Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-016790)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016790 advisory. An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. FilteredRelation is subject to SQL injection in column aliases via control...

GHSA-7F3R-GWC9-2995 view_component: Preview Route Can Dispatch Inherited Helper Methods

Summary The preview route derives an example name from the URL and calls it with publicsend. The code does not verify that the requested method is one of the preview examples explicitly defined by the preview class. As a result, inherited public methods on ViewComponent::Preview are...

view_component: Preview Route Can Dispatch Inherited Helper Methods

Summary The preview route derives an example name from the URL and calls it with publicsend. The code does not verify that the requested method is one of the preview examples explicitly defined by the preview class. As a result, inherited public methods on ViewComponent::Preview are...

Forensic Analysis of Video Data Deletion and Recovery in Honeywell Surveillance File System

Real-time video surveillance systems store recorded video using digital video recorders DVRs and network video recorders NVRs. To support continuous high-volume video storage, these devices employ specialized, nonstandard file systems that are often proprietary and undocumented. This lack of...

view_component - Preview Route Can Dispatch Inherited Helper Methods'

The preview route derives an example name from the URL and calls it with publicsend. The code does not verify that the requested method is one of the preview examples explicitly defined by the preview class. As a result, inherited public methods on ViewComponent::Preview are route-reachable. The...

RedwoodSDK 跨站请求伪造漏洞

RedwoodSDK is an open-source React-based server-first web application framework developed by RedwoodJS. Versions of RedwoodSDK from 1.0.0-beta.50 to 1.2.3 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the use of HTTP methods on the server without source...

PT-2026-39302

Name of the Vulnerable Software and Affected Versions view component versions 3.0.0 through 4.8.x Description The preview route derives an example name from the URL and invokes it using public send without verifying if the requested method is an explicitly defined preview example. This allows...

CVE-2026-42047 Inngest TypeScript SDK exposes environment variables via serve() handler on unhandled HTTP methods

Inngest is a platform for running event-driven and scheduled background functions with queueing, retries, and step orchestration. Versions 3.22.0 through 3.53.1 contain a vulnerability that allows unauthenticated remote attackers to exfiltrate environment variables from the host process via the...

CVE-2026-42047 Inngest TypeScript SDK exposes environment variables via serve() handler on unhandled HTTP methods

Inngest is a platform for running event-driven and scheduled background functions with queueing, retries, and step orchestration. Versions 3.22.0 through 3.53.1 contain a vulnerability that allows unauthenticated remote attackers to exfiltrate environment variables from the host process via the...

CVE-2026-42047

Inngest CVE-2026-42047 affects the TypeScript SDK versions 3.22.0–3.53.1. A change in 3.22.0 made the serve() HTTP handler’s diagnostic response expose process.env contents when unhandled methods PATCH, OPTIONS, or DELETE are used, allowing exfiltration of secrets, API keys, or credentials if the...

CVE-2026-5788

An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to invoke arbitrary methods...

CVE-2026-5788

An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to invoke arbitrary methods...

CVE-2026-5788

CVE-2026-5788 affects Ivanti Endpoint Manager Mobile (EPMM). Affected versions before 12.6.1.1, 12.7.0.1, and 12.8.0.1 suffer an improper access control that allows a remote unauthenticated attacker to invoke arbitrary methods. Ivanti’s May 2026 advisory and ENISA/NCSC references confirm these ve...

CVE-2026-5788

An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to invoke arbitrary methods...

Arbitrary Code Injection

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection through the proxy trap methods in createBridge in the bridge handler code. An attacker can leak a handler...

inngest-js 信息泄露漏洞

Inngest-js is an open-source framework developed by Inngest, designed to support various serverless platforms. It serves as a reliable event-driven and background task execution framework. Versions 3.22.0 to 3.53.1 of Inngest-js contain a vulnerability related to information leakage. This...

PT-2026-38455

Name of the Vulnerable Software and Affected Versions Ivanti EPMM versions prior to 12.6.1.1 Ivanti EPMM versions prior to 12.7.0.1 Ivanti EPMM versions prior to 12.8.0.1 Description Improper Access Control allows a remote unauthenticated attacker to invoke arbitrary methods. Recommendations Upda...

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview inngest is an Official SDK for Inngest.com. Inngest is the reliability layer for modern applications. Inngest combines durable execution, events, and queues into a zero-infra platform with built-in observability. Affected versions of this package are vulnerable to Exposure of Sensitive...

Code Injection

Apache ActiveMQ is vulnerable to Code Injection. The vulnerability is due to improper input validation and improper control of generation of code, where an attacker can construct a malicious broker name that bypasses name validation to include an xbean binding, and then use the DestinationView...

PT-2026-36737

Name of the Vulnerable Software and Affected Versions GV-VMS V20 Description The WebCam Server feature in GV-VMS allows remote access to management and monitoring via a web interface. The gvapi endpoint utilizes a custom authentication mechanism supporting Basic and Digest modes. A stack overflow...