CVE-2026-45792

rtk filters and compresses command outputs before they reach your LLM context. Prior to 0.32.0, RTK Rust Token Killer improperly trusts project-local configuration files. RTK automatically loads .rtk/filters.toml from the working directory with highest priority and without user notification. An...

CVE-2026-46892

Vulnerability in the JD Edwards EnterpriseOne Human Resources Management product of Oracle JD Edwards component: Human Resources. The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards...

CVE-2026-53835

OpenClaw (pre-2026.5.6) contains a configuration enforcement bypass in Feishu dynamic-agent bindings. The flaw allows authenticated senders to create or update bindings without honoring configured config-write controls, enabling changes to sender-agent binding state beyond policy. Affected compon...

Cerebrate 安全漏洞

Cerebrate is an open-source platform developed by Cerebrate. It serves as an interconnected coordinator for trusted contact information providers and other security tools. Prior to version 1.37 of Cerebrate, there were security vulnerabilities. These vulnerabilities stemmed from CRUD editing...

CVE-2026-11884

A heap buffer overflow flaw was found in 389 Directory Server. When serializing objectclass definitions, the ocsuperior SUP field length is omitted from buffer size calculations in readschemadse and schemaoctostring, but the field is still written via strcat. An attacker with Directory Manager...

NETGEAR Routers 代码注入漏洞

NETGEAR Routers are a series of routers produced by NETGEAR, a company in the United States. NETGEAR Routers have a code injection vulnerability, which stems from insufficient input validation in the rbe970 model. This vulnerability could allow administrators who are connected to the local networ...

NETGEAR多款产品 安全漏洞

NETGEAR RBR850 is a product of the NETGEAR company. The NETGEAR RBR850 is a router. The NETGEAR RBS850 is also a router. The NETGEAR RBS750 is another router. Several NETGEAR products have security vulnerabilities. These vulnerabilities stem from insufficient buffer input validation, which may...

NETGEAR JR6150 输入验证错误漏洞

NETGEAR JR6150 is a wireless router produced by NETGEAR Corporation. The NETGEAR JR6150 has a vulnerability related to input validation. This vulnerability stems from insufficient input validation, which may allow administrators connected to the local network to make unauthorized modifications to...

CVE-2025-31974

HCL BigFix Service Management SM is susceptible to a Root File System Not Mounted as Read-Only. An improperly configured root file system may allow unintended modifications to critical system components, potentially increasing the risk of system compromise or unauthorized changes...

CVE-2026-44925

Cross-Site Request Forgery CSRF vulnerability in InfoScale v.9.1.3 Operations Manager VIOM allows an attacker to force the user with an active session into clicking a malicious HTML link, which triggers unintended modifications on VIOM web application without the user's knowledge...

CVE-2026-5943

Document structural anomalies caused inconsistencies between page element relationships and internal index states. When scripts triggered document modifications, object reference validity was not properly maintained, leading to a crash when accessing an invalid pointer during page information...

EUVD-2026-33825

Memory Corruption when accessing shared buffers without validation of concurrent user-mode input modifications...

CVE-2026-25260

Memory Corruption when accessing shared buffers without validation of concurrent user-mode input modifications...

CVE-2026-25260

CVE-2026-25260 describes a memory corruption vulnerability in Qualcomm components caused by accessing shared buffers without validating concurrent user-mode input modifications. The NVD entry lists CVSS v3.1: 7.8 (HIGH) with LOCAL attack vector, low complexity, and low privileges required, with n...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporation. There is a security vulnerability in Qualcomm Chipsets, which stems from concurrent modifications to user-space buffer areas, leading to memory corruption when processing IOCTL requests with mismatched API versions...

Qualcomm Chipsets 访问控制错误漏洞

Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporated in the United States. Qualcomm Chipsets contain an access control vulnerability, which stems from encryption issues during the processing of partition table entries. This vulnerability may allow unauthorized modification...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.18 contained security vulnerabilities. These vulnerabilities stemmed from a range-bypass vulnerability in the Gateway chat.send route, allowing clients with restricted ranges to...

Oracle REST Data Services 安全漏洞

Oracle REST Data Services is a middleware tool provided by Oracle Corporation in the United States, which exposes features of the Oracle database to applications through RESTful APIs. Versions 24.2.0 to 26.1.0 of Oracle REST Data Services have security vulnerabilities. These vulnerabilities stem...

Operation on a Resource after Expiration or Release

Overview Affected versions of this package are vulnerable to Operation on a Resource after Expiration or Release due to the failure to enforce the PostEditTimeLimit in the post patch and update API endpoints. An attacker can alter file attachments, properties, and pin status of posts after the...

CVE-2026-4053 post edit time limit is not enforced on some post update operations

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to enforce the PostEditTimeLimit on non-message post fields which allows an authenticated user to modify post file attachments, props, and pin status after the edit window has expired via the post patch and update API endpoints...