Linux Distros Unpatched Vulnerability : CVE-2026-5883

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

CVE-2026-40035

Unfurl through 2025.08 contains an improper input validation vulnerability in config parsing that enables Flask debug mode by default. The debug configuration value is read as a string and passed directly to app.run, causing any non-empty string to evaluate truthy, allowing attackers to access th...

CVE-2026-39883

OpenTelemetry-Go versions 1.15.0–1.42.0 contain an incomplete fix for CVE-2026-24051: when addressing the Darwin ioreg command to use an absolute path, the BSD kenv command was left with a bare command name, enabling a PATH hijacking attack on BSD and Solaris platforms. The issue is resolved in O...

CVE-2026-39883

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. This...

EUVD-2025-209310

D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the fx parameter in the jingxasp function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

EUVD-2026-20475

stata-mcp has insufficient validation of user-supplied Stata do-file content that can lead to command execution...

CVE-2026-33350 LORIS has a SQL injection in MRI feedback popup

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. Prior to 27.0.3 and 28.0.1, a SQL injection has been identified in some code sections for the MRI feedback popup window of the imaging...

CVE-2026-33350

Product: LORIS (Longitudinal Online Research and Imaging System). Issue: SQL injection in the MRI feedback popup window of the imaging browser. Root cause: Vulnerable code sections allowed SQL ingestion prior to certain releases. Versions affected: before 27.0.3 and 28.0.1. Impact: Attackers coul...

CVE-2026-32590

A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The upload process stores intermediate data in the database using a format that, if tampered with, could allow an attacker to execute arbitrary code on the Quay server...

Malicious code in sentinel-tool (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5a2ff07802c4546c40d47d3780971506115297a1e8c177be36ad1e003dd62937 The package installs a remote executable that uses a hardcoded Telegram channel for monitoring the user's activity, including regularly taking screenshots, and...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the handling of table captions during the rendering process. An attacker can execute arbitrary code with the privileges of the desktop client by syncing a crafted note containing malicious HTML or JavaScript ...

EUVD-2026-20262

Cross-Site Request Forgery CSRF vulnerability in priyanshumittal Appointment appointment allows Upload a Web Shell to a Web Server.This issue affects Appointment: from n/a through = 3.5.5...

EUVD-2026-20183

Server-Side Request Forgery SSRF vulnerability in Nelio Software Nelio Content nelio-content allows Server Side Request Forgery.This issue affects Nelio Content: from n/a through = 4.3.1...

CVE-2026-39677

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CreativesPlanet Emphires emphires allows PHP Local File Inclusion.This issue affects Emphires: from n/a through = 3.9...

CVE-2026-39620

Cross-Site Request Forgery CSRF vulnerability in priyanshumittal Appointment appointment allows Upload a Web Shell to a Web Server.This issue affects Appointment: from n/a through = 3.5.5...

CVE-2026-39586

Insertion of Sensitive Information Into Sent Data vulnerability in Ateeq Rafeeq RepairBuddy computer-repair-shop allows Retrieve Embedded Sensitive Data.This issue affects RepairBuddy: from n/a through = 4.1132...

CVE-2026-39561

Missing Authorization vulnerability in WP Chill Revive.so revive-so allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Revive.so: from n/a through = 2.0.7...

CVE-2026-39562

Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through = 20.8.10...

Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems

Artificial Intelligence AI company Anthropic announced a new cybersecurity initiative called Project Glasswing that will use a preview version of its new frontier model, Claude Mythos , to find and address security vulnerabilities. The model will be used by a small set of organizations, including...

CVE-2026-39685

Missing Authorization vulnerability in lvaudore The Moneytizer the-moneytizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Moneytizer: from n/a through = 10.0.10...