CVE-2026-0766

Open WebUI contains a vulnerability in load_tool_module_by_id that allows remote code execution via command injection. The flaw comes from insufficient validation of a user-supplied string before it is used to execute Python code, enabling an attacker to run arbitrary code in the service account’...

CVE-2026-0787 ALGO 8180 IP Audio Alerter SAC Command Injection Remote Code Execution Vulnerability

ALGO 8180 IP Audio Alerter SAC Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability. The specific fl...

CVE-2026-0787 ALGO 8180 IP Audio Alerter SAC Command Injection Remote Code Execution Vulnerability

ALGO 8180 IP Audio Alerter SAC Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability. The specific fl...

SUSE CVE-2025-12781

When passing data to the b64decode, standardb64decode, and urlsafeb64decode functions in the "base64" module the characters "+/" will always be accepted, regardless of the value of "altchars" parameter, typically used to establish an "alternative base64 alphabet" such as the URL safe alphabet. Th...

Authorization Bypass Through User-Controlled Key

Overview code.gitea.io/gitea/modules/git is a Go module to access Git through shell commands. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via improper validation of repository ownership in the delete process for Git LFS locks. An attacker c...

ALGO 8180 IP Audio Alerter: Operating System Command Injection Vulnerability

ALGO 8180 IP Audio Alerter is an IP speaker developed by ALGO Corporation. The ALGO 8180 IP Audio Alerter has a vulnerability related to operating system command injection. This vulnerability stems from a lack of validation for user input strings in the SAC module, which may lead to remote code...

npm CLI security vulnerabilities

npm CLI is a package manager developed by the American company npm. There is a security vulnerability in npm CLI, which stems from loading modules from insecure locations, potentially leading to privilege escalation and the execution of arbitrary code...

CVE-2026-0775

npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploi...

CVE-2025-52024

A vulnerability exists in the Aptsys POS Platform Web Services module thru 2025-05-28, which exposes internal API testing tools to unauthenticated users. By accessing specific URLs, an attacker is presented with a directory-style index listing all available backend services and POS web services,...

PCF security vulnerabilities

PCF is a policy control module developed under the open-source Free5GC project. Version 1.4.0 of PCF contains a security vulnerability, which stems from a null pointer dereferencing in the HandleDeletePoliciesPolAssoId function...

Open WebUI Code Injection Vulnerability

Open WebUI is an open-source, scalable, feature-rich, and user-friendly self-hosted WebUI. Open WebUI has a code injection vulnerability, which stems from the lack of validation for the string provided by users in the loadtoolmodulebyid function. This vulnerability may lead to code injection and...

NRF security vulnerabilities

nrf is a network repository feature module developed by free5GC. Version 1.4.0 of nrf contains a security vulnerability. This vulnerability stems from theAccessTokenScopeCheck function, which bypasses all scope verifications when using a specially crafted targetNF value, potentially allowing acce...

📄 OpenKM Community Edition 6.3.10 Code Execution / LFI / SQL Injection

OpenKM Community Edition version 6.3.10 proof of concept Metasploit module that exploits local file inclusion, remote code execution, and SQL injection vulnerabilities...

CPython security vulnerabilities

CPython is a Python interpreter implemented in C language by the Python Foundation. CPython has a security vulnerability that stems from the email module’s improper handling of line breaks during email serialization, which may lead to header injection attacks...

Linux Distros Unpatched Vulnerability : CVE-2026-0775

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004892)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004892 advisory. In the Linux kernel, the following vulnerability has been resolved: tpm: tpmcrb: Add the missed acpiputtable to fix memory leak In crbacpiadd, we get the TPM2 table ...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004830)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004830 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: fcoe: Fix transport not deattached when fcoeifinit fails fcoeinit calls...

CVE-2025-68141

EVerest is an EV charging software stack. Prior to version 2025.10.0, during the deserialization of a DCChargeLoopRes message that includes Receipt as well as TaxCosts, the vector taxcosts in the target Receipt structure is accessed out of bounds. This occurs in the method template void...

EUVD-2022-54720

In the Linux kernel, the following vulnerability has been resolved: media: i2c: max9286: fix kernel oops when removing module When removing the max9286 module we get a kernel oops: Unable to handle kernel paging request at virtual address 000000aa00000094 Mem abort info: ESR = 0x96000004 EC = 0x2...

OPENSUSE-SU-2026:20081-1 Security update for python313

This update for python313 fixes the following issues: - Update to 3.13.11: - Security - CVE-2025-12084: cpython: Fixed quadratic algorithm in xml.dom.minidom leading to denial of service bsc1254997 - CVE-2025-13836: Fixed default Content-Lenght read amount from HTTP response bsc1254400 -...