712 matches found
PT-2026-39821
Name of the Vulnerable Software and Affected Versions iOS versions prior to 26.5 iPadOS versions prior to 26.5 macOS Tahoe versions prior to 26.5 tvOS versions prior to 26.5 Description A null pointer dereference—a condition where a program attempts to read or write to a memory location that is...
PT-2026-39824
Name of the Vulnerable Software and Affected Versions iOS versions prior to 26.5 iPadOS versions prior to 26.5 macOS Tahoe versions prior to 26.5 visionOS versions prior to 26.5 watchOS versions prior to 26.5 Description A permissions issue exists where an app may be able to bypass certain Privac...
PT-2026-39772
Name of the Vulnerable Software and Affected Versions iOS versions prior to 18.7.9 iPadOS versions prior to 18.7.9 iOS versions prior to 26.5 iPadOS versions prior to 26.5 macOS Tahoe versions prior to 26.5 tvOS versions prior to 26.5 visionOS versions prior to 26.5 watchOS versions prior to 26.5...
PT-2026-39805
An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to capture a user's screen...
Apple多款产品 安全漏洞
Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Apple VisionOS is an operating system designed for AR glasses. Several Apple products have security...
python-tornado security update
6.5.5-1.1 - Update to 6.5.5 Resolves: RHEL-160934...
Wireshark 4.6.x < 4.6.5 Multiple Vulnerabilities (macOS)
The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 4.6.5. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-4.6.5 advisory. - RF4CE Profile protocol dissector crash in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of...
CVE-2026-41894
SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, the fix for CVE-2026-30869 only added a denylist check IsSensitivePath but did not address the root cause — a redundant url.PathUnescape call in serveExport. An authenticated attacker can use double URL encoding...
CVE-2026-41421 SiYuan Desktop Notification XSS Leads to Electron RCE
SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, SiYuan desktop renders notification messages as raw HTML inside an Electron renderer. The notification route POST /api/notification/pushMsg accepts a user-controlled msg value, forwards it through the backend broadcast...
Unity Linux 20.1070a Security Update: pcs (UTSA-2026-007275)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007275 advisory. Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the server's...
CVE-2026-34623
Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of thi...
CVE-2026-34624
Adobe Experience Manager (AEM) up to version 6.5.24, FP11.7 and earlier is affected by a DOM-based XSS (CWE-79). The issue allows an attacker to manipulate the DOM to execute malicious JavaScript in the victim’s browser, with exploitation requiring user interaction (victim visits a crafted webpag...
PT-2026-32898
Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of thi...
WordPress SpeakOut! Email Petitions plugin <= 4.6.5 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin SpeakOut! Email Petitions versions = 4.6.5...
OESA-2026-1905 ncurses security update
The ncurses new curses library is a free software emulation of curses in System V Release 4.0 SVr4, and more. It uses terminfo format, supports pads and color and multiple highlights and forms characters and function-key mapping, and has all the other SVr4-curses enhancements over BSD curses. SVr...
CVE-2026-27460 Tandoor Recipes Affected by Denial of Service via Recipe Import
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.5, a critical Denial of Service DoS vulnerability was in the recipe import functionality. This vulnerability allows an authenticated user to crash the server or make a significantly...
Tandoor Recipes 安全漏洞
Tandoor Recipes is an open-source application developed by Tandoor Recipes for managing recipes, planning meals, creating shopping lists, and more. Versions of Tandoor Recipes prior to 2.6.5 contained security vulnerabilities. These vulnerabilities stemmed from defects in the recipe import...
CVE-2026-34782 Zammad has improper access control in AI assistance controller for text tools
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the REST endpoint POST /api/v1/aiassistance/texttools/:id was not checking if a user is privileged to use the text tool, resulting in being able to use it in all situations. This vulnerability is fixed i...
CVE-2026-34721 Zammad has Cross-site request forgery (CSRF) in OAuth callback endpoints
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the OAuth callback endpoints for Microsoft, Google, and Facebook external credentials do not validate a CSRF state parameter. This vulnerability is fixed in 7.0.1 and 6.5.4...
EUVD-2026-20559
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the webhook model was missing a proper validation for loop back addresses, or link-local addresses — only the URL scheme HTTP/HTTPS as well as the hostname was checked. This could end up in retrieving...