CVE-2026-32711 pydicom: Path traversal in FileSet/DICOMDIR ReferencedFileID allows file access outside the File-set root

pydicom is a pure Python package for working with DICOM files. Versions 2.0.0-rc.1 through 3.0.1 are vulnerable to Path Traversal through a maliciously crafted DICOMDIR ReferencedFileID when it is set to a path outside the File-set root. pydicom resolves the path only to confirm that it exists, b...

CVE-2026-32711 pydicom: Path traversal in FileSet/DICOMDIR ReferencedFileID allows file access outside the File-set root

pydicom is a pure Python package for working with DICOM files. Versions 2.0.0-rc.1 through 3.0.1 are vulnerable to Path Traversal through a maliciously crafted DICOMDIR ReferencedFileID when it is set to a path outside the File-set root. pydicom resolves the path only to confirm that it exists, b...

PT-2026-26652

A vulnerability was determined in Tenda A18 Pro 02.03.02.28. The impacted element is the function sub 423B50 of the file /goform/setMacFilterCfg of the component MAC Filtering Configuration Endpoint. Executing a manipulation of the argument deviceList can lead to stack-based buffer overflow. The...

Linux Distros Unpatched Vulnerability : CVE-2026-23272

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: nftables: unconditionally bump set-nelems before insertion In case that the set is full, a new element gets published then removed without waiting fo...

PT-2026-26648

A vulnerability was found in Tenda A18 Pro 02.03.02.28. The affected element is the function set qosMib list of the file /goform/formSetQosBand. Performing a manipulation of the argument list results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit ha...

CVE-2026-23272

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: unconditionally bump set-nelems before insertion In case that the set is full, a new element gets published then removed without waiting for the RCU grace period, while RCU reader can be walking over it...

libde265 安全漏洞

libde265 is a video codec developed under open source by Struktur AG. Versions of libde265 prior to 1.0.17 contained security vulnerabilities; these vulnerabilities were caused by handling H.265 PPS NAL units with incorrect formats, leading to segmentation violations...

Tenda A18 Pro 安全漏洞

The Tenda A18 Pro is a wireless signal extender produced by the Chinese company Tenda. Version 02.03.02.28 of the Tenda A18 Pro contains a security vulnerability. This vulnerability stems from a stack buffer overflow issue in the fromSetIpMacBind function within the file /goform/SetIpMacBind,...

Tenda A18 安全漏洞

The Tenda A18 is a AC1200 dual-band Wi-Fi repeater produced by the Chinese company Tenda. The Tenda A18 Pro version, at build number 02.03.02.28, contains a security vulnerability. This vulnerability stems from a stack buffer overflow in the function formfastsettingwifiset found in the...

PT-2026-26678

Name of the Vulnerable Software and Affected Versions libde265 versions prior to 1.0.17 Description libde265 is an open source implementation of the h.265 video codec. A crafted HEVC bitstream can cause an out-of-bounds heap write. This occurs due to a stale ctb info.log2unitSize after an SPS...

CVE-2026-32013

OpenClaw is affected: versions prior to 2026.2.25 contain a symlink traversal in agents.files.get and agents.files.set that can read/write files outside the agent workspace. Attackers can access arbitrary host files within gateway process permissions by following symlinked allowlisted files, whic...

EUVD-2026-13275

OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in the agents.files.get and agents.files.set methods that allows reading and writing files outside the agent workspace. Attackers can exploit symlinked allowlisted files to access arbitrary host files within gateway...

CVE-2026-32013 OpenClaw < 2026.2.25 - Symlink Traversal in agents.files Methods

OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in the agents.files.get and agents.files.set methods that allows reading and writing files outside the agent workspace. Attackers can exploit symlinked allowlisted files to access arbitrary host files within gateway...

Juju has unauthorized access to out-of-scope Kubernetes secrets

Summary Grantee is able to update secret content using the secret-set tool due to broad Kubernetes access policy. Implications are that it is possible, knowing a Kubernetes secret identifier e.g. name, to patch without affecting the secret, revealing the value, or, patching while affecting the...

GHSA-439W-V2P7-PGGC Juju has unauthorized access to out-of-scope Kubernetes secrets

Summary Grantee is able to update secret content using the secret-set tool due to broad Kubernetes access policy. Implications are that it is possible, knowing a Kubernetes secret identifier e.g. name, to patch without affecting the secret, revealing the value, or, patching while affecting the...

EUVD-2026-12819

Juju has unauthorized access to out-of-scope Kubernetes secrets...

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to improper authorization in the secret-set process. An attacker can gain unauthorized access to and modify Kubernetes secrets by exploiting insufficient access controls, allowing them to read or alter secret...

AVideo: IDOR - Any Admin Can Set Another User's Channel Password via setPassword.json.php

Summary The setPassword.json.php endpoint in the CustomizeUser plugin allows administrators to set a channel password for any user. Due to a logic error in how the submitted password value is processed, any password containing non-numeric characters is silently coerced to the integer zero before...

Authorization Bypass Through User-Controlled Key

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the setPassword.json.php endpoint. An attacker can gain unauthorized access to protected channels by submitting...

GHSA-6547-8HRG-C55M AVideo: IDOR - Any Admin Can Set Another User's Channel Password via setPassword.json.php

Summary The setPassword.json.php endpoint in the CustomizeUser plugin allows administrators to set a channel password for any user. Due to a logic error in how the submitted password value is processed, any password containing non-numeric characters is silently coerced to the integer zero before...