PT-2026-46956

HelloTalk through 3.4.1 stores full-precision GPS coordinates even when the user had intended to share only a country or city. Furthermore, these coordinates are placed into a database on the client of other users. The client side was changed in 2019 to encrypt that database...

EUVD-2026-30815

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous and unprivileged users who cannot regenerate summaries. This issue has been fixed in versions 2026.1.4,...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

CVE-2026-31431 — "Copy Fail": Linux Kernel algifaead Local...

JLSEC-2026-257 Issue summary: If an application using the SSL_CIPHER_find() function in a QUIC protocol client...

Issue summary: If an application using the SSLCIPHERfind function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs. Impact summary: A NULL pointer dereference leads to abnormal termination of the running process causing Denial of Servic...

CVE-2026-5372 runZero Platform SQL injection in saved queries

An issue that allowed a SQL injection attack vector related to saved queries introduced in version 4.0.260123.0. This is an instance of CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection', and has an estimated CVSS score of...

CVE-2026-0712

...

CVE-2026-0712

CVE-2026-0712 entry is rejected/not used by its CNA.

Malicious code in increasing_thrush_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a67f69597a2b0dadbdc30ef95c813b6c2b07afb6de991ca6547d8310acc997d7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2022-46687

Malicious code in bioql PyPI...

CVE-2025-9232

Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'noproxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out-of-bounds read can trigger a crash...

podman: Podman kube play command may overwrite host files

There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the targ...

podman: Podman kube play command may overwrite host files

There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the targ...

Description of the security update for SharePoint Server 2016 Language Pack: September 09, 2025 (KB5002777)

Description of the security update for SharePoint Server 2016 Language Pack: September 09, 2025 KB5002777 Summary Important: ​​​​​​​Prior to installing this Cumulative Update, if you're running the 2013 Style Workflows, you must install the August 2025 patch for SharePoint Workflow manager to you...

PT-2025-32437 · Byd · Byd Dilink 3.0 Os

Name of the Vulnerable Software and Affected Versions: BYD DiLink 3.0 OS affected versions not specified Description: An incorrect encryption implementation exists in the system log dump feature. An attacker with physical access to the vehicle can bypass the encryption of log dumps on the...

CVE-2024-26148

Querybook is a user interface for querying big data. Prior to version 3.31.1, there is a vulnerability in Querybook's rich text editor that enables users to input arbitrary URLs without undergoing necessary validation. This particular security flaw allows the use of javascript: protocol which can...

CVE-2023-34238

Gatsby is a free and open source framework based on React. The Gatsby framework prior to versions 4.25.7 and 5.9.1 contain a Local File Inclusion vulnerability in the file-code-frame and original-stack-frame paths, exposed when running the Gatsby develop server gatsby develop. Any file in scope o...

SUSE CVE-2022-49285

In the Linux kernel, the following vulnerability has been resolved: iio: accel: mma8452: use the correct logic to get mma8452data The original logic to get mma8452data is wrong, the dev point to the device belong to iiodev. we can't use this dev to find the correct i2cclient. The original logic...

K000149540: Quarterly Security Notification (February 2025)

Security Advisory Description On February 5, 2025, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities to help determine the impact to your F5 devices. You can find the details of each issue in the associated articles. You can wat...

Sentry improper error handling leaks Application Integration Client Secret

Impact During routine testing, we identified a scenario where a specific error message generated by our platform could include a plaintext Client ID and Client Secret for an application integration. The Client ID and Client Secret would not be displayed in the UI, but would be returned in the...

K000141302: Quarterly Security Notification (October 2024)

Security Advisory Description On October 16, 2024, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities to help determine the impact to your F5 devices. You can find the details of each issue in the associated articles. You can wat...