Duplicate Advisory: Grav has Insecure Deserialization in File Cache

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-gwfr-jfjf-92vv. This link is maintained to preserve external references. Original Description A vulnerability was found in Grav CMS up to 1.7.49.5/2.0.0-beta.1. Affected by this vulnerability is the function...

xxl-job has a Resource Injection issue

A security flaw has been discovered in Xuxueli xxl-job up to 3.3.2. Impacted is the function logDetailCat of the file xxl-job-admin/src/main/java/com/xxl/job/admin/controller/biz/JobLogController.java of the component Execution Log Handler. The manipulation of the argument logId results in improp...

PT-2026-35954

A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. The impacted element is the function Customer of the file /index.php?page=customer. The manipulation of the argument Name results in cross site scripting. The attack may be launched remotely. The exploit is no...

ROS-20260429-73-0012

A vulnerability in the pgtrgm component of the PostgreSQL database management system is related to a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges...

ROS-20260429-73-0019

A vulnerability in the PostgreSQL database management system is related to incorrect array indexing. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code in the context of the current user using specially crafted queries...

PT-2026-36013

Name of the Vulnerable Software and Affected Versions SourceCodester Pizzafy Ecommerce System version 1.0 Description An issue in the Setting Handler component allows for remote SQL injection. This occurs within the save settings function located in the '/pizzafy/admin/ajax.php?action=save...

PT-2026-36005

A security flaw has been discovered in geldata gel-mcp 0.1.0. This impacts the function list rules/fetch rule of the file src/gel mcp/server.py. The manipulation of the argument rule name results in path traversal. The attack may be performed from remote. The exploit has been released to the publ...

PT-2026-35964

A vulnerability was identified in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/wecom.py of the component WeChat Work Platform Adapter. The manipulation leads to path traversal. It is possible to initiate the attack remotely. T...

PT-2026-35963

A vulnerability was determined in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/view order.php of the component GET Parameter Handler. Executing a manipulation of the argument ID can lead to sql injection. The attack may...

Linux Distros Unpatched Vulnerability : CVE-2026-7353

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform ...

PT-2026-36021

Name of the Vulnerable Software and Affected Versions UTT HiPER 1250GW versions prior to 3.2.7-210907-180535 Description A buffer overflow occurs in the strcpy function within the 'route/goform/formTaskEdit ap' file. This issue is triggered by the manipulation of the Profile argument, allowing fo...

PT-2026-36019

Name of the Vulnerable Software and Affected Versions Algovate xhs-mcp version 0.8.11 Description An issue exists in the MCP Interface component within the xhs publish content function of the src/server/mcp.server.ts file. A remote attacker can perform server-side request forgery SSRF—a flaw that...

PT-2026-36022

Name of the Vulnerable Software and Affected Versions UTT HiPER 1250GW versions prior to 3.2.7-210907-180535 Description A buffer overflow exists in the strcpy function within the 'route/goform/ConfigAdvideo' file. This issue allows a remote attacker to trigger the flaw by manipulating the Profil...

PT-2026-36023

A weakness has been identified in BurtTheCoder mcp-dnstwist up to 1.0.4. Affected by this vulnerability is the function fuzz domain of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument Request can lead to os command injection. The attack may be launche...

ROS-20260429-73-0008

A vulnerability in the PostgreSQL database management system's oidvector data type handling function is related to reading beyond memory buffer boundaries. Exploitation of the vulnerability could allow an attacker acting remotely to expose server memory bytes and gain access to sensitive informat...

PT-2026-35939

A flaw has been found in fatbobman mail-mcp-bridge up to 1.3.3. Affected is an unknown function of the file src/mail mcp server.py. Executing a manipulation of the argument message ids can lead to path traversal. The attack can be executed remotely. The exploit has been published and may be used...

PT-2026-36015

Name of the Vulnerable Software and Affected Versions SourceCodester Pizzafy Ecommerce System version 1.0 Description A flaw in the admin panel allows for remote SQL injection, a technique where malicious SQL statements are inserted into entry fields for execution. This issue occurs within the sa...

Linux Distros Unpatched Vulnerability : CVE-2026-6993

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security flaw has been discovered in go-kratos kratos up to 2.9.2. This impacts the function NewServer of the file transport/http/server.go of the component...

Linux Distros Unpatched Vulnerability : CVE-2026-7357

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially exploit heap...

PT-2026-35977

A security vulnerability has been detected in geekgod382 filesystem-mcp-server 1.0.0. This issue affects the function is path allowed of the file server.py of the component read file tool/write file tool. Such manipulation leads to path traversal. The attack can be launched remotely. The exploit...