Speakr 安全漏洞

Speakr is a self-hosted AI transcription and smart note platform developed by Murtaza Nasir. Versions of Speakr prior to 0.8.20-alpha contained a security vulnerability. This vulnerability stemmed from the use of urljoin before parsing in the issafeurl validation function. The controller directly...

CVE-2026-33845 affecting package gnutls for versions less than 3.8.3-9

CVE-2026-33845 affecting package gnutls for versions less than 3.8.3-9. A patched version of the package is available...

PT-2026-40305

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, 8.5. before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code XSS on the target's machine when the target is viewing...

CVE-2026-0966 affecting package libssh for versions less than 0.10.6-7

CVE-2026-0966 affecting package libssh for versions less than 0.10.6-7. A patched version of the package is available...

Bitrix24 代码问题漏洞

Bitrix24 is an enterprise social platform developed by the American company Bitrix. This platform includes features such as online communication, calendar management, and CRM Customer Relationship Management. Versions of Bitrix24 prior to 25.100.300 contained a code vulnerability. This...

systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data

A flaw was found in systemd, a system and service manager. An unprivileged user can exploit this vulnerability by making an Inter-Process Communication IPC API call with spurious data. In older versions v249 and earlier, this can lead to stack overwriting with attacker-controlled content,...

Django 安全漏洞

Django is a set of open-source web frameworks based on the Python language, developed by the Django Foundation. This framework includes an object-oriented mapper, view system, template system, etc. Versions of Django prior to 6.0.5 and 5.2.14 contained security vulnerabilities. These...

Astra Linux - уязвимость в imagemagick

In the CropImage and CropImageToTiles routines of MagickCore/transform.c, rounding calculations performed on unconstrained pixel offsets were causing undefined behavior, including integer overflow and out-of-range values, as reported by UndefinedBehaviorSanitizer. Such issues could negatively...

CVE-2026-41305

PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an Abstract Syntax Tree. Versions prior to 8.5.10 do not escape tags,...

Kirby 安全漏洞

Kirby is a set of open-source content management systems based on files. Versions of Kirby prior to 4.9.0 and 5.4.0 have security vulnerabilities. These vulnerabilities stem from the fact that the changeStatus permission does not take effect during page creation. This could allow authenticated...

CVE-2026-40244

OpenEXR exposed an integer overflow in the DWA setupChannelData path. In versions 3.4.0–3.4.9, 3.3.0–3.3.9, and 3.2.0–3.2.7, internal_dwa_compressor.h:1722 performs curc->width * curc->height using int32 arithmetic without a size_t cast, creating an overflow condition. A fix has been applie...

DjangoBlog 安全漏洞

DjangoBlog is a blog system developed by liangliangyy using Django. Versions of DjangoBlog 2.1.0.0 and earlier have security vulnerabilities. These vulnerabilities stem from incorrect handling of the oauthid parameter in the oauth/views.py file, which may lead to improper authorization...

CVE-2026-41242 protobufjs has an arbitrary code execution issue

protobufjs compiles protobuf definitions into JavaScript JS functions. In versions prior to 8.0.1 and 7.5.5, attackers can inject arbitrary code in the "type" fields of protobuf definitions, which will then execute during object decoding using that definition. Versions 8.0.1 and 7.5.5 patch the...

PT-2026-32727

A stored cross-site scripting XSS vulnerability was identified in the Event Log mail preview feature. When viewing logged mail messages, HTML content was rendered in an iframe without proper sandboxing, allowing JavaScript execution in the viewer's browser context. Impact - Stored XSS via mail...

ImageMagick 安全漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 7.1.2-19 contained security vulnerabilities; these vulnerabilities were due to a heap write overflow in t...

wasmtime 安全漏洞

Wasmtime is a lightweight WebAssembly runtime open source by the Bytecode Alliance. Versions prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1 of Wastime have security vulnerabilities. These vulnerabilities arise from the use of Cranelift for compiling f64x2.splat WebAssembly instructions on x86-64...

pyLoad 安全漏洞

pyLoad is an open-source download manager written in Python. Versions of pyLoad prior to 0.5.0b3.dev97 contained security vulnerabilities. These vulnerabilities stemmed from the use of incorrect option names in the ADMINONLYCOREOPTIONS authorization set within the setconfigvalue function. As a...

Workbench 跨站脚本漏洞

Workbench is an open-source web tool suite for managing Salesforce data and metadata, developed by Force.com. Versions of Workbench prior to 65.0.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from a reflection-type cross-site scripting vulnerability in the...

Haraka 安全漏洞

Haraka is an open-source SMTP email server developed by Haraka. Versions of Haraka prior to 3.1.4 contained security vulnerabilities. These vulnerabilities occurred when sending emails with proto as the header name, which could lead to the crash of the working process...

Spring Security 安全漏洞

Spring Security is a security framework developed by Spring OpenSource that includes authentication and authorization features. There are security vulnerabilities in Spring Security versions 4.0.3 and earlier, 3.5.11 and earlier, 3.4.14 and earlier, 3.3.17 and earlier, and 2.7.31 and earlier. The...