PYSEC-2026-199

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.http.HttpRequest.getsignedcookie in Django uses a non-injective salt derivation concatenating the cookie name and salt argument, which allows a remote attacker to use a cookie in a context different from the one wher...

CVE-2026-10691

A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This impacts an unknown function of the file src/search-manager.ts of the component startsearch. Performing a manipulation of the argument SearchResult results in inefficient regular expression complexity. It is...

CVE-2026-7598

A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauthpassword of the file src/userauth.c. Such manipulation of the argument usernamelen/passwordlen leads to integer overflow. The attack may be launched remotely. The name of the patch is...

CVE-2026-7316

A vulnerability has been found in eiliyaabedini aider-mcp up to 667b914301aada695aab0e46d1fb3a7d5e32c8af. Affected is an unknown function of the file aidermcp.py of the component codewithai. The manipulation of the argument workingdir/editablefiles leads to command injection. The attack may be...

CVE-2026-6990

A vulnerability was found in projeto-siga siga 11.0.3.18. The affected element is an unknown function of the file /sigawf/app/responsavel/novo. Performing a manipulation of the argument Nome/Descrição results in cross site scripting. The attack can be initiated remotely. The exploit has been made...

CVE-2026-5986 Zod jsVideoUrlParser util.js getTime redos

A weakness has been identified in Zod jsVideoUrlParser up to 0.5.1. The impacted element is the function getTime in the library lib/util.js. This manipulation of the argument timestamp causes inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit ha...

UBUNTU-CVE-2026-5313

A vulnerability has been found in Nothings stb up to 2.30. This issue affects the function stbigifloadnext in the library stbimage.h of the component GIF Decoder. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and ma...

CVE-2026-4500

A vulnerability was identified in bagofwords1 bagofwords up to 0.0.297. This impacts the function generatedf of the file backend/app/ai/codeexecution/codeexecution.py. Such manipulation leads to injection. The attack may be launched remotely. The exploit is publicly available and might be used...

PT-2026-23520

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.2 Description The software does not properly validate Windows cmd.exe metacharacters in allowlist-gated exec requests, potentially allowing attackers to bypass command approval restrictions. Attackers can craf...

CVE-2025-13190

A vulnerability was found in D-Link DIR-816L 206b09beta. This vulnerability affects the function scandirmain of the file /portal/ajaxexporer.sgi. The manipulation of the argument en results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been made public a...

Medium: ghostscript

Issue Overview: A vulnerability was found in Artifex GhostPDL up to 3989415a5b8e99b9d1b87cc9902bde9b7cdea145. It has been classified as problematic. This affects the function pdfferror of the file devices/vector/gdevpdf.c of the component New Output File Open Error Handler. The manipulation leads...

The vulnerability of the ieee802154hdr_peek_addrs() function in the Linux operating system allows a hacker to influence the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the ieee802154hdrpeekaddrs function in the Linux operating system is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability could allow a remote attacker to compromise the confidentiality, integrity, and accessibility of t...

UBUNTU-CVE-2025-3408

A vulnerability was found in Nothings stb up to f056911. It has been rated as critical. Affected by this issue is the function stbdupreplace. The manipulation leads to integer overflow. The attack may be launched remotely. Continious delivery with rolling releases is used by this product...

The vulnerability in the envoy.load_shed_points.http1_server_abort_dispatch configuration of the proxy server allows a hacker to trigger a service failure.

The vulnerability of the envoy.loadshedpoints.http1serverabortdispatch configuration on the proxy server is related to incorrect implementation of control flow management. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

The vulnerability in the bsw_fix.cgi script of Netgear R8500 router software allows a hacker to execute arbitrary commands.

The vulnerability of the bswfix.cgi script of the Netgear R8500 router software relates to the failure to eliminate special elements used in the operating system’s commands when processing the wangateway parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary comman...

CVE-2024-10608 code-projects Courier Management System login.php sql injection

A vulnerability was found in code-projects Courier Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /login.php. The manipulation of the argument txtusername leads to sql injection. The attack may be initiated remotely. The exploit has be...

DEBIAN-CVE-2024-7272

A vulnerability, which was classified as critical, was found in FFmpeg up to 5.1.5. This affects the function fillaudiodata of the file /libswresample/swresample.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. This issue was fixed in versio...

The vulnerability of the nbd_get_size() function in the libnbd library, which allows a hacker to cause a service failure

The vulnerability of the nbdgetsize function in the libnbd library is related to responses received by the server from blocks that are larger than 2^63 bytes. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

CVE-2024-7330 YouDianCMS ydLib.php curl_exec server-side request forgery

A vulnerability has been found in YouDianCMS 7 and classified as critical. Affected by this vulnerability is the function curlexec of the file /App/Core/Extend/Function/ydLib.php. The manipulation of the argument url leads to server-side request forgery. The attack can be launched remotely. The...

CVE-2024-6938

SiYuan 3.1.0 is affected by CVE-2024-6938 in the PDF Handler’s PDF.js functionality. The vulnerability enables cross-site scripting via the PDF.js component, with remote exploitation possible. The PT-2024-37976 entry confirms this affects SiYuan 3.1.0 and attributes the issue to the PDF.js file w...