CVE-2026-34612

Kestra is an open-source, event-driven orchestration platform. Prior to version 1.3.7, Kestra default docker-compose deployment contains a SQL Injection vulnerability that leads to Remote Code Execution RCE in the following endpoint "GET /api/v1/main/flows/search". Once a user is authenticated,...

CVE-2026-34612 Kestra: Remote Code Execution via SQL Injection

Kestra is an open-source, event-driven orchestration platform. Prior to version 1.3.7, Kestra default docker-compose deployment contains a SQL Injection vulnerability that leads to Remote Code Execution RCE in the following endpoint "GET /api/v1/main/flows/search". Once a user is authenticated,...

CVE-2026-34612

Kestra is an open-source, event-driven orchestration platform. Prior to version 1.3.7, Kestra default docker-compose deployment contains a SQL Injection vulnerability that leads to Remote Code Execution RCE in the following endpoint "GET /api/v1/main/flows/search". Once a user is authenticated,...

CVE-2026-34612

Kestra (open-source event-driven orchestration platform) prior to version 1.3.7 contains a SQL Injection that enables Remote Code Execution via the GET /api/v1/main/flows/search endpoint. After authentication, a crafted link can trigger payload execution by PostgreSQL using COPY ... TO PROGRAM .....

EUVD-2026-18903

Kestra is an open-source, event-driven orchestration platform. Prior to version 1.3.7, Kestra default docker-compose deployment contains a SQL Injection vulnerability that leads to Remote Code Execution RCE in the following endpoint "GET /api/v1/main/flows/search". Once a user is authenticated,...

CVE-2026-27456

CVE-2026-27456 affects util-linux mount(8): a TOCTOU race in the SUID mount when setting up loop devices allows a local user to trick mount into opening a root-owned target by replacing the source path during the brief window between validation and open. Exploitation requires an /etc/fstab entry ...

CVE-2025-64340

FastMCP (the MCP framework) is affected prior to version 3.2.0. A vulnerability arises when server names contain shell metacharacters (for example, &); this can trigger command injection on Windows during fastmcp install claude-code or fastmcp install gemini-cli. The install commands use subproce...

CVE-2026-23453

In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: Fix memory leak in XDPDROP for non-zero-copy mode Page recycling was removed from the XDPDROP path in emacrunxdp to avoid conflicts with AFXDP zero-copy mode, which uses xskbufffree instead. However, this...

Yokogawa CENTUM VP

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to login as the PROG user and modify permissions. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for...

[SECURITY] Fedora 42 Update: bpfman-0.5.4-6.fc42

bpfman operates as an eBPF manager, focusing on simplifying the deployment and administration of eBPF programs...

CVE-2026-34740

WWBN AVideo (versions 26.0 and prior) contains a stored SSRF in the EPG link feature. Authenticated users with upload permissions can store arbitrary URLs that the server fetches on each EPG page visit. The URL validation relies only on PHP FILTER_VALIDATE_URL, which accepts internal network addr...

Wordfence Bug Bounty Program Monthly Report – February 2026

Last month in February 2026, the Wordfence Bug Bounty Program received 1078 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by the...

JLSEC-2026-12

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's...

CVE-2025-7741

Hardcoded Password Vulnerability have been found in CENTUM. Affected products contain a hardcoded password for the user account PROG used for CENTUM Authentication Mode within the system. Under the following conditions, there is a risk that an attacker could log in as the PROG user. The default...

[SECURITY] Fedora 43 Update: musescore-4.6.5-34.fc43

MuseScore is a free cross platform WYSIWYG music notation program. Some highlights: WYSIWYG, notes are entered on a "virtual note sheet" Unlimited number of staves Up to four voices per staff Easy and fast note entry with mouse, keyboard or MIDI Integrated sequencer and FluidSynth software...

Efficient Software Vulnerability Detection Using Transformer-Based Models

Detecting software vulnerabilities is critical to ensuring the security and reliability of modern computer systems. Deep neural networks have shown promising results on vulnerability detection, but they lack the capability to capture global contextual information on vulnerable code. To address th...

WWBN AVideo 代码问题漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained code vulnerabilities. These vulnerabilities stemmed from the lack of SRF protection in the EPG link function, which could lead to storage-side request forgery...

PT-2026-29357

Name of the Vulnerable Software and Affected Versions XML Notepad versions prior to 2.9.0.21 Description XML Notepad, a Windows program for editing XML documents, does not disable DTD processing by default before version 2.9.0.21. This allows for the resolution of external entities. An attacker c...

RegPwnBOF

🛡️ RegPwnBOF - Simple Registry Action Tool !Download RegPwn...

CVE-2025-7741

Hardcoded Password Vulnerability have been found in CENTUM. Affected products contain a hardcoded password for the user account PROG used for CENTUM Authentication Mode within the system. Under the following conditions, there is a risk that an attacker could log in as the PROG user. The default...