CVE-2026-46959

Technical details (affected product, vulnerable component, exploit information, or remediation) are not publicly available in the provided documents. Monitor for updates.

ImageMagick 输入验证错误漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 6.9.13-48 and 7.1.2-24 contained a vulnerability related to input validation errors. This vulnerability...

frr: denial of service via crafted BGP UPDATE message

A flaw was found in FRRouting FRR. An unauthenticated remote attacker can exploit an integer underflow vulnerability by supplying a specially crafted BGP Border Gateway Protocol UPDATE message. This issue can lead to a Denial of Service DoS...

PT-2026-45880

Name of the Vulnerable Software and Affected Versions GLPI versions 11.0.0 through 11.0.6 Description An issue exists where a technician can store a Cross-Site Scripting XSS payload within ITIL costs. XSS is a type of security flaw that allows an attacker to inject malicious scripts into web page...

CVE-2026-37711

An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-al...

UBUNTU-CVE-2026-46640

Unknown description...

SUSE CVE-2026-43862

In mutt before 2.3.2, the imapauthgss security level is mishandled...

Astra Linux – Vulnerability in tar

In GNU tar before version 1.35, mishandling of extension attributes in a PAX archive can cause the application to crash in xheader.c...

CVE-2026-35240

CVE-2026-35240 describes a vulnerability in Oracle MySQL Server (component: Server: Optimizer) affecting 8.0.0–8.0.45, 8.4.0–8.4.8, and 9.0.0–9.6.0. The flaw allows a highly privileged attacker who can access the server over multiple network protocols to cause a hang or a repeatedly crashing stat...

CVE-2026-34292

...

CVE-2026-21998

...

CVE-2021-47960

A flaw was found in Synology SSL VPN Client. This vulnerability allows remote attackers to access sensitive files within the installation directory. By leveraging user interaction with a specially crafted web page, attackers can exploit a local HTTP server bound to the loopback interface to...

CVE-2026-3994

A vulnerability was detected in rui314 mold up to 2.40.4. This issue affects the function mold::ObjectFilemold::X8664::initializesections of the file src/input-files.cc of the component Object File Handler. Performing a manipulation results in heap-based buffer overflow. Attacking locally is a...

CVE-2026-4515 Foundation Agents MetaGPT operator.py code_generate code injection

A vulnerability has been found in Foundation Agents MetaGPT up to 0.8.1. This affects the function codegenerate of the file metagpt/ext/aflow/scripts/operator.py. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public...

WordPress Client Invoicing by Sprout Invoices plugin <= 20.8.10 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin Client Invoicing by Sprout Invoices versions = 20.8.10...

CVE-2025-14456

IBM MQ Appliance 9.4 CD through 9.4.4.0 to 9.4.4.1...

CVE-2026-21986

CVE-2026-21986 (Oracle VM VirtualBox) affects the Core component in Oracle VM VirtualBox, with affected releases 7.1.14 and 7.2.4. The issue can be exploited by a user who has logon to the infrastructure where VirtualBox runs, yielding an unauthenticated-like access path via a local attack vector...

CVE-2026-21966

...

CVE-2026-21938

...

CVE-2025-15032

Dia for macOS before 1.9.0 is vulnerable to spoofing of the window title due to a missing about:blank indicator in custom-sized new windows. The root cause is the absence of a visual cue (about:blank indicator) that can mislead users about the current site. Affected product: Dia (macOS). Impact: ...