CVE-2024-41656

Sentry is an error tracking and performance monitoring platform. Starting in version 10.0.0 and prior to version 24.7.1, an unsanitized payload sent by an Integration platform integration allows storing arbitrary HTML tags on the Sentry side with the subsequent rendering them on the Issues page...

CVE-2026-21689 iccDEV has Type Confusion in CIccProfileXml::ParseBasic() at IccXML/IccLibXML/IccProfileXml.cpp

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in CIccProfileXml::ParseBasic at...

CVE-2026-21856 Tarkov Data Manager has Authenticated SQL Injection

The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to commit 9bdb3a75a98a7047b6d70144eb1da1655d6992a8, a time based blind SQL injection vulnerability in the webhook edit and scanner api endpoints that allow an authenticated attacker to execute arbitrary SQL queries against th...

CVE-2025-58441

Knowage (open source analytics/BI suite) prior to version 8.1.37 is affected by a blind server-side request forgery (SSRF). The issue allows an attacker to send requests to arbitrary hosts/paths, but cannot read responses, limiting direct impact. However, it could be used to scan internal network...

CVE-2025-68437

Craft is a platform for creating digital experiences. In versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16, the Craft CMS GraphQL saveAsset mutation is vulnerable to Server-Side Request Forgery SSRF. This vulnerability arises because the file input, specifically its url parameter,...

CVE-2026-21491 iccDEV has unicode buffer overflow in CIccTagTextDescription

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. A vulnerability present in versions prior to 2.3.1.2 affects users of the iccDEV library who process ICC color profiles. It...

EUVD-2025-206246

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Coolify versions prior to and including v4.0.0-beta.420.6 are vulnerable to a stored cross-site scripting XSS attack in the project creation workflow. An authenticated user with low privileges e.g....

CVE-2025-15418

A security flaw has been discovered in Open5GS up to 2.7.6. Affected by this vulnerability is the function ogsgtp2parsebearerqos in the library lib/gtp/v2/types.c of the component Bearer QoS IE Length Handler. Performing a manipulation results in denial of service. The attack must be initiated fr...

PT-2026-1033

Name of the Vulnerable Software and Affected Versions Open5GS versions through 2.7.6 Description A flaw exists in Open5GS related to the sgwc s11 handle create session request function within the GTPv2-C F-TEID Handler component, specifically in the file src/sgwc/s11-handler.c. Manipulation of th...

CVE-2025-68697 Self-hosted n8n has Legacy Code node that enables arbitrary file read/write

n8n is an open source workflow automation platform. Prior to version 2.0.0, in self-hosted n8n instances where the Code node runs in legacy non-task-runner JavaScript execution mode, authenticated users with workflow editing access can invoke internal helper functions from within the Code node...

CVE-2025-8075

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems ICS and OT/IoT security, has discovered that validation of incoming XML format request messages is inadequate. This vulnerability could allow an attacker to XSS on the user's browser. The...

CVE-2025-52601

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems ICS and OT/IoT security, has discovered a vulnerability in Device Manager that a hardcoded encryption key for sensitive information. An attacker can use key to decrypt sensitive information. T...

CVE-2025-8075 Improper Input Validation

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems ICS and OT/IoT security, has discovered that validation of incoming XML format request messages is inadequate. This vulnerability could allow an attacker to XSS on the user's browser. The...

CVE-2025-52600 Improper Input Validation

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems ICS and OT/IoT security, has discovered a vulnerability in camera video analytics that Improper input validation. This vulnerability could allow an attacker to execute specific commands on the...

EUVD-2025-205423

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems ICS and OT/IoT security, has found a flaw that camera's client service does not perform certificate validation. The manufacturer has released patch firmware for the flaw, please refer to the...

CVE-2023-54158

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't free qgroup space unless specified Boris noticed in his simple quotas testing that he was getting a leak with Sweet Tea's change to subvol create that stopped doing a transaction commit. This was just a side effect o...

CVE-2025-68480 Marshmallow has DoS in Schema.load(many)

Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0.0 to before 4.1.2, Schema.loaddata, many=True is vulnerable to denial of service attacks. A moderately sized request can consume a...

CVE-2025-14958

A security flaw has been discovered in floooh sokol up to 33e2271c431bf21de001e972f72da17a984da932. This vulnerability affects the function sgpipelinecommoninit in the library sokolgfx.h. Performing manipulation results in heap-based buffer overflow. The attack needs to be approached locally. The...

PT-2025-51934

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.20.0 Description FreeRDP is a free implementation of the Remote Desktop Protocol. A flaw exists in the certificate handling code on Windows platforms. The freerdp certificate data hash function utilizes the snprintf...

Zitadel Discloses the Total Number of Instance Users

Summary Zitadel's User Service discloses the total number of instance users to unauthorized users. Impact The ZITADEL User Service exposes the total number of users within an instance to any authenticated user, regardless of their specific permissions. While this does not leak individual user dat...