GHSA-XQXW-R767-67M7 mem0ai mem0 has an Improper Input Validation Issue

A vulnerability was found in mem0ai mem0 up to 1.0.11. This affects the function pickle.load/pickle.dump of the file mem0/vectorstores/faiss.py. Performing a manipulation results in deserialization. It is possible to initiate the attack remotely. The exploit has been made public and could be used...

WordPress plugin Premium Addons for Elementor 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

PT-2026-36576

The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output escaping of Calculation Product field product names when rendered inside Repeater fields. The validat...

WordPress plugin Gravity Forms 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

OPENSUSE-SU-2026:20660-1 Security update for chromium

This update for chromium fixes the following issues: Changes in chromium: - Chromium 147.0.7727.137 boo1263158 CVE-2026-7363: Use after free in Canvas CVE-2026-7361: Use after free in iOS CVE-2026-7344: Use after free in Accessibility CVE-2026-7343: Use after free in Views CVE-2026-7333: Use afte...

CVE-2026-31744

A flaw was found in the Linux kernel. When processing energy model performance domains, the devenergymodelnlgetperfdomainsdoit function fails to validate the return value from emperfdomaingetbyid. If a non-existent performance domain ID is provided, this leads to a null pointer dereference, which...

CVE-2026-5174

Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation. This issue affects MOVEit Automation: from 2025.1.0 before 2025.1.5, from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0...

CVE-2026-42479

An out-of-bounds read vulnerability in VrmlDataIndexedLineSet::TShape in the VRML parser in Open CASCADE Technology OCCT V800rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because coordIndex values from parsed input are used as direct array indices...

CVE-2026-31744

Summary: CVE-2026-31744 concerns the Linux kernel energy model code path that processes perf domain IDs. The function dev_energymodel_nl_get_perf_domains_doit() calls em_perf_domain_get_by_id() and uses its return value without verifying it; if a caller supplies a non-existent perf domain ID, em_...

CVE-2026-31729

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: validate connector number in ucsinotifycommon The connector number extracted from CCI via UCSICCICONNECTOR is a 7-bit field 0-127 that is used to index into the connector array in ucsiconnectorchange. However, t...

EUVD-2026-26490

The Temporary Login plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.0.0. This is due to improper input validation in the maybelogintemporaryuser function, which fails to verify that the 'temp-login-token' GET parameter is a scalar string before...

CVE-2026-7567

The CVE concerns the WordPress plug-in Temporary Login (vulnerable up to 1.0.0). The flaw is in the function maybe_login_temporary_user() , which does not verify that the temp-login-token GET parameter is a scalar string before processing it. If the parameter is supplied as an array, PHP’s empty(...

EUVD-2026-26669

SQL Injection via ORDER BY clause in V2Board thru 1.7.4. In app/Http/Controllers/Admin/UserController.php, the sort parameter from user input is passed directly to User::orderBy$sort, $sortType without validation. An authenticated admin can sort users by any database column including password,...

PT-2026-36353

Name of the Vulnerable Software and Affected Versions hashcat version 7.1.2 Description A heap-based buffer overflow exists in the hex to binary function within the PKZIP hash parser. This occurs when data type enum is less than or equal to 1, allowing attacker-controlled hex data from a...

mem0 输入验证错误漏洞

mem0 is an efficient memory algorithm benchmarking tool open-sourced by Mem0. An input validation error vulnerability exists in mem0 1.0.11 and earlier versions, which stems from improper manipulation of the pickle.load/pickle.dump functions in the mem0/vectorstores/faiss.py file, which could lea...

Open SAE J1939 输入验证错误漏洞

Open SAE J1939 is a CAN bus communication protocol library for industrial vehicles by Daniel Mårtensson, a private developer. Open SAE J1939 suffers from an input validation error vulnerability that stems from an integer underflow in the transport protocol data transfer processing resulting in an...

WordPress plugin Temporary Login 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

PT-2026-36312

Name of the Vulnerable Software and Affected Versions Temporary Login plugin for WordPress versions prior to 1.0.1 Description An authentication bypass exists due to improper input validation in the maybe login temporary user function. The function fails to verify that the temp-login-token GET...

open-amp 输入验证错误漏洞

open-amp is an OpenAMP open source framework that supports communication and lifecycle management between heterogeneous multi-core processors. An input validation error vulnerability exists in open-amp version v2025.10.0, which stems from an integer overflow in the ELF loader during firmware imag...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via unvalidated parameters in the process. An attacker can invoke unauthorized methods by supplying crafted input. Remediation Upgrade prestashop/pscheckout to version 5.3.0 or higher. References - GitHub...