PT-2026-37153

Name of the Vulnerable Software and Affected Versions i18next-fs-backend versions prior to 2.6.4 Description i18next-fs-backend substitutes the lng and ns options directly into the configured loadPath and addPath templates to read or write files from the disk. Because this interpolation is...

PowerDNS DNSdist 输入验证错误漏洞

PowerDNS DNSdist is a proxy software provided by PowerDNS, which offers capabilities for DNS traffic load balancing and security protection. PowerDNS DNSdist has a vulnerability related to input validation errors. This vulnerability arises when clients may send a large number of precisely timed...

openSUSE 16 Security Update : libraw (openSUSE-SU-2026:20574-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20574-1 advisory. - CVE-2026-5342: crafted TIFF/NEF file can cause an out-of-bounds read bsc1261499. - CVE-2026-20884: integer overflow vulnerability in the...

GitLab CE/EE 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. Versions of GitLab CE/EE prior to 18.11.1 contained a security...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013423)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013423 advisory. A flaw was found in unrestricted eBPF usage by the BPFBTFLOAD, leading to a possible out-of-bounds memory write in the Linux kernels BPF subsystem due to the way a...

CVE-2026-40570 FreeScout's Missing Authorization in load_customer_info Allows Any Authenticated User to Access Full Customer PII

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, the loadcustomerinfo action in POST /conversation/ajax returns complete customer profile data to any authenticated user without verifying mailbox access. An attacker only needs a valid email address to retriev...

CVE-2026-40570

FreeScout prior to 1.8.213 exposes sensitive customer data. The load_customer_info action at POST /conversation/ajax returns full customer profile data to any authenticated user without mailbox-access verification, requiring only a valid email to retrieve PII. Affected version range is before 1.8...

CVE-2026-40570 FreeScout's Missing Authorization in load_customer_info Allows Any Authenticated User to Access Full Customer PII

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, the loadcustomerinfo action in POST /conversation/ajax returns complete customer profile data to any authenticated user without verifying mailbox access. An attacker only needs a valid email address to retriev...

CVE-2026-40570

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, the loadcustomerinfo action in POST /conversation/ajax returns complete customer profile data to any authenticated user without verifying mailbox access. An attacker only needs a valid email address to retriev...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the loadimage and encodeimagebase64 functions in LMDeploy's vision-language module, which fetch URLs without validating whether the destination is an internal or private address. An attacker can acce...

CLSA-2026-1776761965 colord: Fix of CVE-2021-42523

CVE-2021-42523: fix memory leak in cddevicedbload and cdprofiledbload where sqlite3exec errormsg output was allocated but never freed...

Radware Alteon has a reflected XSS vulnerability that can execute JavaScript in the host browser

Overview Radware Alteon has a reflected Cross-Site Scripting XSS vulnerability in the parameter ReturnTo of the route /protected/login. This vulnerability allows an attacker to execute JavaScript in the host browser. Description CVE-2026-5754: Reflected Cross-Site Scripting XSS vulnerability in...

FreeScout 安全漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.213 contained security vulnerabilities. These vulnerabilities stemmed from the loadcustomerinfo operation in POST...

PT-2026-34020

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, the load customer info action in POST /conversation/ajax returns complete customer profile data to any authenticated user without verifying mailbox access. An attacker only needs a valid email address to...

PT-2026-33982

Name of the Vulnerable Software and Affected Versions ERB versions prior to 6.0.1.1 ERB versions prior to 6.0.4 ERB versions prior to 4.0.3.1 ERB versions prior to 4.0.4.1 Ruby versions prior to 4.0.3 Description A deserialization guard bypass exists in ERB involving the init variable. This issue...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013002)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013002 advisory. In the Linux kernel, the following vulnerability has been resolved: bfs: Reconstruct file type when loading from disk syzbot is reporting that SIFMT bits of...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013035)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013035 advisory. In the Linux kernel, the following vulnerability has been resolved: dm: fix NULL pointer dereference in dmsuspend There is a race condition between dm device suspend...

Virtuozzo Infrastructure 7.3 Hotfix 1 (7.3.0-177)

This update provides stability fixes. Vulnerability id: VSTOR-127496 Improved error messages for QEMU updates. Vulnerability id: VSTOR-128436 Creating a load balancer could fail with "Unable to find securitygroup". Vulnerability id: VSTOR-129065 Neutron could consume excessive memory when listing...

PT-2026-34048

https://t.co/sNLNjScHo3 verified an insecure deserialization bug in pycel = 1.0b30. @DirkGor It is now tracked as CVE-2026-30108. The payload executed during pickle.load before the object was rejected. pycel has 618 GitHub stars so far. https://t.co/WqAbLKo6Bi...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011208)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011208 advisory. In the Linux kernel, the following vulnerability has been resolved: fs/binfmtelf: Fix memory leak in loadelfbinary There is a memory leak reported by kmemleak:...