SenseLive X3050 跨站请求伪造漏洞

The SenseLive X3050 is a data collection and environmental monitoring device designed for IoT scenarios by SenseLive Corporation. The SenseLive X3050 has a cross-site request forgeing vulnerability. This vulnerability arises from the lack of protection against cross-site request forgeing in the w...

ClassroomIO.com 访问控制错误漏洞

ClassroomIO.com is an educational platform developed by ClassroomIO as open source. Version 0.1.13 of ClassroomIO.com contains a vulnerability related to access control. This vulnerability arises from ineffective access control, allowing low-privilege student users who are authenticated to access...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of verification of endpoint indices in the standard request processing routine, potentially...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the hwmon powerz code. This vulnerability allows for the reuse of USB devices after they are...

PT-2026-34853

CVE-2026-1949 Delta Electronics AS320T has incorrect calculation of the buffer size on the stack in the GET/PUT request handler of the web service. https://t.co/NRUjOzyfyB...

PT-2026-35057

Name of the Vulnerable Software and Affected Versions Skim affected versions not specified Description The generate-files job in the '.github/workflows/pr.yml' file checks out code from an attacker-controlled fork and executes it via the cargo run command. This process allows access to the SKIM R...

PT-2026-37169

Name of the Vulnerable Software and Affected Versions Lemmy versions prior to 0.19.18 Description An authenticated low-privileged user can trigger server-side HTTP requests toward internal services. This occurs when a user creates a link post in a public community via the "POST /api/v3/post"...

PT-2026-35031

Name of the Vulnerable Software and Affected Versions Dgraph versions prior to 25.3.3 Description An issue exists in Dgraph that allows an unauthenticated attacker to gain full read access to all data in the database. This occurs in the default configuration where Access Control Lists ACL are...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the smbdirectsendbatch process. In this process, requests may not be signaled with IBSENDSIGNALED...

Press 跨站请求伪造漏洞

Press is a custom application developed by Frappe that runs Frappe Cloud. Press has a cross-site request forgeing vulnerability. This vulnerability stems from the press.api.account.createapisecret endpoint, which is vulnerable to CSRF attacks. This endpoint can be accessed via a GET request and...

skim 代码注入漏洞

Skim is a fuzzy search and rapid file location tool developed by skim-rs. Skim has a code injection vulnerability, which stems from the generate-files task in pr.yml checking and executing forked code controlled by the attacker, potentially leading to key leakage. The following versions are...

EUVD-2025-209575

A Broken Access Control vulnerability exists in ClassroomIO v0.1.13 where an authenticated low-privileged "student" user can access unauthorized course-level information by modifying intercepted API requests. Changing a captured POST request to a GET request against the /rest/v1/course PostgREST...

D-Link DIR-823X Command Injection Vulnerability

D-Link DIR-823X contains a command injection vulnerability that allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/setprohibiting via the corresponding function. The impacted product could be end-of-life EoL and/or end-of-service EoS...

LangChain 代码问题漏洞

LangChain is an open-source framework developed by LangChain for creating applications powered by large language models LLMs. Versions of LangChain prior to 1.1.14 contained code vulnerabilities. These vulnerabilities stemmed from the urltosize helper function in langchain-openai, which, after...

SUSE SLES15 Security Update : haproxy (SUSE-SU-2026:1568-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:1568-1 advisory. This update for haproxy fixes the following issue: - CVE-2026-33555: Request smuggling via HTTP/3 parser desynchronization bsc1262103. Tenable has...

openSUSE 16 Security Update : tomcat10 (openSUSE-SU-2026:20612-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20612-1 advisory. - Update to Tomcat 10.1.54 - CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. - CVE-2026-25854: Occasionally open...

openSUSE 16 Security Update : tomcat (openSUSE-SU-2026:20611-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20611-1 advisory. - CVE-2026-24880: Request smuggling via invalid chunk extension bsc1261850. - CVE-2026-25854: Occasionally open redirect bsc1261851. -...

CVE-2026-41361

OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fails to block four IPv6 special-use ranges. Attackers can exploit this by crafting URLs targeting internal or non-routable IPv6 addresses to bypass SSRF protections...

CVE-2026-32210

Server-side request forgery ssrf in Microsoft Dynamics 365 Online allows an unauthorized attacker to perform spoofing over a network...

CVE-2026-2708

A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soupmessageheadersappendcommon function in libsoup/soup-message-headers.c unconditionally appends each header value without validating for duplicate or conflicting Content-Length fields. This allows an attacker...