UBUNTU-CVE-2026-40260

pypdf is a free and open-source pure-python PDF library. In versions prior to 6.10.0, manipulated XMP metadata entity declarations can exhaust RAM. An attacker who exploits this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the XMP metadata. This issue has...

PT-2026-33410

A path traversal vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to access higher-level directories that should not be accessible...

xrdp 安全漏洞

XRDPT is an open-source remote desktop protocol server developed by Neutrinolabs. Versions of XRDPT prior to 0.10.5 contain security vulnerabilities. These vulnerabilities stem from a heap-based buffer overflow in the NeutrinoRDP module, which can lead to memory corruption, denial-of-service...

Anviz CrossChex Standard 安全漏洞

Anviz CrossChex Standard is a centralized control software developed by Anviz Corporation in the United States, used for access control and attendance data management. Anviz CrossChex Standard has a security vulnerability. This vulnerability arises from the ability of attackers to manipulate the...

PT-2026-33533

ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the public API login endpoint /api/public/user/login returns distinguishable HTTP response codes based on whether a username exists: 404 for non-existent users and 401 for valid users with incorrect passwords. An...

PT-2026-33457

Name of the Vulnerable Software and Affected Versions JetBrains Junie versions prior to 252.549.29 Description Command execution is possible through the use of a malicious project file. Recommendations Update to version 252.549.29 or later...

PT-2026-33504

Name of the Vulnerable Software and Affected Versions Dolibarr versions prior to 23.0.0 Description Dolibarr is an enterprise resource planning ERP and customer relationship management CRM software package. An authenticated administrator can achieve remote code execution as the web server user by...

PT-2026-33462

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Improper handling of GPU memory reservation protections allows software installed and run as a non-privileged user to conduct improper GPU system calls. This can...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007224)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007224 advisory. In the Linux kernel, the following vulnerability has been resolved: net/tls: Fix use-after-free after the TLS device goes down and up When a netdev with active TLS...

Fedora 42 : libpng15 (2026-4e514c1c36)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-4e514c1c36 advisory. fix CVE-2026-25646: heap buffer overflow in pngsetquantize Tenable has extracted the preceding description block directly from the Fedora security advisory...

[SECURITY] Fedora 44 Update: kf6-solid-6.25.0-1.fc44

Solid provides the following features for application developers: - Hardware Discovery - Power Management - Network Management...

[SECURITY] Fedora 44 Update: kf6-kitemmodels-6.25.0-1.fc44

KDE Frameworks 6 Tier 1 addon with item models...

[SECURITY] Fedora 44 Update: kf6-kcodecs-6.25.0-1.fc44

KDE Frameworks 6 Tier 1 addon with string manipulation methods...

CVE-2026-40322

SiYuan (open-source PIM) versions 3.6.3 and earlier render Mermaid diagrams with securityLevel=loose, injecting the SVG via innerHTML. This allows attacker-controlled javascript: URLs in Mermaid blocks to survive into output, and on desktop builds with Electron, windows created with nodeIntegrati...

RCE (Remote Code Execution) org.yaml:snakeyaml Dependency in Jira Software Data Center

This is a vulnerability in a non-Atlassian Jira dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity RCE Remote Code Execution vulnerability was introduced in versions 11.3.3 of Jira Software Data Center. This RCE Remote Code...

DoS (Denial of Service) com.squareup.okio:okio Dependency in Jira Software Data Center

This High severity DoS Denial of Service vulnerability was introduced in versions 9.12.1, 10.3.0 not all patched versions - see the fix and affects versions field and 11.3.0 of Jira Software Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

DoS (Denial of Service) net.minidev:json-smart Dependency in Jira Software Data Center

This High severity DoS Denial of Service vulnerability was introduced in versions 9.12.1, 10.3.0, and 11.3.0 of Jira Software Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper access control in the unaccess process. An attacker can cause disruption of all public shares routed through a global frontend by sending a DELETE request to the affected API endpoint with knowled...

CVE-2026-33193

Docmost is open-source collaborative wiki and documentation software. Versions prior to 0.70.0 are vulnerable to a stored cross-site scripting XSS attack due to improper handling of MIME type spoofing GHSL-2026-052. An attacker could exploit this flaw to inject malicious scripts, potentially...

CVE-2025-43937

Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able ...