CVE-2026-12479

A path traversal vulnerability exists in keras-team/keras 3.14.0, in DiskIOStore.make, due to unsanitized user-provided layer names used to build directory paths (parent components not sanitized). Although forward slashes are restricted, directory traversal sequences can escape the intended tempo...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state There are several issues with the way the hyp code lazily saves the host’s FPSIMD/SVE state. These include: The host SVE state is unexpectedly discarded due to...

USN-8359-1: NNCP vulnerability

It was discovered that NNCP did not properly sanitize file paths in packet data during file requesting and file saving operations. A remote attacker could possibly use this issue to read or write arbitrary files outside of the intended directory...

CVE-2026-49103

CVE-2026-49103 affects Webmin prior to 2.640. The issue occurs in the mailboxes/detachall.cgi path where a filename is not safely constructed when saving an attachment, enabling a high-severity impact as indicated by the CVSS: 9.4 (CRITICAL) with CONFIDENTIALITY/INTEGRITY/AVAILABILITY impact. Det...

ROS-20260524-73-0047

Vulnerability in grafana related to improper saving of permissions. Exploitation of the vulnerability could allow an attacker to escalate privileges...

May 12, 2026—KB5087541 (OS Build 25398.2330)

May 12, 2026—KB5087541 OS Build 25398.2330 This cumulative update for Windows Server, version 23H2 KB5087541, includes the latest security fixes and improvements, along with non-security updates from last month’s optional preview release. To learn more about differences between security updates,...

📄 Pixa Bank 2.0 SQL Injection

Pixa Bank version 2.0 remote API SQL injection exploit. ================================================================================================================================== | Title : Pixa Bank 2.0 – API SQL Injection | | Author : indoushka | | Tested on : windows 11 FrPro / browser ...

JLSEC-2026-425 URLs containing percent-encoded slashes (`/` or `\`) can trick wcurl into saving the output file...

URLs containing percent-encoded slashes / or \ can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. This flaw only affects the wcurl command line tool...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporation. There is a security vulnerability in Qualcomm Chipsets, which stems from processing IOCTL commands when the device is in power-saving mode, resulting in memory corruption...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89 – freed unused skb objects to prevent memory leaks. This prevents potential memory leaks under power-saving mode...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010693)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010693 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: Avoid overwriting the copies of clcsock callback functions The callback functions of...

UBUNTU-CVE-2026-40494

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 45d48d1f2e8e0d73e80bc1fd5310cb57f4547302, the TGA codec's RLE decoder in tga.c has an asymmetric bounds check vulnerability. The run-packet path line 297 correctl...

CVE-2026-40494

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 45d48d1f2e8e0d73e80bc1fd5310cb57f4547302, the TGA codec's RLE decoder in tga.c has an asymmetric bounds check vulnerability. The run-packet path line 297 correctl...

CVE-2026-40492

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02, the XWD codec resolves pixel format based on pixmapdepth but the byte-swap code uses bitsperpixel independently. When...

CVE-2026-40493

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit c930284445ea3ff94451ccd7a57c999eca3bc979, the PSD codec computes bytes-per-pixel bpp from raw header fields channels depth, but the pixel buffer is allocated base...

UBUNTU-CVE-2026-40493

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit c930284445ea3ff94451ccd7a57c999eca3bc979, the PSD codec computes bytes-per-pixel bpp from raw header fields channels depth, but the pixel buffer is allocated base...

UBUNTU-CVE-2026-40492

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02, the XWD codec resolves pixel format based on pixmapdepth but the byte-swap code uses bitsperpixel independently. When...

ai-pentest-agent

🔐 AI Pentest Agent v4 Automated web application penetration...

CVE-2026-5436

The MW WP Form plugin for WordPress is vulnerable to Arbitrary File Move/Read in all versions up to and including 5.1.1. This is due to insufficient validation of the $name parameter upload field key passed to the generateuserfiledirpath function, which uses WordPress's pathjoin — a function that...

Chamilo LMS 安全漏洞

Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Versions of Chamilo LMS prior to 1.11.38 and 2.0.0-RC.3 contained security vulnerabilities. These vulnerabilitie...