16898 matches found
PT-2026-49200
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a hard-coded cryptographic key in the SafeSystem.Infrastructure.Security.dll component. An attacker with access to the application files can reverse engineer the DLL and recover the hard-coded cryptographic key. This...
CVE-2026-47292
Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally...
CVE-2026-42987 Windows Deployment Services (WDS) Remote Code Execution
...
CVE-2026-47287 Visual Studio Code Tampering Vulnerability
...
PT-2026-47330
Name of the Vulnerable Software and Affected Versions phpMyFAQ versions prior to 4.1.4 Description Attachment passwords are hashed using SHA-1, which is a cryptographically broken algorithm susceptible to collision attacks. A collision attack occurs when two different inputs produce the same hash...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by the American company Google. Google Chrome has a vulnerability related to input validation, which stems from Skia’s insufficient validation of untrusted inputs...
CVE-2026-29199
phpBB before 3.3.16 is vulnerable to Host Header Injection that can lead to password rest link poisoning. When forceservervars is disabled, the servers hostname may be extracted from the HTTP Host header which is used to generate the password reset link URL. An attacker who can manipulate the Hos...
PT-2026-48562
Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-24 Description ImageMagick is free and open-source software used for editing and manipulating digital images. A negative heap buffer over-write occurs when using an image with a mask and the Floyd-Steinberg...
@accounter/client (>=0.0.3 <=0.0.12-alpha-20260427054851-6925deba4595cf0c72d3875df0a094608b394a27), @appigram/react-code-split-ssr (=1.3.7) +130 more potentially affected by CVE-2026-42211 via react-router (>=7.0.0 <=7.14.1)
react-router NPM version =7.0.0, =0.0.3, =0.0.2, =3.5.2, =1.1.0, =1.0.1-MON-198808-web-js-deps-batch-1.0, =0.0.1, =3.4.9, =0.1.9, =1.27.1, =1.27.1, =0.3.1, =0.5.1 and more Source cves: CVE-2026-42211 Source advisory: OSV:GHSA-49RJ-9FVP-4H2H...
CVE-2026-48811
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, FreeScout allows a non-admin user to permanently delete an internal note private thread from any conversation, even after that user's access to the mailbox containing the conversation has been...
CVE-2026-10202
A vulnerability was identified in OFCMS 1.1.3. This issue affects the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SystemDictController.java of the component JSON Query Interface. The manipulation leads to sql injection. The attack can be initiated...
OFFIS DCMTK 安全漏洞
OFFIS DCMTK is a collection of libraries and applications developed by the German company OFFIS that implement most DICOM standards. It includes software for checking, processing, and converting DICOM image files, handling offline media, sending and receiving images via network connections, as we...
DEBIAN-CVE-2026-45149
The brace-expansion library generates arbitrary strings containing a common prefix and suffix. From 5.0.0 to before 5.0.6, the max option was being applied too late. When expanding a single large numeric range like 1..10000000, the sequence generation loop generates all 10 million intermediate...
CVE-2026-49383
In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible...
EUVD-2018-21919
PHP-SHOP 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to add administrative users by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting a page containing a hidden form that automatically submits POST...
ROS-20260529-73-0019
The vulnerability of the software for interacting with servers via CURL is related to the storage of dangerous files. Exploiting this vulnerability allows a remote attacker to compromise the integrity of data...
PT-2026-44127
Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 36f5fb58366a67b713c02f6fd985e924fcc09e31...
EUVD-2026-31987
MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.0, MaxKB's webhook trigger endpoint /api/trigger/v1/webhook/triggerid is accessible without authentication. The WebhookAuth class unconditionally returns None, , which Django REST Framework interprets as successful authentication...
UBUNTU-CVE-2026-41074
RT is an open source, enterprise-grade issue and ticket tracking system. Versions 6.0.0 through 6.0.2 contain a Cross-Site Request Forgery CSRF vulnerability. An attacker who can induce a logged-in RT user to visit a malicious web page can trigger arbitrary state-changing actions in RT on that...
RLSA-2026:1381 Moderate: osbuild-composer security update
A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes: golang:...