CVE-2026-25787

Affected devices do not properly validate and sanitize Technology Object TO name rendered on the "Motion Control Diagnostics" page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the...

CVE-2026-25787

CVE-2026-25787 affects Siemens devices with a web interface where the Technology Object (TO) name on the Motion Control Diagnostics page is not properly validated/sanitized. An authenticated user who is authorized to download a TIA project could inject malicious scripts into the page, and if anot...

Malicious code in 8oo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8c949ba1ac1cd3a6c96d3f1fc8c32cdc64cb9474fa07dd6633ebf4f69073a495 The package's main entry index.js executes an IIFE at require time that loads 66o.js, which replaces the global console with a Proxy. Every intercept...

Heym 安全漏洞

Heym is an open-source AI-native workflow automation platform developed by heymrun. Versions of Heym prior to 0.0.21 contained security vulnerabilities. These vulnerabilities stemmed from sandbox escape vulnerabilities in custom Python tool executors, which could allow authenticated workflow...

CVE-2023-30059

An insecure direct object reference in MK-Auth 23.01K4.9 allows an attacker to access and send support calls for other users by manipulating the chamado parameter via a crafted GET request. The documents do not provide details on exploited versions, specific vectors beyond the parameter manipulat...

CVE-2026-31229

The Adversarial Robustness Toolbox ART thru 1.20.1 contains an insecure deserialization vulnerability CWE-502 in its Kubeflow component's model loading functionality. When loading model weights from a file e.g., model.pt during robustness evaluation, the code uses torch.load without the...

CVE-2023-30059

An insecure direct object reference in MK-Auth 23.01K4.9 allows attackers to access and send support calls for other users via manipulation of the chamado parameter through a crafted GET request...

CVE-2026-31216

The nexent v1.7.5.2 backend service contains an unauthorized arbitrary storage file deletion vulnerability in its file management API. The DELETE /storage/objectname:path endpoint lacks authentication, authorization, and input validation mechanisms. Unauthenticated remote attackers can send craft...

PT-2026-40537

Name of the Vulnerable Software and Affected Versions protobufjs versions prior to 7.5.6 protobufjs versions prior to 8.0.2 Description protobufjs uses plain objects with inherited prototypes for internal type lookup tables within generated encode and decode functions. If Object.prototype is...

PT-2026-40279

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global map without incrementing their reference counts. When an apache:Map node contains duplicate keys,...

PT-2026-39997

Name of the Vulnerable Software and Affected Versions multiparty versions 4.2.3 and earlier Description A denial of service occurs when a multipart/form-data request is sent with a field name that collides with an inherited Object.prototype property, such as proto , constructor, or toString. This...

Mk-Auth 安全漏洞

Mk-Auth is a Brazilian internet service provider management system developed by Mk-Auth company. It is used to control client access and permissions through a network interface panel. Version 23.01K4.9 of MK-Auth contains a security vulnerability caused by insecure direct object references. This...

PT-2026-40048

An insecure direct object reference in MK-Auth 23.01K4.9 allows attackers to access and send support calls for other users via manipulation of the chamado parameter through a crafted GET request...

ciguard 安全漏洞

Ciguard is a security auditing and visualization tool for CI/CD pipelines developed by Johannes Moore. Versions of Ciguard from 0.6.0 to 0.8.1 contain security vulnerabilities. These vulnerabilities stem from the SCa HTTP client’s use of json.loads without setting a maximum byte limit, which can...

CVE-2023-30059

An insecure direct object reference in MK-Auth 23.01K4.9 allows attackers to access and send support calls for other users via manipulation of the chamado parameter through a crafted GET request...

CVE-2026-43900 DeepChat: Persistent DOM XSS via HTML Entity Encoding in `<antArtifact>` SVG Rendering (Bypass of `svgSanitizer.ts`)

DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, a Cross-Site Scripting XSS vulnerability exists due to a discrepancy between the backend validation layer and the frontend browser rendering engine. The SVGSanitizer...

CVE-2026-43890 Outline: IDOR in subscriptions.create allows cross-tenant subscription on private documents (sibling of GHSA-23jj-rp48-w7q7)

Outline is a service that allows for collaborative documentation. From 0.84.0 to 1.7.0, the subscriptions.create API endpoint in server/routes/api/subscriptions/subscriptions.ts exhibits a broken authorization pattern. When both collectionId and documentId are supplied in the request, the route...

CVE-2026-43883 WWBN AVideo: IDOR in PayPalYPT agreementCancel.json.php Allows Any Authenticated User to Cancel Arbitrary PayPal Subscription Agreements

WWBN AVideo is an open source video platform. In versions up to and including 29.0, plugin/PayPalYPT/agreementCancel.json.php cancels a PayPal billing agreement using an attacker-supplied agreement parameter without verifying that the authenticated user owns the agreement. A low-privilege...

CVE-2026-42456

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, GET /api/workspace/:slug/tts/:chatId in AnythingLLM returns the text-to-speech audio for another user's chat response within the same workspace...

EUVD-2026-29104

In Meari IoT Cloud alert image storage on Alibaba OSS latest observed; storage service version not disclosed, motion snapshots are retrievable without authentication, signed URLs, or expiry enforcement. URLs function as direct object references and remain valid beyond expected operational windows...