PT-2026-40881

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 8.3 through 18.9.6 GitLab CE/EE versions 18.10 through 18.10.5 GitLab CE/EE versions 18.11 through 18.11.2 Description An issue exists where an authenticated user can cause a denial of service through excessive memory...

Microsoft Exchange Server 跨站脚本漏洞

Microsoft Exchange Server is a set of email service programs provided by the American company Microsoft. It offers features such as email access, storage, forwarding, voicemail handling, and email filtering. Microsoft Exchange Server has a cross-site scripting vulnerability, which stems from...

OpenImageIO 输入验证错误漏洞

OpenImageIO is an open-source image processing library developed by OpenImageIO. It features a user-friendly interface and supports a wide range of image formats. Versions of OpenImageIO prior to 3.0.18.0 and 3.1.13.0 contained a input validation vulnerability. This vulnerability stemmed from the...

simdjson 输入验证错误漏洞

Simdjson is an open-source, high-performance JSON parsing library developed by Simdjson. Versions of Simdjson prior to 4.6.4 contained a vulnerability related to input validation errors. This vulnerability stemmed from the stringbuilder::escapeandAppend function, which had an integer overflow whe...

rust-openssl 输入验证错误漏洞

rust-openssl is an open-source library in Rust that allows for interaction with the OpenSSL library. In versions 0.9.7 to 0.10.79 of rust-openssl, there was a vulnerability related to input validation errors. This vulnerability stemmed from X509Ref::ocspresponders returning the OCSP responder URL...

WordPress plugin MapGeo – Interactive Geo Maps 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

OpenImageIO 输入验证错误漏洞

OpenImageIO is an open-source image processing library developed by OpenImageIO. It features a user-friendly interface and supports a wide range of image formats. Versions of OpenImageIO prior to 3.0.18.0 and 3.1.13.0 contained a input validation vulnerability. This vulnerability stemmed from a...

libyang 输入验证错误漏洞

LibYang is an open-source YANG data modeling language parser and toolkit developed in C language by CESNET. Versions of LibYang prior to 5.2.15 contained a vulnerability related to input validation errors. This vulnerability stemmed from an integer overflow in the lybreadstring function, which...

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. Vulnerabilities exist in versions of GitLab CE/EE from 9.0 to 18.9.7, a...

OpenImageIO 输入验证错误漏洞

OpenImageIO is an open-source image processing library developed by OpenImageIO. It features a user-friendly interface and supports a wide range of image formats. Versions of OpenImageIO prior to 3.0.18.0 and 3.1.13.0 contained a vulnerability related to input validation errors. This vulnerabilit...

ntopng 输入验证错误漏洞

ntopng is a web-based network traffic monitoring application developed by ntop. ntopng has a vulnerability related to input validation, which stems from URL redirection to untrusted sites...

PT-2026-40855

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.5 through 18.9.6 GitLab CE/EE versions 18.10 through 18.10.5 GitLab CE/EE versions 18.11 through 18.11.2 Description An issue exists where an unauthenticated user can cause a denial of service by sending specially...

Docling Graph 输入验证错误漏洞

Docling Graph is a structured data processing tool developed by the Docling Project, which converts document content into knowledge graphs. Versions of Docling Graph prior to 1.5.1 contained a vulnerability related to input validation errors. This vulnerability stemmed from the lack of validation...

Security Update for Microsoft .NET Core (May 2026)

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the vendor advisory. - A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who...

MCP Registry 输入验证错误漏洞

MCP Registry is an open-source MCP server store developed by Model Context Protocol. Versions 1.1.0 to 1.7.4 of MCP Registry contain a vulnerability related to input validation. This vulnerability stems from an open redirection attack conducted by TrailingSlashMiddleware. Attackers can construct...

PostgreSQL 输入验证错误漏洞

PostgreSQL is a set of free object-relational database management systems developed by the PostgreSQL organization. This system supports most SQL standards and offers many other features, such as foreign keys, triggers, views, etc. Versions of PostgreSQL prior to 18.4, 17.10, 16.14, 15.18, and...

Fleet 输入验证错误漏洞

Fleet is an open-source device management platform developed by Fleet Device Management. It supports various operating systems and devices, and helps IT and security teams with device management, vulnerability reporting, MDM operations, etc. Prior to Fleet 4.81.0, there was a vulnerability relate...

PT-2026-41057

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description Insufficient validation of untrusted input in SiteIsolation allows a remote attacker who has compromised the renderer process to bypass Site Isolation using a crafted HTML page. Site...

CVE-2026-28907

A flaw was found in WebKitGTK. Processing malicious web content may prevent Content Security Policy from being enforced due to improper input validation. Mitigation Do not process or load untrusted web content with WebKitGTK. In Red Hat Enterprise Linux 7, the following packages require WebKitGTK...

EUVD-2026-29905

Improper input validation in FacAtFunction in Galaxy Watch prior to SMR May-2026 Release 1 allows local attacker to execute arbitrary code with system privilege...