CVE-2025-7389

CVE-2025-7389 describes a vulnerability in the OpenEdge AdminServer component where authenticated users could gain OS-level access and read arbitrary host files via misused methods exposed through the RMI interface, specifically the prototypes like setFile() and openFile() . The issue hinges on t...

JLSEC-2026-110 Deno.env.toObject() ignores the variables listed in --deny-env and returns all environment variables

Summary The Deno.env.toObject method ignores any variables listed in the --deny-env option of the deno run command. When looking at the documentation of the --deny-env option this might lead to a false impression that variables listed in the option are impossible to read. PoC export...

Exploit for CVE-2026-22692

CVE-2026-22692: Critical Twig Sandbox Bypass via collect-ma...

CVE-2025-69993

Leaflet versions up to and including 1.9.4 are vulnerable to Cross-Site Scripting XSS via the bindPopup method. This method renders user-supplied input as raw HTML without sanitization, allowing attackers to inject arbitrary JavaScript code through event handler attributes e.g., . When a victim...

PT-2026-32628

Leaflet versions up to and including 1.9.4 are vulnerable to Cross-Site Scripting XSS via the bindPopup method. This method renders user-supplied input as raw HTML without sanitization, allowing attackers to inject arbitrary JavaScript code through event handler attributes e.g., . When a victim...

Progress OpenEdge 安全漏洞

Progress OpenEdge is an enterprise-level application development and database management platform provided by the American company Progress. There is a security vulnerability in Progress OpenEdge, which stems from improper authorization in the AdminServer component. This vulnerability could allow...

SUSE CVE-2026-31421

In the Linux kernel, the following vulnerability has been resolved: net/sched: clsfw: fix NULL pointer dereference on shared blocks The old-method path in fwclassify calls tcfblockq and dereferences q-handle. Shared blocks leave block-q NULL, causing a NULL deref when an empty clsfw filter is...

CVE-2026-1116

A Cross-site Scripting XSS vulnerability was identified in the fromdict method of the AppLollmsMessage class in parisneo/lollms prior to version 2.2.0. The vulnerability arises from the lack of sanitization or HTML encoding of the content field when deserializing user-provided data. This allows a...

CVE-2025-69627

Nitro PDF Pro for Windows 14.41.1.4 contains a heap use-after-free vulnerability in the implementation of the JavaScript method this.mailDoc. During execution, an internal XID object is allocated and then freed prematurely, after which the freed pointer is still passed into UI and logging helper...

EUVD-2026-21945

In the Linux kernel, the following vulnerability has been resolved: net/sched: clsfw: fix NULL pointer dereference on shared blocks The old-method path in fwclassify calls tcfblockq and dereferences q-handle. Shared blocks leave block-q NULL, causing a NULL deref when an empty clsfw filter is...

CVE-2026-31421

In the Linux kernel, the following vulnerability has been resolved: net/sched: clsfw: fix NULL pointer dereference on shared blocks The old-method path in fwclassify calls tcfblockq and dereferences q-handle. Shared blocks leave block-q NULL, causing a NULL deref when an empty clsfw filter is...

CVE-2026-31421 net/sched: cls_fw: fix NULL pointer dereference on shared blocks

In the Linux kernel, the following vulnerability has been resolved: net/sched: clsfw: fix NULL pointer dereference on shared blocks The old-method path in fwclassify calls tcfblockq and dereferences q-handle. Shared blocks leave block-q NULL, causing a NULL deref when an empty clsfw filter is...

CVE-2026-31421

In the Linux kernel, the following vulnerability has been resolved: net/sched: clsfw: fix NULL pointer dereference on shared blocks The old-method path in fwclassify calls tcfblockq and dereferences q-handle. Shared blocks leave block-q NULL, causing a NULL deref when an empty clsfw filter is...

CVE-2026-31421

CVE-2026-31421 – Linux kernel net/sched cls_fw NULL pointer dereference . Root cause: in fw_classify(), the old-method path uses tcf_block_q() and dereferences q->handle; for shared blocks, block->q is NULL, causing a NULL pointer dereference when a nonzero skb is classified. The fix preven...

CVE-2026-5085

Solstice::Session versions through 1440 for Perl generates session ids insecurely. The generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to the built-in rand function and the process id. The same method is used in the generateID method in...

Amazon Linux 2023 : javapackages-bootstrap (ALAS2023-2026-1581)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1581 advisory. Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus- utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute...

Linux Distros Unpatched Vulnerability : CVE-2026-31421

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/sched: clsfw: fix NULL pointer dereference on shared blocks The old-method path in fwclassify calls tcfblockq and dereferences q-handle. Shared blocks leave...

CVE-2026-1116 Cross-site Scripting (XSS) in parisneo/lollms

A Cross-site Scripting XSS vulnerability was identified in the fromdict method of the AppLollmsMessage class in parisneo/lollms prior to version 2.2.0. The vulnerability arises from the lack of sanitization or HTML encoding of the content field when deserializing user-provided data. This allows a...

CVE-2026-1116

CVE-2026-1116 affects parisneo/lollms, specifically the AppLollmsMessage.from_dict deserialization path. The issue arises from insufficient sanitization/HTML encoding of the content field when processing user-provided data, leading to a Cross-site Scripting (XSS) vulnerability in versions prior t...

LoLLMs 跨站脚本漏洞

LoLLMs is a large language and multimodal system personally developed by Saifeddine ALOUI. Versions of LoLLMs prior to 2.2.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the fromdict method in the AppLollmsMessage class, which did not clean or encode the content...