CVE-2026-11466

CVE-2026-11466 affects the zilliztech deep-searcher up to version 0.0.2. The issue is in deepsearcher/agent/collection_router.py (function CollectionRouter.invoke ), where argument kwargs manipulation leads to improper access controls. This enables remote exploitation ; the exploit is publicly av...

[SECURITY] [DSA 6327-1] request-tracker4 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6327-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 07, 2026 https://www.debian.org/security/faq -...

CVE-2026-9658

Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths. The header injection rule was ineffective at blocking header injections in the request paths unless they were double-encoded, for example, GET /path\r\nHTTP/1.1\r\nHost:...

Exploit for Authentication Bypass Using an Alternate Path or Channel in Mobyproject Moby

CVE-2026-34040 Full Lab PoC Docker/Moby AuthZ Plugin Bypass...

CVE-2026-11456 Chanjet CRM HTTP GET Request jxf_dump_systable.php sql injection

A vulnerability was identified in Chanjet CRM 1.0. This affects an unknown part of the file /tools/jxfdumpsystable.php of the component HTTP GET Request Handler. Such manipulation of the argument gblOrgID leads to sql injection. The attack may be launched remotely. The exploit is publicly availab...

EUVD-2026-34986

A vulnerability was identified in Chanjet CRM 1.0. This affects an unknown part of the file /tools/jxfdumpsystable.php of the component HTTP GET Request Handler. Such manipulation of the argument gblOrgID leads to sql injection. The attack may be launched remotely. The exploit is publicly availab...

CVE-2026-45776

OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, a flaw in Open XDMoD's access control logic allows an attacker to submit a crafted HTTPS POST request that sets a session variable used for authorization decisions. If an installation of Open XDMoD...

Linux Distros Unpatched Vulnerability : CVE-2025-68616

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery SSRF protection bypass exists in WeasyPrint's...

PT-2026-47190

Name of the Vulnerable Software and Affected Versions BeikeShop versions prior to 1.6.0.22 Description Improper authorization exists in the Stripe Plugin component. A remote attacker can manipulate the Request argument within the callback function of the file...

CVE-2026-48925

A cross-site request forgery CSRF vulnerability in Jenkins GitHub Integration Plugin 0.7.3 and earlier allows attackers to attackers to trigger a build for a pull request...

CVE-2026-44902

opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 0.217.0, a single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics endpoint default 0.0.0.0:9464 has no error handling around URL parsing, so a request with an invalid...

CVE-2026-11441

The CVE-2026-11441 affects Theonedev Onedev (up to 15.0.5) specifically the Pull Request Handler’s canAccessIssue function in the /issues/ path. The issue arises from manipulation of the issue argument, causing improper authorization. Exploitation is possible remotely. A fix is available in versi...

CVE-2026-11441 theonedev Pull Request issues canAccessIssue improper authorization

A vulnerability was identified in theonedev onedev up to 15.0.5. This vulnerability affects the function canAccessIssue of the file /issues/ of the component Pull Request Handler. Such manipulation of the argument issue leads to improper authorization. It is possible to launch the attack remotely...

EUVD-2026-34976

A vulnerability was identified in theonedev onedev up to 15.0.5. This vulnerability affects the function canAccessIssue of the file /issues/ of the component Pull Request Handler. Such manipulation of the argument issue leads to improper authorization. It is possible to launch the attack remotely...

CVE-2026-11441 theonedev Pull Request issues canAccessIssue improper authorization

A vulnerability was identified in theonedev onedev up to 15.0.5. This vulnerability affects the function canAccessIssue of the file /issues/ of the component Pull Request Handler. Such manipulation of the argument issue leads to improper authorization. It is possible to launch the attack remotely...

[SECURITY] [DSA 6324-1] request-tracker5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6324-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 06, 2026 https://www.debian.org/security/faq -...

CVE-2026-11346

A Server-Side Request Forgery SSRF vulnerability in the custom process creation feature of linqi allows an authenticated attacker to probe internal network components. By crafting a specific process containing an HTTP Request component, an attacker can force the server to send arbitrary HTTP...

EUVD-2025-26342

Cross-Site Request Forgery CSRF vulnerability in Akınsoft QR Menü allows Cross Site Request Forgery. This issue affects QR Menü: from s1.05.06 before v1.05.12...

BIT-DJANGO-2026-6873 Signed cookie salt namespace collision in django.http.HttpRequest.get_signed_cookie

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.http.HttpRequest.getsignedcookie in Django uses a non-injective salt derivation concatenating the cookie name and salt argument, which allows a remote attacker to use a cookie in a context different from the one wher...

DedeCMS 5.7SP2 - Cross-Site Request Forgery/Remote Code Execution

DedeCMS 5.7SP2 is susceptible to cross-site request forgery with a corresponding impact of arbitrary code execution because the partcode parameter in a tagtestaction.php request can specify a runphp field in conjunction with PHP code. id: CVE-2018-7700 info: name: DedeCMS 5.7SP2 - Cross-Site...