CVE-2026-34979

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, there is a heap-based buffer overflow in the CUPS scheduler when building filter option strings from job attribute. At time of publication, there are no publicly...

Zabbix 6.0.x < 6.0.41 / 7.0.x < 7.0.18 / 7.2.x < 7.2.12 / 7.4.x < 7.4.2 Multiple Vulnerabilities

The version of Zabbix Server installed on the remote host is prior to 6.0.41, 7.0.18, 7.2.12, 7.4.2. It is, therefore, affected by multiple vulnerabilities : - An issue exists due to the LDAP 'Bind password' value being leaked when a Super Admin changes the LDAP 'Host' to a rogue LDAP server. An...

CLEANSTART-2026-KR58137 Security fixes for CVE-2025-68121, CVE-2026-25679, CVE-2026-27137, CVE-2026-27138, CVE-2026-27139, CVE-2026-27142, ghsa-6v2p-p543-phr9 applied in versions: 0.8.19-r0, 0.8.19-r1, 0.8.19-r2

Multiple security vulnerabilities affect the node-problem-detector package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2026-4200

A security flaw has been discovered in glowxq glowxq-oj up to 6f7c723090472057252040fd2bbbdaa1b5ed2393. This affects the function uploadTestcaseZipUrl of the file business/business-oj/src/main/java/com/glowxq/oj/problem/controller/ProblemCaseController.java. Performing a manipulation results in...

Threat Research Report: The Broken Physics of Remediation

The race most security programs are built around — patch faster than the attacker can exploit — was designed for a threat landscape that no longer exists. The data shows defenders are falling behind in the vast majority of cases. Across the most critical, actively weaponized vulnerabilities of th...

This is all it takes to stop a train (Lock and Code S07E06)

This week on the Lock and Code podcast … Forget the runaway train thrillingly shot in Buster Keaton's 1926 film "The General," and never mind the charging locomotive rescued by actors Denzel Washington and Chris Pine in the 2010 film "Unstoppable," as there's a far more frequent and far less...

CVE-2024-31119

CVE-2024-31119 is a DOM-based XSS vulnerability in the WordPress plugin Special Box for Content by Vasilis Triantafyllou. The issue is described as an improper neutralization of input during web page generation, enabling DOM‑Based XSS. Affected version range is listed as from “n/a through 1” (i.e...

http-api-problem (>=0.50.0 <=0.50.2) potentially affected by CVE-2026-33241 via salvo (>=0.10.4 <=0.11.6)

salvo CARGO version =0.10.4, =0.50.0, =0.50.2 Source cves: CVE-2026-33241 Source advisory: OSV:GHSA-PP9R-XG4C-8J4X...

Defending the Power Grid by Segmenting the EV Charging Cyber Infrastructure

This paper examines defending the power grid against load-altering attacks using electric vehicle charging. It proposes to preventively segment the cyber infrastructure that charging station operators CSOs use to communicate with and control their charging stations, thereby limiting the impact of...

CVE-2026-4200

A security flaw has been discovered in glowxq glowxq-oj up to 6f7c723090472057252040fd2bbbdaa1b5ed2393. This affects the function uploadTestcaseZipUrl of the file business/business-oj/src/main/java/com/glowxq/oj/problem/controller/ProblemCaseController.java. Performing a manipulation results in...

CVE-2026-4200 glowxq glowxq-oj ProblemCaseController.java uploadTestcaseZipUrl server-side request forgery

A security flaw has been discovered in glowxq glowxq-oj up to 6f7c723090472057252040fd2bbbdaa1b5ed2393. This affects the function uploadTestcaseZipUrl of the file business/business-oj/src/main/java/com/glowxq/oj/problem/controller/ProblemCaseController.java. Performing a manipulation results in...

CVE-2026-4200

CVE-2026-4200 describes a server-side request forgery in glowxq-oj, affecting the function uploadTestcaseZipUrl in ProblemCaseController.java of glowxq/oj. The vulnerability stems from manipulating the upload path/parameters, allowing remote initiation of requests. Public exploitation is noted, w...

CVE-2026-4200

A security flaw has been discovered in glowxq glowxq-oj up to 6f7c723090472057252040fd2bbbdaa1b5ed2393. This affects the function uploadTestcaseZipUrl of the file business/business-oj/src/main/java/com/glowxq/oj/problem/controller/ProblemCaseController.java. Performing a manipulation results in...

glowxq-oj 代码问题漏洞

Glowxq-oj is an online problem-solving system developed by Glowxq’s individual developers, which supports multi-language evaluations and engaging programming activities. There are code vulnerabilities in Glowxq-oj. These vulnerabilities stem from incorrect operations on the function...

CVE-2025-41709

An unauthenticated remote attacker can perform a command injection via Modbus-TCP or Modbus-RTU to gain read and write access on the affected device...

EUVD-2025-208465

PROBLEMTYPE in COMPONENT in VENDOR PRODUCT VERSION on PLATFORMS allows ATTACKER to IMPACT via VECTOR...

CVE-2025-41709

An unauthenticated remote attacker can perform a command injection via Modbus-TCP or Modbus-RTU to gain read and write access on the affected device...

PT-2026-24183

Name of the Vulnerable Software and Affected Versions Versions prior to 2025-41709 Description An issue exists that allows an attacker to achieve remote code execution via the Modbus protocol on industrial power analyzers. This poses a significant risk to critical infrastructure, potentially...

CVE-2024-35644

CVE-2024-35644 describes a DOM-based Cross-Site Scripting (XSS) vulnerability in the WordPress plugin “Preferred Languages” by Pascal Birchler. The issue is caused by improper input neutralization during web page generation, enabling DOM-based XSS. It affects versions from n/a through 2.2.2 of th...

CVE-2024-31118

CVE-2024-31118 affects the WordPress plugin SP Project & Document Manager (versions up to 4.70). The issue is a Missing Authorization vulnerability caused by incorrectly configured access control security levels, potentially enabling unauthorized access to project/document resources. Public sourc...