EUVD-2026-31431

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to archive the channel before removing persistent notifications which allows authenticated user to crash the server via timing the creation of persistent notification message between the server deleting...

360solutions-bc-mcp (=0.5.3), advanced-yaml (>=0.3.4 <=0.4.3) +299 more potentially affected by CVE-2026-44432 via urllib3 (>=2.6.0 <=2.6.3)

urllib3 PYPI version =2.6.0, =0.3.4, =0.1.0, =0.5.0, =0.24.2, =0.1.0, =0.1.0, =0.1.0, =0.5.0, =1.0.5, =26.1.0, =2.0.2, =0.45.0, =0.51.0 - auditize =0.10.0 and more Source cves: CVE-2026-44432 Source advisory: OSV:GHSA-MF9V-MFXR-J63J...

CVE-2026-2311

IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI authorization check. A malicious actor could cause user-controlled code to run with administrator privilege...

Wireshark 代码问题漏洞

Wireshark is a set of network packet analysis software developed by the Wireshark team. The software’s function is to capture network packets and display detailed data for analysis. Versions of Wireshark from 4.6.0 to 4.6.4 had code vulnerabilities that could lead to a denial-of-service attack du...

PT-2026-36064

Name of the Vulnerable Software and Affected Versions Wireshark versions 4.6.0 through 4.6.4 Wireshark versions 4.4.0 through 4.4.14 Description A crash in the ASN.1 PER protocol dissector allows for a denial of service. Recommendations Update versions 4.6.0 through 4.6.4 to a newer version...

PT-2026-36061

Name of the Vulnerable Software and Affected Versions Wireshark versions 4.6.0 through 4.6.4 Wireshark versions 4.4.0 through 4.4.14 Description An infinite loop in the GNW protocol dissector allows for a denial of service. Recommendations Update Wireshark versions 4.6.0 through 4.6.4 to a versio...

CVE-2025-36375 IBM DataPower Gateway vulnerable to CSRF

IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and...

GHSA-382Q-FPQH-29F7 `polymarket-clients-sdk` was removed from crates.io for malicious code

It appeared to be typosquatting existing crate polymarket-client-sdk clients vs client and attempting to steal credentials from local files. The malicious crate had 6 versions published on 2026-02-05 and had been downloaded only 59 times. There were no crates depending on this crate on crates.io...

`polymarket-clients-sdk` was removed from crates.io for malicious code

It appeared to be typosquatting existing crate polymarket-client-sdk clients vs client and attempting to steal credentials from local files. The malicious crate had 6 versions published on 2026-02-05 and had been downloaded only 59 times. There were no crates depending on this crate on crates.io...

Npm Package Targeting GitHub-Owned Repositories Flagged as Red Team Exercise

Cybersecurity researchers have discovered a malicious npm package named "@acitons/artifact" that typosquats the legitimate "@actions/artifact" package with the intent to target GitHub-owned repositories. "We think the intent was to have this script execute during a build of a GitHub-owned...

Apple iOS和Apple iPadOS 安全漏洞

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS prior to version 26 and Apple iPadOS prior to version 26, which arises from t...

CVE-2025-27924

Nintex Automation 5.6 and 5.7 before 5.8 has a stored XSS issue associated with the "Navigate to a URL" action...

`sophosfirewall-python` was removed from crates.io for malicious code

sophosfirewall-python was part of a campaign that attempted to exfiltrate environmental data from the host. The malicious crate had 6 versions published in February 2025, and had no evidence of actual usage. This crate had no dependencies on crates.io...

CVE-2024-51186

D-Link DIR-820L 1.05b03 was discovered to contain a remote code execution RCE vulnerability via the pingaddr parameter in the pingv4 and pingv6 functions...

PT-2024-32601 · Unknown · Webvitaly Page-List

Name of the Vulnerable Software and Affected Versions: Webvitaly Page-list versions n/a through 5.6 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. The vulnerability is du...

Zephyr Security Breach

Zephyr is an extensible real-time operating system RTOS open-sourced by the Zephyr Project. A security vulnerability exists in Zephyr 3.6 and earlier versions, which stems from the presence of a null pointer dereference that could allow an attacker to launch a denial-of-service attack against a...

PT-2023-8311 · Powercms · Powercms

Name of the Vulnerable Software and Affected Versions: PowerCMS versions 4 Series through 6 Series PowerCMS versions 3 Series and earlier Description: The issue is related to an open redirect vulnerability. It allows a remote attacker to redirect users to arbitrary web sites via a specially craft...

CVE-2023-33725

Broadleaf 5.x and 6.x including 5.2.25-GA and 6.2.6-GA was discovered to contain a cross-site scripting XSS vulnerability via a customer signup with a crafted email address. This is fixed in 6.2.6.1-GA...

DEBIAN-CVE-2023-33285

An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server...

Jspreadsheet CE 跨站脚本漏洞

Jspreadsheet CE is Jspreadsheet open source a lightweight javascript plugin . Used to create web-based interactive tables and spreadsheets compatible with other spreadsheet software . A security vulnerability exists in Jspreadsheet CE versions prior to v4.6.0, which stems from a cross-site...