743 matches found
CVE-2026-24399
ChatterMate is a no-code AI chatbot agent framework. In versions 1.0.8 and below, the chatbot accepts and executes malicious HTML/JavaScript payloads when supplied as chat input. Specifically, an payload containing a javascript: URI can be processed and executed in the browser context. This allow...
Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition for IBM Content Collector for SAP Applications
Summary Multiple Vulnerabilities were disclosed as part of the Oracle January 2026 Critical Patch Update. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow a remote attacker to cause high confidentiality impac...
CVE-2022-37939
A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. The vulnerability could be locally exploited to allow disclosure of information. HPE has made the following software to resolve the vulnerability in HPE Superdome Flex Servers v3.65.8 and...
CVE-2019-11996
Potential security vulnerabilities have been identified with HPE Nimble Storage systems in multi array group configurations. The vulnerabilities could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, and all subsequent releases, contain a...
CVE-2022-23565
Tensorflow is an Open Source Machine Learning Framework. An attacker can trigger denial of service via assertion failure by altering a SavedModel on disk such that AttrDefs of some operation are duplicated. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on...
CVE-2025-1700
A DLL hijacking vulnerability was reported in the Motorola Software Fix Rescue and Smart Assistant installer that could allow a local attacker to escalate privileges during installation of the software...
CVE-2025-48721
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Q...
PT-2026-26141
HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. In the cram decode slice function called while reading CRAM records, validation of the reference id field occurred too late, allowing two out of bounds...
CVE-2025-43393
A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to break out of its sandbox...
PT-2025-51016
Name of the Vulnerable Software and Affected Versions macOS versions prior to 15.7.3 Description A flaw exists in macOS on Intel-based Mac computers related to code-signing restrictions. This could allow an application to access user-sensitive data. Recommendations Update to macOS version 15.7.3 ...
CVE-2025-67644 LangGraph SQLite Checkpoint is vulnerable to SQL Injection via metadata filter key in checkpointer list method
LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. Versions 3.0.0 and below are vulnerable to SQL injection through the checkpoint implementation. Checkpoint allows attackers to manipulate SQL queries through...
CVE-2025-65199 Windscribe for Linux 'changeMTU' local privilege escalation
A command injection vulnerability exists in Windscribe for Linux Desktop App that allows a local user who is a member of the windscribe group to execute arbitrary commands as root via the 'adapterName' parameter of the 'changeMTU' function. Fixed in Windscribe v2.18.3-alpha and v2.18.8...
EUVD-2025-201838
Tuleap is an Open Source Suite for management of software development and collaboration. Tuleap Community Edition versions below 17.0.99.1762444754 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 allow attackers trick victims into changing tracker general settings. Th...
CVE-2025-64750 Singluarity ineffectively applies of selinux / apparmor LSM process labels
SingularityCE and SingularityPRO are open source container platforms. Prior to SingularityCE 4.3.5 and SingularityPRO 4.1.11 and 4.3.5, if a user relies on LSM restrictions to prevent malicious operations then, under certain circumstances, an attacker can redirect the LSM label write operation so...
Security Bulletin: Vulnerabilities in pam library (CVE-2025-6020, CVE-2025-8941) affect Power HMC.
Summary The pam library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-6020 DESCRIPTION: A flaw was found in linux-pam. The module pamnamespace may use access user-controlled paths without proper protection, allowing...
EUVD-2025-38282
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We ha...
CVE-2025-58463
CVE-2025-58463 affects QNAP Download Station and is a relative path traversal vulnerability. The issue can be exploited by a remote attacker who has an administrator account to read contents of unexpected files or system data. The vulnerability is triggered via a path traversal flaw in the downlo...
UBUNTU-CVE-2025-43441
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash...
UBUNTU-CVE-2025-12004
Incorrect Permission Assignment for Critical Resource vulnerability in The Wikimedia Foundation Mediawiki - Lockdown Extension allows Privilege Abuse. Fixed in Mediawiki Core Action APIThis issue affects Mediawiki - Lockdown Extension: from master before 1.42...
EUVD-2019-9225
Malware in sbrugna...