Adobe Substance3D Painter Out-of-Bounds Read Vulnerability (CNVD-2026-16598)

Adobe Substance3D Painter is a 3D scene building software from the American company Audobee Adobe. Adobe Substance3D Painter suffers from an out-of-bounds read vulnerability that can be exploited by attackers to obtain sensitive information...

Raytha CMS 跨站脚本漏洞

Raytha CMS is a content management system developed by the American company Raytha. Versions of Raytha CMS prior to 1.4.6 contained a cross-site scripting vulnerability. This vulnerability stemmed from the returnUrl parameter in the login function, which allowed for reflected cross-site scripting...

MAL-2026-1574 Malicious code in transform-spread (npm)

The package 'transform-spread' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

Advisory ROSA-SA-2026-3208

Software: webmin 2.520 WASP: ROSA-CHROME unaffected versions = webmin-2.520-1 affected versions webmin-2.520-1 CVE-ID: CVE-2025-61541 BDU-ID: 2025-14429 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the getwebminemailurl function of the Webmin hosting control panel is related to access delimitatio...

Fedora 42 : wireshark (2026-a92f2096cd)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-a92f2096cd advisory. New version 4.6.4 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...

CVE-2026-32633

creationtimestamp| type| source ---|---|--- 2026-03-14 14:52:43+00:00| published-proof-of-concept| https://github.com/nicolargo/glances/security/advisories/GHSA-r297-p3v4-wp8m 2026-03-18 18:41:53+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhe5b4zree2h 2026-03-18...

BELL-CVE-2026-3497 CVE-2026-3497 does not affect BellSoft software

Bulletin has no description...

Cross-site Scripting (XSS)

Craft CMS is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insufficient sanitization of return URLs using striptags without validating URL schemes, which allows an attacker to inject malicious JavaScript via crafted URLs...

EUVD-2026-11903

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CreativesPlanet Greenly greenly allows PHP Local File Inclusion.This issue affects Greenly: from n/a through = 8.1...

EUVD-2025-208665

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.72, 6.2.0.0 through 6.2.0.51, and 6.2.1.0 through 6.2.1.11 are vulnerable to SQL injection. An administrative user could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or...

EUVD-2026-12174

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, A logic error in the PX4 Autopilot MAVLink FTP session validation uses incorrect boolean logic && instead of ||, allowing BurstReadFile and WriteFile operations to proceed with invalid sessions or closed file descriptors...

CVE-2026-32709 PX4 Autopilot MAVLink FTP Unauthenticated Path Traversal (Arbitrary File Read/Write/Delete)

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, An unauthenticated path traversal vulnerability in the PX4 Autopilot MAVLink FTP implementation allows any MAVLink peer to read, write, create, delete, and rename arbitrary files on the flight controller filesystem withou...

CVE-2026-32616 Pigeon has a Host Header Injection in email verification flow

Pigeon is a message board/notepad/social system/blog. Prior to 1.0.201, the application uses $SERVER'HTTPHOST' without validation to construct email verification URLs in the register and resendmail flows. An attacker can manipulate the Host header in the HTTP request, causing the verification lin...

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the sessionstatus. An attacker can access or modify session data belonging to other sandboxes by supplying another session's sessionKey. This may allow...

CVE-2026-32302

OpenClaw is a personal AI assistant. Prior to 2026.3.11, browser-originated WebSocket connections could bypass origin validation when gateway.auth.mode was set to trusted-proxy and the request arrived with proxy headers. A page served from an untrusted origin could connect through a trusted rever...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the use function in the SVG recursive processing workflow. An attacker can cause excessive CPU consumption by submitting a specially crafted SVG file with deeply nested...

Storm-2561 Spreads Trojan VPN Clients via SEO Poisoning to Steal Credentials

Microsoft has disclosed details of a credential theft campaign that employs fake virtual private network VPN clients distributed through search engine optimization SEO poisoning techniques. "The campaign redirects users searching for legitimate enterprise software to malicious ZIP files on...

.NET 9.0 security update

An update is available for dotnet9.0. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list .NET is a managed-software framework. It implements a subset of the .NET...

CVE-2026-32486

Missing Authorization vulnerability in wptravelengine Travel Booking travel-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Booking: from n/a through = 1.3.9...

CVE-2026-32434

Missing Authorization vulnerability in vowelweb VW Fitness vw-fitness allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Fitness: from n/a through = 4.3.4...