PT-2026-29636

Name of the Vulnerable Software and Affected Versions CI4MS versions prior to 0.31.0.0 Description The application does not immediately revoke active user sessions when an account is deactivated. This is due to a logic flaw where account state changes are only enforced during login, not for...

CVE-2026-34556 iccDEV: HBO in icAnsiToUtf8()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a heap-buffer-overflow HBO in icAnsiToUtf8 in the XML conversion path. The issue is triggered by a crafted ICC profile which causes icAnsiToUtf8std::string&, char const ...

CVE-2026-34539

Summary of CVE-2026-34539 iccDEV’s ICC color management library is affected prior to version 2.3.1.6. A crafted ICC profile together with a malicious TIFF input can trigger a heap-buffer-overflow in CTiffImg::WriteLine(), observed as an out-of-bounds heap read under AddressSanitizer while running...

EUVD-2026-17703

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile and TIFF input can trigger a heap-buffer-overflow HBO in CTiffImg::WriteLine. The issue is observable under AddressSanitizer as an out-of-bounds heap read...

CVE-2026-34537 iccDEV: UB in CIccOpDefEnvVar::Exec()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger Undefined Behavior UB in CIccOpDefEnvVar::Exec due to invalid enum values being loaded for icSigCmmEnvVar. The issue is observable under UBSan a...

CVE-2026-34535

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a segmentation fault SEGV in CIccTagArray::Cleanup. The issue is observable under UBSan/ASan as misaligned member access / misaligned pointer...

CVE-2026-34586

PdfDing is a selfhosted PDF manager, viewer and editor offering a seamless user experience on multiple devices. Prior to version 1.7.1, checksharedaccessallowed validates only session existence — it does not check SharedPdf.inactive expiration / max views or SharedPdf.deleted. The Serve and...

CVE-2026-32143

Discourse exposes a CSV export vulnerability (CVE-2026-32143) where moderators could export data from admin-restricted reports, bypassing visibility controls. Affected versions include 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0. ...

JLSEC-2026-12

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's...

CVE-2026-34209

mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the tempo/session cooperative close handler validated the close voucher amount using "" instead of "=" against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled...

CVE-2026-34210

mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the stripe/charge payment method did not check Stripe's Idempotent-Replayed response header when creating PaymentIntents. An attacker could replay a valid credential containing the same spt token against a new...

CVE-2026-34163

FastGPT prior to v4.14.9.5 exposes a Server-Side Request Forgery via MCP Tools endpoints /api/core/app/mcpTools/getTools and /api/core/app/mcpTools/runTool, which accept a user-supplied URL and perform server-side requests without validating internal/private addresses. Although an isInternalAddre...

PT-2026-29310

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, users who lost access to a topic e.g., removed from a private category group could still interact with polls in that topic...

PT-2026-29401

Summary The SanitizeSVG function introduced in v3.6.0 to fix XSS in the unauthenticated /api/icon/getDynamicIcon endpoint can be bypassed by using namespace-prefixed element names such as . The Go HTML5 parser records the element's tag as "x:script" rather than "script", so the tag check passes i...

PT-2026-29376

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.6.2 Description SiYuan is a personal knowledge management system susceptible to a stored cross-site scripting XSS issue. An attacker can inject a malicious URL into an Attribute View mAsse field. When a victim opens...

CVE-2026-31804 Tautulli: Unauthenticated pms_image_proxy endpoint proxies arbitrary HTTP requests through the Plex Media Server

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the /pmsimageproxy endpoint accepts a user-supplied img parameter and forwards it to Plex Media Server's /photo/:/ transcode transcoder without authentication and without restricting the scheme...

DEBIAN-CVE-2025-66037

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, feeding a crafted input to the fuzzpkcs15reader harness causes OpenSC to perform an out-of-bounds heap read in the X.509/SPKI handling path. Specifically, scpkcs15pubkeyfromspkifields allocates a zero-length buffer...

CVE-2026-33028

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui application is vulnerable to a Race Condition. Due to the complete absence of synchronization mechanisms Mutex and non-atomic file writes, concurrent requests lead to the severe corruption of the prima...

CVE-2026-33028 Nginx UI: Race Condition Leads to Persistent Data Corruption and Service Collapse

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, the nginx-ui application is vulnerable to a Race Condition. Due to the complete absence of synchronization mechanisms Mutex and non-atomic file writes, concurrent requests lead to the severe corruption of the prima...

GHSA-RF6H-5GPW-QRGQ OpenClaw: MS Teams Feedback Invocation Bypasses Sender Allowlists and Records Unauthorized Session Feedback

Summary MS Teams Feedback Invoke Bypasses Sender Allowlists and Records Unauthorized Session Feedback Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details Microso...