EUVD-2026-15192

SANUPS SOFTWARE provided by SANYO DENKI CO., LTD. registers Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...

CVE-2026-33253

SANUPS SOFTWARE provided by SANYO DENKI CO., LTD. registers Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...

CVE-2026-33253

SANUPS SOFTWARE (SANYO DENKI CO., LTD.) exposes a Windows service registration with an unquoted executable path. According to the description, a user with write access to the system drive root can trigger arbitrary code execution with SYSTEM privileges via a local privilege escalation. The connec...

CVE-2026-33253

SANUPS SOFTWARE provided by SANYO DENKI CO., LTD. registers Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...

CVE-2026-33253

SANUPS SOFTWARE provided by SANYO DENKI CO., LTD. registers Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...

MAL-2026-2197 Malicious code in allergan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b647cee7f2efba83a3acb7f2a6216150570618d386d85a162caf08b4fabaeb1d The package allergan was found to contain malicious code. Source: ghsa-malware 39db4e96e2f99167f5914eb406fd2fe8d3adab2598b4872dbe5f0e228cad37e7 Any...

[slackware-security] mozilla-firefox

New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-firefox-140.9.0esr-i686-1slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more...

CVE-2026-20668

CVE-2026-20668 is a logging issue in Apple OS components that could allow an app to access sensitive user data. Affected products include iOS and iPadOS (18.7.7 and 26.3), macOS (Sequoia 15.7.5, Sonoma 14.8.5, Tahoe 26.3), and visionOS 26.3. The underlying problem is improper data handling in log...

CVE-2026-20637

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An app may be able to cause unexpected system...

PT-2026-27889

Name of the Vulnerable Software and Affected Versions Goldish versions prior to 3.47 Description An issue exists in Goldish that allows for object injection due to deserialization of untrusted data. Recommendations Update Goldish to version 3.47 or later...

SANYO DENKI SANUPS SOFTWARE 代码问题漏洞

SANYO DENKI SANUPS SOFTWARE is a software developed by SANYO DENKI Corporation in Japan. It is used for monitoring UPS devices, managing their operation, and analyzing power supply status. SANYO DENKI SANUPS SOFTWARE has code vulnerabilities; these vulnerabilities stem from the Windows service fi...

PT-2026-28018

Name of the Vulnerable Software and Affected Versions CreativeWS VintWood versions n/a through 1.1.8 Description The software contains a flaw due to improper control of filename handling for Include/Require statements in the PHP program, leading to a PHP Local File Inclusion issue. The affected...

Slackware Linux 15.0 / current mozilla-thunderbird Vulnerability (SSA:2026-083-02)

The version of mozilla-thunderbird installed on the remote host is prior to 140.9.0esr. It is, therefore, affected by a vulnerability as referenced in the SSA:2026-083-02 advisory. New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues. Tenable has...

PT-2026-28117

IBM Concert 1.0.0 through 2.2.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources...

PT-2026-27798

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software for Cisco Meraki affected versions not specified Description A flaw exists in Cisco IOS XE Software for Cisco Meraki that may allow a remote, unauthenticated attacker to view sensitive device information. The issue stems...

Software Supply Chain Smells: Lightweight Analysis for Secure Dependency Management

Modern software systems heavily rely on third-party dependencies, making software supply chain security a critical concern. We introduce the concept of software supply chain smells as structural indicators that signal potential security risks. We design and evaluate Dirty-Waters, a novel tool for...

PT-2026-28147

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the billing file-download endpoint interface/billing/get claim file.php only verifies that the caller has a valid session and CSRF token, but does not check any ACL...

N2W 安全漏洞

N2W is a data backup and recovery software developed by N2W Corporation. Versions of N2W prior to 4.3.2 and 4.4.1 contained security vulnerabilities. These vulnerabilities were caused by improper validation of API request parameters, which could lead to remote code execution...

N2W 安全漏洞

N2W is a data backup and recovery software developed by N2W Corporation. Versions of N2W prior to 4.3.2 and 4.4.1 contained security vulnerabilities. These vulnerabilities were due to deceptive vulnerabilities, which could lead to remote code execution and theft of account credentials...

Cisco Catalyst SD-WAN Manager（Cisco SD-WAN vManage） 跨站脚本漏洞

Cisco Catalyst SD-WAN Manager is a highly customizable dashboard provided by the American company Cisco. It simplifies and automates the deployment, configuration, management, and operation of Cisco SD-WAN. Cisco Catalyst SD-WAN Manager has a cross-site scripting vulnerability, which stems from...