USN-8087-1 python-cryptography vulnerability

It was discovered that python-cryptography incorrectly handled subgroup validation for SECT curves. A remote attacker could use this issue to perform a subgroup attack and possibly recover the least significant bits of private keys...

USN-8087-1: python-cryptography vulnerability

It was discovered that python-cryptography incorrectly handled subgroup validation for SECT curves. A remote attacker could use this issue to perform a subgroup attack and possibly recover the least significant bits of private keys...

SUSE CVE-2026-3917

Use after free in Agents in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2026-3941

Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

Duplicate Advisory: OpenClaw: Skill env override host env injection via applySkillConfigEnvOverrides (defense-in-depth)

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-82g8-464f-2mv7. This link is maintained to preserve external references. Original Description A vulnerability was determined in OpenClaw 2026.2.19-2. This vulnerability affects the function...

EUVD-2026-11563

A vulnerability was determined in OpenClaw 2026.2.19-2. This vulnerability affects the function applySkillConfigenvOverrides of the component Skill Env Handler. Executing a manipulation can lead to code injection. It is possible to launch the attack remotely. Upgrading to version 2026.2.21-beta.1...

CVE-2026-4039 OpenClaw Skill Env applySkillConfigenvOverrides code injection

A vulnerability was determined in OpenClaw 2026.2.19-2. This vulnerability affects the function applySkillConfigenvOverrides of the component Skill Env Handler. Executing a manipulation can lead to code injection. It is possible to launch the attack remotely. Upgrading to version 2026.2.21-beta.1...

CVE-2026-4013

A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown function of the file addadmin.php. Such manipulation leads to improper authorization. The attack may be launched remotely...

CVE-2026-4013 SourceCodester Web-based Pharmacy Product Management System add_admin.php improper authorization

A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown function of the file addadmin.php. Such manipulation leads to improper authorization. The attack may be launched remotely...

CVE-2026-3990 CesiumGS CesiumJS standalone.html cross site scripting

A security flaw has been discovered in CesiumGS CesiumJS up to 1.137.0. Affected by this issue is some unknown functionality of the file Apps/Sandcastle/standalone.html. The manipulation of the argument c results in cross site scripting. The attack can be launched remotely. The exploit has been...

CVE-2026-3984

Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1 is affected by a cross site scripting (XSS) vulnerability in save_up_athlete.php via the a_name parameter. Remote exploitation is possible and public exploits exist. Root cause: inadequate input handling in the PHP file leadi...

EUVD-2026-11497

A flaw has been found in Tenda i3 1.0.0.62204. Affected is the function formwrlSSIDget of the file /goform/wifiSSIDget. Executing a manipulation of the argument index can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been published and may be used...

CVE-2026-3977 projectsend AJAX Endpoints authorization

A security vulnerability has been detected in projectsend up to r1945. The affected element is an unknown function of the component AJAX Endpoints. The manipulation leads to missing authorization. The attack can be initiated remotely. The identifier of the patch is...

CVE-2026-3974 Tenda W3 HTTP exeCommand formexeCommand stack-based overflow

A vulnerability was identified in Tenda W3 1.0.0.32204. This vulnerability affects the function formexeCommand of the file /goform/exeCommand of the component HTTP Handler. Such manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be performed from remote. Th...

CVE-2026-3970

CVE-2026-3970 affects Tenda i3 1.0.0.6(2204). The vulnerability is in the function formwrlSSIDget of the file /goform/wifiSSIDget, where manipulation of the argument index can trigger a stack-based buffer overflow . It can be exploited remotely, and a working exploit has been published. The provi...

EUVD-2026-11476

A vulnerability has been found in Woahai321 ListSync up to 0.6.6. This issue affects the function requests.post of the file list-sync-main/apiserver.py of the component JSON Handler. The manipulation leads to server-side request forgery. The attack is possible to be carried out remotely. The...

EUVD-2026-11434

Use after free in TextEncoding in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

EUVD-2026-11438

Use after free in WebMIDI in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

PT-2026-24930

A vulnerability was detected in Tenda W3 1.0.0.32204. This vulnerability affects unknown code of the file /goform/wifiSSIDget of the component POST Parameter Handler. Performing a manipulation of the argument index results in stack-based buffer overflow. It is possible to initiate the attack...

PT-2026-24935

A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown function of the file add admin.php. Such manipulation leads to improper authorization. The attack may be launched remotely...