EUVD-2026-18821

prompts.chat prior to commit 0f8d4c3 contains a path traversal vulnerability in skill file handling that allows attackers to write arbitrary files to the client system by crafting malicious ZIP archives with unsanitized filenames containing path traversal sequences. Attackers can exploit missing...

Vienna Assistant 1.2.542 Local Privilege Escalation

Vienna Assistant MacOS version 1.2.542 suffers from a missing validation vulnerability that allows for privilege escalation...

CVE-2026-21886

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.9.1, the GraphQL mutations "IndividualDeletionDeleteMutation" is intended to allow users to delete individual entity objects respectively. However, it was observed that this...

CVE-2026-24068 Missing XPC Client & NSXPC endpoint validation leads to privilege escalation in Vienna Assistant (MacOS) - Vienna Symphonic Library

The VSL privileged helper does utilize NSXPC for IPC. The implementation of the "shouldAcceptNewConnection" function, which is used by the NSXPC framework to validate if a client should be allowed to connect to the XPC listener, does not validate clients at all. This means that any process can...

CVE-2026-24068 Missing XPC Client & NSXPC endpoint validation leads to privilege escalation in Vienna Assistant (MacOS) - Vienna Symphonic Library

The VSL privileged helper does utilize NSXPC for IPC. The implementation of the "shouldAcceptNewConnection" function, which is used by the NSXPC framework to validate if a client should be allowed to connect to the XPC listener, does not validate clients at all. This means that any process can...

CVE-2026-23636

Kiteworks Secure Data Forms (pre-9.2.1) is affected by CVE-2026-23636 due to missing validation in the file upload process, enabling an Unrestricted Upload of a File with a Dangerous Type by a form manager. Root cause: inadequate validation on uploads. Impact: potential integrity impact (I: High)...

SUSE-SU-2026:1012-1 Security update 5.0.7 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: - Security issues fixed: CVE-2025-67724: Fixed missing validation of supplied reason phrase bsc1254903 CVE-2025-67725: Fixed DoS via malicious HTTP request bsc1254905 CVE-2025-67726: Fixed HTTP header parameter parsing algorithm bsc1254904...

PT-2026-28067

Kiteworks is a private data network PDN. In Kiteworks Secure Data Forms prior to version 9.2.1, the manager of a form could potentially exploit an Unrestricted Upload of File with Dangerous Type due to a missing validation. Upgrade Kiteworks to version 9.2.1 or later to receive a patch...

jsrsasign: Missing cryptographic validation during DSA signing enables private key extraction

Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by forcing r or s to be zero, so the library emits an invalid signature witho...

CVE-2026-32954

ERP is a free/open-source Enterprise Resource Planning tool. Versions prior to 15.100.0 and 16.8.0 contain time-based and boolean-based blind SQL injection in certain endpoints due to insufficient parameter validation, enabling attackers to infer database information. The issue is fixed in versio...

CVE-2026-32954 ERP has a possibility SQL Injection vulnerability due to missing validation

ERP is a free and open source Enterprise Resource Planning tool. In versions prior to 16.8.0 and 15.100.0, certain endpoints were vulnerable to time-based and boolean-based blind SQL injection due to insufficient parameter validation, allowing attackers to infer database information. This issue h...

CVE-2026-32816 Admidio has Missing CSRF Validation on Role Delete, Activate, and Deactivate Actions

Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, the delete, activate, and deactivate modes in modules/groups-roles/groupsroles.php perform destructive state changes on organizational roles but never validate an anti-CSRF token. The client-side UI passes a CSRF...

GHSA-9X67-F2V7-63RW AVideo vulnerable to unauthenticated SSRF via HTTP redirect bypass in LiveLinks proxy

Summary The plugin/LiveLinks/proxy.php endpoint validates user-supplied URLs against internal/private networks using isSSRFSafeURL, but only checks the initial URL. When the initial URL responds with an HTTP redirect Location header, the redirect target is fetched via fakeBrowser without...

CVE-2026-1870

The Thim Kit for Elementor – Pre-built Templates & Widgets for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing validation checks on the 'thim-ekit/archive-course/get-courses' REST endpoint callback function in all versions up to, and including, 1.3.7...

Doom Launcher 安全漏洞

Doom Launcher is a game launcher and resource manager developed by Nick personally. Version 3.8.1.0 of Doom Launcher has a security vulnerability. This vulnerability stems from the lack of file path validation during the extraction of game files, which may lead to directory traversal attacks...

CVE-2026-1870

The Thim Kit for Elementor – Pre-built Templates & Widgets for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing validation checks on the 'thim-ekit/archive-course/get-courses' REST endpoint callback function in all versions up to, and including, 1.3.7...

GHSA-R353-4845-PR5P simplesamlphp/xml-security: Missing AES-GCM Authentication Tag Validation on Encrypted Nodes Allows for Unauthorized Decryption

Summary XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag, recover the GHASH key, and decrypt the encrypted nodes. It also allows to forge arbitrary ciphertexts...

EUVD-2026-12093

LibreChat is a ChatGPT clone with additional features. Prior to 0.8.3-rc1, a Denial of Service DoS vulnerability exists in the DELETE /api/convos endpoint that allows an authenticated attacker to crash the Node.js server process by sending malformed requests. The DELETE /api/convos route handler...

GHSA-HVWJ-8W5G-28RG SGLangs `replay_request_dump.py` contains an insecure pickle.load() without validation and proper deserialization

SGLangs replayrequestdump.py contains an insecure pickle.load without validation and proper deserialization. An attacker can take advantage of this by providing a malicious .pkl file, which will execute the attackers code on the device running the script...

SUSE SLED15 / SLES15 Security Update : python-tornado (SUSE-SU-2026:0838-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:0838-1 advisory. This update for python-tornado fixes the following issue: - CVE-2025-67724: missing validation of the supplied reason...