PT-2026-42246

A path traversal vulnerability exists in the Altium Enterprise Server Viewer StorageController due to improper handling of file path route parameters. On on-premise deployments that use local filesystem storage, a regular authenticated user can supply a URL-encoded absolute path such as an encode...

PT-2026-42100

The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.0.3 via deserialization of untrusted input in the STYXKEY-BOOST USER LOCATION cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present...

PT-2026-42112

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 4.2.0. This is due to insufficient object-level authorization in the image deletion REST flow where the permission callback for...

Microsoft Internet Explorer Use-After-Free Vulnerability

Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object. The impacted product could be end-of-life EoL and/or end-of-service EoS. Users should discontinue product...

PT-2026-42269

Plane is an open-source project management tool. In versions 1.3.0 and below, SavedAnalyticEndpoint passes the user-controlled segment query parameter directly to a Django F expression without validation unlike the regular AnalyticsEndpoint, which checks against an allowlist, causing ORM Field...

CVE-2026-6366

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core: from 8.0.0 before 10.5.9, from 10.6.0 before 10.6.7, from 11.0.0 before 11.2.11, from 11.3.0 before 11.3.7...

CVE-2026-6366

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core: from 8.0.0 before 10.5.9, from 10.6.0 before 10.6.7, from 11.0.0 before 11.2.11, from 11.3.0 before 11.3.7...

CVE-2026-6366

CVE-2026-6366 — Drupal core insecure gadget chain leading to object injection Affects Drupal core: 8.0.0–10.5.8, 10.6.0–10.6.6, 11.0.0–11.2.10, 11.3.0–11.3.7. The issue is an improperly controlled modification of dynamically-determined object attributes that enables a gadget chain when deserializ...

CVE-2026-6366 Drupal core - Moderately critical - Gadget Chain - SA-CORE-2026-002

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core: from 8.0.0 before 10.5.9, from 10.6.0 before 10.6.7, from 11.0.0 before 11.2.11, from 11.3.0 before 11.3.7...

CVE-2026-6366 Drupal core - Moderately critical - Gadget Chain - SA-CORE-2026-002

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core: from 8.0.0 before 10.5.9, from 10.6.0 before 10.6.7, from 11.0.0 before 11.2.11, from 11.3.0 before 11.3.7...

firefox: thunderbird: Mitigation bypass in the DOM: Security component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...

firefox: thunderbird: Use-after-free in the DOM: Core & HTML component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the DOM: Core & HTML component...

firefox: thunderbird: Incorrect boundary conditions in the DOM: Device Interfaces component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the DOM: Device Interfaces component...

CVE-2026-39467

Deserialization of Untrusted Data vulnerability in MetaSlider Responsive Slider by MetaSlider allows Object Injection.This issue affects Responsive Slider by MetaSlider: from n/a through 3.106.0...

CVE-2026-33637

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Versions 2.0.0 through 2.14.1 still allow protocol-relative host override when the request target is passed as a URI object rather than a String to Faraday::Connectionbuildexclusiveurl. This...

APScheduler's JSONSerializer and CBORSerializer are vulnerable to Remote Code Execution (RCE) via Insecure Deserialization

The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...

github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

A flaw was found in Go JOSE, a library for handling JSON Web Encryption JWE objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the...

firefox: thunderbird: Use-after-free in the DOM: Core & HTML component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the DOM: Core & HTML component...

firefox: thunderbird: Mitigation bypass in the DOM: Security component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...

WordPress Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin <= 4.2.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Image Deletion vulnerability

Insecure Direct Object Reference to Authenticated Subscriber+ Image Deletion vulnerability discovered by Bao Luu Gia Nguyen in WordPress Plugin NextGEN Gallery versions = 4.2.0...