CVE-2026-42261

PromptHub is an all-in-one AI toolbox for prompt, skill, and agent management. From version 0.4.9 to before version 0.5.4, apps/web/src/routes/skills.ts exposes an authenticated endpoint POST /api/skills/fetch-remote that fetches a user-supplied URL server-side and reflects the response body up t...

CVE-2026-6772

Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

EUVD-2026-18502

Open edX Platform enables the authoring and delivery of online learning at any scale. From the maple release to before the ulmo release, an unauthenticated attacker can fully bypass the email verification process by combining two issues: the OAuth2 password grant issuing tokens to inactive users...

CVE-2026-34736

Open edX Platform experiened an account-activation bypass vulnerability (CVE-2026-34736). In affected versions from maple up to just before ulmo, an unauthenticated attacker could bypass email verification by chaining two issues: the OAuth2 password grant issuing tokens to inactive users, and the...

GHSA-7G92-G4VH-HP84 Grafana OSS: Authorization bypass allows users with Editor role to modify protected webhook URLs without permissions

A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify protected webhook URLs without the required alert.notifications.receivers.protected:write permission. A patched version is available at...

CVE-2026-22790

EVerest is an EV charging software stack. Prior to version 2026.02.0, HomeplugMessage::setuppayload trusts len after an assert; in release builds the check is removed, so oversized SLAC payloads are memcpy'd into a 1497-byte stack buffer, corrupting the stack and enabling remote code execution fr...

OpenClaw's system.run shell-wrapper positional argv carriers could execute hidden commands under misleading approval text

Summary In openclaw up to and including 2026.2.23 latest npm release as of February 25, 2026, system.run shell-wrapper inputs could present misleading approval/display text while still carrying hidden positional argv payloads that execute at runtime. Affected Packages / Versions - Package: opencl...

Linux Distros Unpatched Vulnerability : CVE-2023-54209

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - block: fix blktrace debugfs entries leakage Commit 99d055b4fd4b block: remove per-disk debugfs files in blkunregisterqueue moves blktraceshutdown from...

EUVD-2025-35168

Multiple stored cross-site scripting XSS vulnerabilities in the index.php component of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Employee Notes, title, or description parameters. The patched...

EUVD-2019-7298

Malware in sbrugna...

EUVD-2023-2606

Malicious code in bioql PyPI...

Versions of *ring* prior to 0.17 are unmaintained.

ring 0.16.20 was released over 4 years ago and isn't maintained, tested, etc. Additionally, the project's general policy is to only patch the latest release, which is 0.17.12 now. It will be difficult for anybody to backport future fixes to versions earlier than 0.17.10 due to license changes...

GHSA-6729-95V3-PJC2 HL7 FHIR IG Publisher potentially exposes GitHub repo user and credential information

Impact In CI contexts, the IG Publisher CLI uses git commands to determine the URL of the originating repo. If the repo was cloned, or otherwise set to use a repo that uses a username and credential based URL, the entire URL will be included in the built Implementation Guide, exposing username an...

Maintenance update for SUSE Manager 4.3 Release Notes

Description: This update fixes the following issues: release-notes-susemanager-proxy: Update to SUSE Manager 4.3.14 Bugs mentioned: bsc1217003, bsc1221505, bsc1225619, bsc1225960, bsc1226917 bsc1227606, bsc1228036, bsc1228345, bsc1228851, bsc1229079 bsc1229260, bsc1229339 Security update for SUSE...

Release Information for Veeam Backup for AWS 7 Patch 1

Requirements Please confirm that you are running version Veeam Backup for AWS 7 build 7.0.0.615 or later before upgrading. You can find the currently installed build number Server Version in the About section under Configuration | Support Information | Updates. After installing Veeam Backup for A...

AZL-35877 CVE-2024-28180 affecting package containerd for versions less than 1.7.13-6

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...

CVE-2015-10129 planet-freo auth.inc.php comparison

A vulnerability was found in planet-freo up to 20150116 and classified as problematic. Affected by this issue is some unknown functionality of the file admin/inc/auth.inc.php. The manipulation of the argument auth leads to incorrect comparison. The attack may be launched remotely. The complexity ...

PT-2023-6927 · Freebsd · Freebsd

Name of the Vulnerable Software and Affected Versions: FreeBSD versions 13-RELEASE through 13-RELEASE-p4 Description: The issue is related to errors in privilege management in the cap net service of the FreeBSD operating system. This could allow a remote attacker to modify the list of allowed...

PT-2023-22919 · Unknown · Wifiapautohotspotenablingactivity

Name of the Vulnerable Software and Affected Versions: WifiApAutoHotspotEnablingActivity versions prior to SMR Sep-2023 Release 1 Description: The issue is related to the improper export of android application components, allowing a local attacker to change the Auto Hotspot setting. This can be...

SUSE CVE-2022-23583

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that any binary op would trigger CHECK failures. This occurs when the protobuf part corresponding to the tensor arguments is modified such that the dtype no longer...