django Foundation. This framework includes an object-oriented mapper, a view system, and a template system. Versions of Django prior to 6.0.4, 5.2.13, and 4.2.30 contained security vulnerabilities. These...

PT-2026-30845

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. An out-of-bounds write occurs due to a mismatch between the TP-UDHI...

PT-2026-30936

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash by sending a malformed request header to the server. A successful exploit of this vulnerability might lead to denial of service...

ChurchCRM 安全漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 6.5.3 contained security vulnerabilities. These vulnerabilities stemmed from the use of a specially crafted URL in the Referer request header, which could trigger server-side HTTP/HTTPS requests to...

PT-2026-30939

ChurchCRM is an open-source church management system. Prior to 6.5.3, it is possible to trigger server-side HTTP/HTTPS requests to arbitrary hosts SSRF by supplying a crafted URL in the Referer request header. The server subsequently makes an outbound request to the attacker-controlled domain,...

CVE-2025-62818

CVE-2025-62818 affects Samsung devices with the listed Exynos/mobile processors and modems. The issue is an out-of-bounds write caused by a mismatch between TP-UDHI and UDL values when processing an SMS TP-UD packet. The Connected documents provide the affected product families and the root cause...

CVE-2025-62818

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. An out-of-bounds write occurs due to a mismatch between the TP-UDHI...

OpenTelemetry-Go 安全漏洞

OpenTelemetry-Go is an open-source developer toolkit developed by OpenTelemetry - CNCF. Versions of OpenTelemetry-Go from 1.36.0 to 1.40.0 contain security vulnerabilities. These vulnerabilities stem from the independent parsing of each header field value within a multi-value baggage header and t...

Linux Distros Unpatched Vulnerability : CVE-2026-23451

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: bonding: prevent potential infinite loop in bondheaderparse bondheaderparse can loop if a...

NVIDIA Triton Inference Server 安全漏洞

NVIDIA Triton Inference Server is an open-source software developed by NVIDIA Corporation. It helps standardize model deployment and provide fast, scalable AI in production environments. NVIDIA Triton Inference Server has a security vulnerability. This vulnerability arises from the possibility of...

FortiClient EMS 7.4.6 Vulnerability Assessment Tool

CVE-2026-35616 is a pre-authentication API bypass in FortiClient EMS 7.4.5 and 7.4.6 that allows remote, unauthenticated attackers to bypass certificate-based authentication through HTTP header spoofing. The Django application trusts user-controllable HTTP headers X-SSL-CLIENT-VERIFY,...

CVE-2025-62818

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. An out-of-bounds write occurs due to a mismatch between the TP-UDHI...

PT-2026-31016

Name of the Vulnerable Software and Affected Versions OpenTelemetry-Go versions 1.36.0 through 1.40.0 Description The OpenTelemetry-Go implementation is susceptible to a remote request amplification issue due to the way it handles multi-value baggage headers. Specifically, the extractMultiBaggage...

SUSE CVE-2026-5673

A flaw was found in libtheora. This heap-based out-of-bounds read vulnerability exists within the AVI Audio Video Interleave parser, specifically in the aviparseinputfile function. A local attacker could exploit this by tricking a user into opening a specially crafted AVI file containing a...

CVE-2026-35474

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, open redirect has been found in WeGIA webapp. The redirect parameter is taken directly from $GET with no URL validation or whitelist check, then used verbatim in a header"Location: ..." call. This vulnerability is fixed in 3.6.9...