CVE-2026-42605 AzuraCast: Path Traversal in `currentDirectory` Parameter Enables Remote Code Execution via Media Upload

AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the currentDirectory request parameter in the Flow.js media upload endpoint POST /api/station/stationid/files/upload is not sanitized for path traversal sequences. When combined with a local filesystem...

CVE-2026-8194 osTicket Dispatcher class.dispatcher.php cross-site request forgery

A security vulnerability has been detected in osTicket up to 1.18.3. Impacted is an unknown function of the file include/class.dispatcher.php of the component Dispatcher. The manipulation of the argument method leads to cross-site request forgery. Remote exploitation of the attack is possible. Th...

CVE-2026-42333 quarkus-openapi-generator has overly broad path-parameter matching that sends authentication headers to unintended operations

Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs generation. Prior to versions 2.11.1-lts, 2.16.0-lts, and 2.17.0, the generated authentication filter matches OpenAPI path templates too broadly when deciding whether to attach credentials. A security...

CVE-2026-8191

A vulnerability was identified in Wavlink NU516U1 M16U1V240425. This affects the function wifiregion of the file /cgi-bin/adm.cgi. Such manipulation of the argument skiplist1/skiplist2 leads to os command injection. The attack can be launched remotely. The exploit is publicly available and might ...

CVE-2026-8188

A vulnerability has been found in Wavlink NU516U1 M16U1V240425. Affected is the function changewifipassword of the file /cgi-bin/adm.cgi. The manipulation of the argument wlchannel/wlPass/EncrypType leads to os command injection. It is possible to initiate the attack remotely. The exploit has bee...

SUSE CVE-2026-43200

In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Fix swapped parameters in pciprimary/secondaryepcepfunlink functions struct configfsitemoperations callbacks are defined like the following: int allowlinkstruct configitem src, struct configitem target; void...

CVE-2026-8125

A vulnerability was detected in code-projects Simple Chat System 1.0. This vulnerability affects unknown code of the file sendMessage.php. The manipulation of the argument type/length/business parameter validity results in sql injection. The attack may be launched remotely. The exploit is now...

CVE-2026-36458

ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cmscontent tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered...

CVE-2026-8128

A vulnerability was found in SourceCodester SUP Online Shopping 1.0. The affected element is an unknown function of the file /admin/viewmsg.php. Performing a manipulation of the argument msgid results in sql injection. The attack is possible to be carried out remotely. The exploit has been made...

CVE-2026-8115

A security flaw has been discovered in gyoridavid short-video-maker up to 1.3.4. This affects an unknown part of the file src/server/routers/rest.ts of the component REST API. The manipulation of the argument req.params.tmpFile results in path traversal. The attack can be launched remotely. The...

CVE-2024-33724

SOPlanning 1.52.00 is vulnerable to Cross Site Scripting XSS via the groupeid parameter to process/groupesave.php...

CVE-2026-6667

PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILLCLIENT admin command. All users with access to the administration console which itself requires authorization could run this command. It would have been correct to allow only users listed in the adminusers...

Plainpad 安全漏洞

Plainpad is a self-hosted note-taking application by the individual developer Alex Tselegidis. A security vulnerability exists in Plainpad versions prior to 1.1.1, which stems from allowing a low-privileged user to self-elevate to administrator via the admin parameter in a PUT request, potentiall...

PgBouncer 安全漏洞

PgBouncer is an open-source, lightweight connection pool for PostgreSQL developed by the PgBouncer community. Prior to version 1.25.2, PgBouncer had a security vulnerability. This vulnerability stemmed from insufficient authorization checks for the KILLCLIENT management command. As long as users...

Hex-Rays IDA Pro 参数注入漏洞

Hex-Rays IDA Pro is a professional reverse-engineering tool developed by the Belgian company Hex-Rays. It is used for disassembly and program analysis. Versions of Hex-Rays IDA Pro from 9.2 to 9.3sp2 contained a parameter injection vulnerability. This vulnerability stemmed from the lack of...

osTicket 跨站请求伪造漏洞

osTicket is a widely used and trusted open-source support ticket system by the osTicket company. Versions of osTicket prior to 1.18.3 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the handling of the method parameter in the Dispatcher component’s file...

Debian dsa-6259 : python-jwt-doc - security update

The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6259 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6259-1 [email protected] https://www.debian.org/security/...

ArchiveBox 参数注入漏洞

ArchiveBox is a powerful, open-source, and self-hosted internet archiving solution developed by ArchiveBox. It is designed for collecting, storing, and viewing websites that you want to save offline. ArchiveBox versions 0.8.6rc0 and earlier have a parameter injection vulnerability. This...

Unity Linux 20.1070e Security Update: expat (UTSA-2026-016783)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016783 advisory. libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content. Tenable has extracted the preceding description block directly...

GitPython: Newline injection in config_writer() section parameter bypasses CVE-2026-42215 patch, enabling RCE via core.hooksPath

Summary The patch for CVE-2026-42215 GitPython 3.1.49 validates newlines only in the value parameter of setvalue. The section and option parameters are passed to configparser without any newline validation. An attacker who controls the section argument can inject \n to write arbitrary section...