CVE-2026-32628

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, a SQL injection vulnerability in the built-in SQL Agent plugin allows any user who can invoke the agent to execute arbitrary SQL commands on connected...

CVE-2026-32614

Go ShangMi Commercial Cryptography Library GMSM is a cryptographic library that covers the Chinese commercial cryptographic public algorithms SM2/SM3/SM4/SM9/ZUC. Prior to 0.41.1, the current SM9 decryption implementation contains an infinity-point ciphertext forgery vulnerability. The root cause...

CVE-2026-32775

libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exifmnotedatagetvalue function gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow...

CVE-2025-15540

"Functions" module in Raytha CMS allows privileged users to write custom code to add functionality to application. Due to a lack of sandboxing or access restrictions, JavaScript code executed through Raytha’s “functions” feature can instantiate .NET components and perform arbitrary...

CVE-2026-2326

REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage...

WordPress tagDiv Opt-In Builder plugin <= 1.7.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Plugin tagDiv Opt-In Builder versions = 1.7.3...

CVE-2017-20221

Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains a cross-site request forgery vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting missing request validation. Attackers can craft malicious web pages that perform administrative actions when...

Weseek Growi 安全漏洞

Weseek Growi is an open-source wiki system developed by the Japanese company Weseek, which can be written in Markdown format. Versions of Weseek Growi prior to v7.4.5 contained security vulnerabilities. These vulnerabilities stemmed from the OpenAI thread/message API endpoints not performing...

AnythingLLM SQL注入漏洞

AnythingLLM is an all-in-one AI application open-sourced by Mintplex. AnythingLLM SQL injection vulnerability , the vulnerability stems from the built-in SQL proxy plug-in getTableSchemaSql method of the tablename parameter lack of validation of external input SQL statements , an attacker can use...

Malicious code in require-in-package (npm)

The package 'require-in-package' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Tp-Link AX53 v1.0 SSH Hostkey misconfiguration vulnerability

Talos Vulnerability Report TALOS-2025-2291 Tp-Link AX53 v1.0 SSH Hostkey misconfiguration vulnerability March 16, 2026 CVE Number CVE-2025-62501 SUMMARY A misconfiguration vulnerability exists in the SSH Hostkey functionality of Tp-Link AX53 v1.0 1.3.1 Build 20241120 rel.549015553. A specially...

EulerOS 2.0 SP11 : curl (EulerOS-SA-2026-1602)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms.Thi...

PT-2026-25743

microsoftupdate securityupdate Edge Microsoft Edge Stable Channel Version 146.0.3856.59 ・CVE-2025-0385 ・CVE-2026-3910 「The Chromium team reported that CVE-2026-3910 has an exploit in the wild, and this update contains a fix for it.」...

TencentOS Server 4: qemu (TSSA-2026:0167)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0167 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

PT-2026-26462

Name of the Vulnerable Software and Affected Versions Kargo versions 1.4.0 through 1.6.3 Kargo versions 1.7.0-rc.1 through 1.7.8 Kargo versions 1.8.0-rc.1 through 1.8.11 Kargo versions 1.9.0-rc.1 through 1.9.4 Description Kargo's built-in http and http-download promotion steps allow Server-Side...

EulerOS 2.0 SP11 : openssh (EulerOS-SA-2026-1586)

According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to...

EulerOS 2.0 SP11 : curl (EulerOS-SA-2026-1574)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms.Thi...

Advisory ROSA-SA-2026-3209

software: hostapd 2.11 WASP: ROSA-CHROME unaffected versions = hostapd-2.11-2 affected versions hostapd-2.11-2 CVE-ID: CVE-2025-24912 BDU-ID: None CVE-Crit: LOW CVE-DESC.: RADIUS packet handling vulnerability in hostapd: hostapd incorrectly handles specially crafted RADIUS packets. When...

Advisory ROSA-SA-2026-3206

software: nginx 1.28.2 OS: ROSA-CHROME unaffected versions = nginx-1.28.2-1 affected versions nginx-1.28.2-1 CVE-ID: CVE-2026-1642 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in NGINX OSS and NGINX Plus when proxying to upstream TLS servers allows an attacker in a man-in-the-middle...

Advisory ROSA-SA-2026-3205

software: angie 1.11.3 OS: ROSA-CHROME unaffected versions = angie-1.11.3-1 affected versions angie-1.11.3-1 CVE-ID: CVE-2026-1642 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in NGINX OSS and NGINX Plus when proxying to upstream TLS servers allows an attacker in a man-in-the-middle...