CVE-2026-7061

A weakness has been identified in Toowiredd chatgpt-mcp-server up to 0.1.0. Affected by this issue is some unknown functionality of the file src/services/docker.service.ts of the component MCP/HTTP. This manipulation causes os command injection. Remote exploitation of the attack is possible. The...

oci-utils security update

-- 0.14.0-22 - Rework systemd service file creation. Orabug: 39316494...

CVE-2026-8026

FlowiseAI Flowise up to version 3.0.12 contains a security flaw in the API Response Handler, specifically in the function Login of packages/server/src/enterprise/services/account.service.ts. The manipulation leads to information disclosure and can be exploited remotely. The reported attack comple...

CVE-2026-7061 Toowiredd chatgpt-mcp-server MCP/HTTP docker.service.ts os command injection

A weakness has been identified in Toowiredd chatgpt-mcp-server up to 0.1.0. Affected by this issue is some unknown functionality of the file src/services/docker.service.ts of the component MCP/HTTP. This manipulation causes os command injection. Remote exploitation of the attack is possible. The...

EUVD-2026-21968

Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL Injection in the file /rsms/admin/services/viewservice.php...

CVE-2026-36947

Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL Injection in the file /rsms/admin/services/viewservice.php...

SourceCodester Computer and Mobile Repair Shop Management system 安全漏洞

The SourceCodester Computer and Mobile Repair Shop Management system is a simple PHP project open source by SourceCodester. It provides a website that displays information about the store. This project also manages customers’ repair records; if their devices have been repaired or serviced,...

CVE-2026-36947

Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL Injection in the file /rsms/admin/services/viewservice.php...

Linux Distros Unpatched Vulnerability : CVE-2026-23921

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A low privilege Zabbix user with API access can exploit a blind SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL...

CVE-2026-4528 trueleaf ApiFlow URL Validation http_proxy.service.ts validateUrlSecurity server-side request forgery

A vulnerability was determined in trueleaf ApiFlow 0.9.7. The impacted element is the function validateUrlSecurity of the file packages/server/src/service/proxy/httpproxy.service.ts of the component URL Validation Handler. This manipulation causes server-side request forgery. Remote exploitation ...

GHSA-JC5M-WRP2-QQ38 Flowise Vulnerable to PII Disclosure on Unauthenticated Forgot Password Endpoint

Summary The /api/v1/account/forgot-password endpoint returns the full user object including PII id, name, email, status, timestamps in the response body instead of a generic success message. This exposes sensitive user information to unauthenticated attackers who only need to know a valid email...

Google Android 安全漏洞

Google Android is an open-source operating system based on Linux, developed by Google Inc. There are security vulnerabilities in Google Android, which stem from improper input validation in multiple functions of the ProfilingService.java file. These vulnerabilities may lead to persistent...

CVE-2025-10314

CVE-2025-10314 concerns Mitsubishi Electric Corporation FREQSHIP-mini for Windows (versions 8.0.0–8.0.2). Affected component is the installation directory’s service executables or DLLs, with root cause described as incorrect default permissions. Local attackers can execute arbitrary code with sys...

OPENSUSE-SU-2026:20060-1 Security update for cargo-c

This update for cargo-c fixes the following issues: - CVE-2025-4574: crossbeam-channel: Fixed double-free on drop in Channel::discardallmessages bsc1243179 - CVE-2025-58160: tracing-subscriber: Fixed log pollution bsc1249012 - CVE-2024-12224: idna: Fixed improper validation of Punycode labels...

CVE-2025-57212

Incorrect access control in the component ApiOrderService.java of platform v1.0.0 allows attackers to access sensitive information via a crafted request...

CVE-2025-40212 nfsd: fix refcount leak in nfsd_set_fh_dentry()

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix refcount leak in nfsdsetfhdentry nfsd exports a "pseudo root filesystem" which is used by NFSv4 to find the various exported filesystems using LOOKUP requests from a known root filehandle. NFSv3 uses the MOUNT protocol ...

CVE-2025-11700 N-central Multiple XXE Injection Vulnerabilities

N-central versions 2025.4 are vulnerable to multiple XML External Entities injection leading to information disclosure...

CVE-2025-11700

N-able N-Central is affected by CVE-2025-11700. Versions earlier than 2025.4 are vulnerable to an XML External Entity (XXE) injection, enabling information disclosure. Remediation: upgrade to version 2025.4 or later.

Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Out-of-Bounds Write Vulnerabilities (CNVD-2025-27470)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are vulnerable to an out-of-bounds write vulnerability that stems from the fact that...

CVE-2025-12602

/etc/avahi/services/z9.service can be Arbitrarily Written.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...