Dragonfly2 < 2.1.0-beta.1 - Hardcoded JWT Secret

Dragonfly is an open source P2P-based file distribution and image acceleration system. It is hosted by the Cloud Native Computing Foundation CNCF as an Incubating Level Project. Dragonfly uses JWT to verify user. However, the secret key for JWT, "Secret Key", is hard coded, which leads to...

CVE-2026-10900

Use after free in Passwords in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

Description of the security update for SharePoint Server 2019: May 12, 2026 (KB5002870)

Description of the security update for SharePoint Server 2019: May 12, 2026 KB5002870 Summary Important: If you're currently running SharePoint Workflow Manager, you must install the SharePoint Workflow Manager KB5002799 to your farm before you install this cumulative update. If you're currently...

CVE-2026-48238 Open ISES Tickets < 3.44.2 SQL Injection via ajax/mobile_main.php id Parameter

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/mobilemain.php where the id GET parameter is concatenated into the WHERE clause of a SELECT statement used as a ticket-existence sanity check without sanitization. Authenticated attackers can craft requests that alter...

Description of the security update for Word 2016: May 12, 2026 (KB5002858)

Description of the security update for Word 2016: May 12, 2026 KB5002858 Summary This security update resolves a Microsoft Office remote code execution vulnerability and Microsoft Word Information Disclosure Vulnerability. To learn more about the vulnerabilities, see the following security...

CVE-2024-13971 Arbitrary File Read and Server Side Request Forgery via XML External Entities in Lobster_pro

Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobsterpro prior to version 4.12.6-GA. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services...

CVE-2026-5870

Integer overflow in Skia in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-35526

Strawberry GraphQL is a library for creating GraphQL APIs. Prior to 0.312.3, Strawberry GraphQL's WebSocket subscription handlers for both the graphql-transport-ws and legacy graphql-ws protocols allocate an asyncio.Task and associated Operation object for every incoming subscribe message without...

CLEANSTART-2026-SQ68600 Security fixes for CVE-2023-45288, CVE-2024-24786, CVE-2024-45338, CVE-2025-22868, CVE-2025-22869, CVE-2025-22872, CVE-2025-47911, CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-58190, CVE-2025-65637, ghsa-4f99-4q7p-p3gh, ghsa-4v7x-pqxf-cx7m, ghsa-6v2p-p543-phr9, ghsa-8r3f-844c-mc37, ghsa-f6x5-jh6r-wrfv, ghsa-hcg3-q754-cr77, ghsa-j5w8-q4qc-rx2x, ghsa-qxp5-gwg8-xv66, ghsa-v778-237x-gjrc, ghsa-vvgc-356p-c3xw applied in versions: 1.18.2-r0

Multiple security vulnerabilities affect the kube-fluentd-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2026-4736 Math Issue in No-Chicken/Echo-Mate

Improper Handling of Values vulnerability in No-Chicken Echo-Mate SDK/rv1106-sdk/sysdrv/source/kernel/include/net/netfilter modules. This vulnerability is associated with program files nftables.H‎, nftbyteorder.C‎, nftmeta.C‎. This issue affects Echo-Mate: before V250329...

Important: Red Hat Security Advisory: RHTAS 1.3.3 - Red Hat Trusted Artifact Signer Release

The 1.3.3 release of Red Hat Trusted Artifact Signer OpenShift Operator. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.3 The RHTAS Operator can be used with OpenShift Container Platform 4.16, 4.17, 4.18, 4.19...

SAMSUNG Secure Folder 安全漏洞

Samsung Secure Folder is a privacy protection software developed by South Korea’s Samsung Corporation. Versions of Samsung Secure Folder prior to the SMR Mar-2026 Release 1 had security vulnerabilities. These vulnerabilities stemmed from improper export of Android application components, which...

CVE-2026-3938

Insufficient policy enforcement in Clipboard in Google Chrome prior to 146.0.7680.71 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

PT-2026-24219

A vulnerability has been identified in SICAM SIAPP SDK All versions V2.1.7. An out-of-bounds write vulnerability exists in SICAM SIAPP SDK. This could allow an attacker to write data beyond the intended buffer, potentially leading to denial of service, or arbitrary code execution...

CLEANSTART-2026-VC01496 Security fixes for GHSA-F6X5-JH6R-WRFV, GHSA-J5W8-Q4QC-RX2X applied in versions: 0.8.4-r0

Multiple security vulnerabilities affect the k8ssandra-client-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

OpenClaw's avatar symlink traversal can expose out-of-workspace local files

Summary OpenClaw avatar handling allowed a symlink traversal path that could expose local files outside an agent workspace through gateway avatar surfaces. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.2.22 so after npm release, the remaining action is to publis...

PT-2026-22774

Name of the Vulnerable Software and Affected Versions HomeBox versions prior to 0.24.0-rc.1 Description HomeBox is a home inventory and organization system. The notifier functionality allows authenticated users to specify arbitrary URLs to which the application sends HTTP POST requests. There is ...

rustfs 跨站脚本漏洞

RustFS is a high-performance object storage system developed by RustFS. Versions of RustFS prior to 1.0.0-alpha.83 contained a cross-site scripting vulnerability. This vulnerability stems from stored-cross-site scripts and could lead to credential leakage and account takeover attacks...

Important: Red Hat Security Advisory: RHTAS 1.3.2 - Red Hat Trusted Artifact Signer Release

The 1.3.2 release of Red Hat Trusted Artifact Signer OpenShift Operator. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.3 The RHTAS Operator can be used with OpenShift Container Platform 4.16, 4.17, 4.18, 4.19...

PT-2026-21336

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.2.17 and earlier Description OpenClaw, a personal AI assistant, contains an issue in the skills/skill-creator/scripts/package skill.py script. This script previously followed symbolic links when creating .skill archives...