291 matches found
CVE-2026-7652
The LatePoint plugin for WordPress is vulnerable to Account Takeover via Weak Password Recovery Mechanism in the unauthenticated guest booking flow in versions up to, and including, 5.5.0 This is due to the saveconnectedwordpressuser function propagating a LatePoint customer's email address to it...
CVE-2026-42077
Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a prototype pollution vulnerability in the mailbox store module allows attackers to modify the behavior of all JavaScript objects by injecting malicious properties into Object.prototype. The vulnerability exists...
PT-2026-36855
Name of the Vulnerable Software and Affected Versions Evolver versions prior to 1.69.3 Description A prototype pollution issue in the mailbox store module allows attackers to modify the behavior of all JavaScript objects by injecting malicious properties into Object.prototype. The flaw occurs...
lodash: lodash: Arbitrary code execution via untrusted input in template imports
A flaw was found in lodash. The fix for CVE-2021-23337 added validation for the variable option in .template but did not apply the same validation to options.imports key names. Both paths flow into the same Function constructor sink. Additionally, .template uses assignInWith to merge imports, whi...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-006929)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006929 advisory. In the Linux kernel, the following vulnerability has been resolved: udf: Do not bother merging very long extents When merging very long extents we try to push as muc...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011195)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011195 advisory. In the Linux kernel, the following vulnerability has been resolved: udf: Do not bother merging very long extents When merging very long extents we try to push as muc...
Pretext: Algorithmic Complexity (DoS) in the text analysis phase
isRepeatedSingleCharRun in src/analysis.ts line 285 re-scans the entire accumulated segment on every merge iteration during text analysis, producing On² total work for input consisting of repeated identical punctuation characters. An attacker who controls text passed to prepare can block the main...
PT-2026-30898
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.212, FreeScout does not take the limit user customer visibility parameter into account when merging customers. This vulnerability is fixed in 1.8.212...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from mm mseal failing to correctly update the end address during the merging of VMA sections,...
When Safe Models Merge into Danger: Exploiting Latent Vulnerabilities in LLM Fusion
Model merging has emerged as a powerful technique for combining specialized capabilities from multiple fine-tuned LLMs without additional training costs. However, the security implications of this widely-adopted practice remain critically underexplored. In this work, we reveal that model merging...
PT-2026-28612
Name of the Vulnerable Software and Affected Versions MikroORM versions prior to 6.6.10 MikroORM versions prior to 7.0.6 Description A flaw exists in the Utils.merge helper within MikroORM that does not prevent the use of special keys like proto , constructor, and prototype during object merging...
[SECURITY] Fedora 42 Update: samtools-1.23.1-1.fc42
SAM Sequence Alignment/Map is a flexible generic format for storing nucleotide sequence alignment. SAM Tools provide various utilities for manipulating alignments in the SAM format, including sorting, merging, indexing and generating alignments in a per-position format...
[SECURITY] Fedora 44 Update: samtools-1.23.1-1.fc44
SAM Sequence Alignment/Map is a flexible generic format for storing nucleotide sequence alignment. SAM Tools provide various utilities for manipulating alignments in the SAM format, including sorting, merging, indexing and generating alignments in a per-position format...
CVE-2021-27452
The software contains a hard-coded password that could allow an attacker to take control of the merging unit using these hard-coded credentials on the MU320E all firmware versions prior to v04A00.1...
Argo Workflows: WorkflowTemplate Security Bypass via podSpecPatch in Strict/Secure Reference Mode
Summary A user who can submit Workflows can completely bypass all security settings defined in a WorkflowTemplate by including a podSpecPatch field in their Workflow submission. This works even when the controller is configured with templateReferencing: Strict, which is specifically documented as...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005622)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005622 advisory. In the Linux kernel, the following vulnerability has been resolved: udf: Do not bother merging very long extents When merging very long extents we try to push as muc...
CVE-2025-33239
NVIDIA Megatron Bridge contains a vulnerability in a data merging tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...
Arbitrary Code Injection
Overview megatron-bridge is a Megatron Bridge: Training Recipes for Megatron-based LLM and VLM models Affected versions of this package are vulnerable to Arbitrary Code Injection via the data merging tutorial process. An attacker can execute arbitrary code, escalate privileges, disclose sensitive...
CVE-2025-33239
NVIDIA Megatron Bridge contains a vulnerability in a data merging tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...
CVE-2025-33239
NVIDIA Megatron Bridge contains a vulnerability in a data merging tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...