IPFire 跨站脚本漏洞

IPFire is an open-source Linux distribution developed by the IPFire organization. It is primarily used as a router and firewall. Version 127 of IPFire 2.21 Core Update contains a cross-site scripting vulnerability. This vulnerability stems from insufficient validation of VPN configuration...

golang security update

1.25.7-1 - Rebase to latest rhel-10-main 170a5b7e084...

Bosch Infotainment ECU 安全漏洞

The Bosch Infotainment ECU is an in-car entertainment system developed by the German company Bosch. There is a security vulnerability in the Bosch Infotainment ECU. This vulnerability stems from a flaw in the V850 side processing custom protocol requests. It may allow attackers to execute code on...

UBUNTU-CVE-2026-23119

In the Linux kernel, the following vulnerability has been resolved: bonding: provide a net pointer to skbflowdissect After 3cbf4ffba5ee "net: plumb network namespace into skbflowdissect" we have to provide a net pointer to skbflowdissect, either via skb-dev, skb-sk, or a user provided pointer. In...

CVE-2026-23099

In the Linux kernel, the following vulnerability has been resolved: bonding: limit BONDMODE8023AD to Ethernet devices BONDMODE8023AD makes sense for ARPHRDETHER only. syzbot reported: BUG: KASAN: global-out-of-bounds in hwaddrcreate net/core/devaddrlists.c:63 inline BUG: KASAN: global-out-of-boun...

CVE-2026-25154

LocalSend is a free, open-source app that allows users to share files and messages with nearby devices over their local network without needing an internet connection. In versions up to and including 1.17.0, when a user initiates a "Share via Link" session, the LocalSend application starts a loca...

📄 Pragyan CMS 3.0 Blind SQL Injection

A critical blind SQL injection vulnerability exists in Pragyan CMS version 3.0 and earlier, affecting the main index endpoint. The vulnerability allows unauthenticated remote attackers to execute arbitrary SQL commands and potentially compromise the entire database. This issue is older research...

CVE-2026-25154 LocalSend has Stored XSS in Web Share Interface via Filename

LocalSend is a free, open-source app that allows users to share files and messages with nearby devices over their local network without needing an internet connection. In versions up to and including 1.17.0, when a user initiates a "Share via Link" session, the LocalSend application starts a loca...

PT-2026-5495

Name of the Vulnerable Software and Affected Versions LocalSend versions up to and including 1.17.0 Description LocalSend is an application enabling file and message sharing with nearby devices on a local network, without internet access. When a user initiates a "Share via Link" session, the...

NewStart CGSL MAIN 6.06 : python-setuptools Vulnerability (NS-SA-2025-0240)

The remote NewStart CGSL host, running version MAIN 6.06, has python-setuptools packages installed that are affected by a vulnerability: - A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These...

CVE-2026-1470

CVE-2026-1470 affects n8n: a critical Remote Code Execution in the workflow Expression evaluation system where expressions from authenticated users are evaluated in a runtime context that isn’t sufficiently isolated. This allows an authenticated attacker to execute arbitrary code with the n8n pro...

[SECURITY] Fedora 43 Update: mingw-libsoup-2.74.3-16.fc43

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications...

Spring AI Agentic Patterns (Part 4): Subagent Orchestration

Instead of one generalist agent doing everything, delegate to specialized agents. This keeps context windows focused—preventing the clutter that degrades performance. Task tool, part of the spring-ai-agent-utils toolkit, is a portable, model-agnostic Spring AI implementation inspired by Claude...

ROS-20260126-73-0042

A vulnerability in the tlsmain.c component of the Linux operating system kernel is related to insufficient input data validation. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

Azure Linux 3.0 Security Update: hyperv-daemons (CVE-2024-26988)

The version of hyperv-daemons installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-26988 advisory. - In the Linux kernel, the following vulnerability has been resolved: init/main.c: Fix potential...

CVE-2025-56451

Cross site scripting vulnerability in seeyon Zhiyuan A8+ Collaborative Management Software 7.0 via the topValue parameter to the seeyon/main.do endpoint...

EUVD-2025-206297

Cross site scripting vulnerability in seeyon Zhiyuan A8+ Collaborative Management Software 7.0 via the topValue parameter to the seeyon/main.do endpoint...

CVE-2025-56451

Cross site scripting vulnerability in seeyon Zhiyuan A8+ Collaborative Management Software 7.0 via the topValue parameter to the seeyon/main.do endpoint...

Seeyon Zhiyuan A8+ security vulnerabilities

Seeyon Zhiyuan A8+ is a collaborative management software developed by the Chinese company Seeyon. Version 7.0 of Seeyon Zhiyuan A8+ contains a security vulnerability. This vulnerability stems from improper handling of the topValue parameter in the seeyon/main.do endpoint, which may lead to...

CVE-2025-56451

Cross site scripting vulnerability in seeyon Zhiyuan A8+ Collaborative Management Software 7.0 via the topValue parameter to the seeyon/main.do endpoint...