Exploit for CVE-2026-3228

No d...

Malicious code in chai-as-flex (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e209e357d41cfd5d03c91f7b03e155685a36191ac79740818656d310c71390fe The package chai-as-flex was found to contain malicious code. Source: ghsa-malware 43ec01f2ce6223022a2f8808fefb3586a644577acb62fbe4184add705f616914 A...

CVE-2026-2339

Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Remote Code Inclusion, Privilege Abuse, Command Injection.This issue affects Liderahenk: before v3.4.0...

RHSA-2026:4173 Red Hat Security Advisory: gimp security update

Bulletin has no description...

CVE-2024-14024

An improper certificate validation vulnerability has been reported to affect Video Station. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the...

CVE-2024-14025

Summary (CVE-2024-14025): An SQL injection vulnerability affects QNAP Video Station. Exploitation requires local network access and an administrative account; successful exploitation could allow execution of unauthorized code or commands. The issue has been fixed in Video Station 5.8.2 and later....

wrong proxy connection reuse with credentials

curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection...

WordPress Ally - Web Accessibility & Usability plugin <= 4.0.3 - Unauthenticated SQL Injection via URL Path vulnerability

WordPress Ally - Web Accessibility & Usability plugin = 4.0.3 - Unauthenticated SQL Injection via URL Path vulnerability discovered by Drew Webber mcdruid in WordPress Plugin Ally versions = 4.0.3...

CVE-2026-31844

An authenticated SQL Injection vulnerability CWE-89 exists in the Koha staff interface in the /cgi-bin/koha/suggestion/suggestion.pl endpoint due to improper validation of the displayby parameter used by the GetDistinctValues functionality. A low-privileged staff user can inject arbitrary SQL...

CVE-2026-26738

Buffer Overflow vulnerability in Uderzo Software SpaceSniffer v.2.0.5.18 allows a remote attacker to execute arbitrary code via a crafted .sns snapshot file...

BELL-CVE-2026-3713 CVE-2026-3713 does not affect BellSoft software

Bulletin has no description...

firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software...

CVE-2026-27278

creationtimestamp| type| source ---|---|--- 2026-03-11 03:00:18+00:00| seen| https://helpx.adobe.com/security/products/acrobat/apsb26-26.html 2026-03-12 13:00:13+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mguheoo3wj2u 2026-03-12 13:22:24+00:00| seen|...

GHSA-G32C-4PVP-769G Quill has DoS via unbounded read of HTTP response body during notarization

Impact Quill before version v0.7.1 has unbounded reads of HTTP response bodies during the Apple notarization process. Exploitation requires the ability to modify API responses from Apple's notarization service, which is not possible under standard network conditions due to HTTPS with proper TLS...

Information Exposure

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Information Exposure in the /verificationEmailRequest endpoint. An attacker can determine whether specific email addresses a...

Vociferous 访问控制错误漏洞

Vociferous is a cross-platform offline voice-to-text tool developed by Andrew Brown. Versions prior to 4.4.2 of Vociferous contained an access control vulnerability. This vulnerability stemmed from the lack of filename validation in the exportfile route in src/api/system.py, along with unvalidate...

PT-2026-24893

Name of the Vulnerable Software and Affected Versions yauzl version 3.2.0 Description yauzl, also known as Yet Another Unzip Library, version 3.2.0 for Node.js contains an off-by-one error within the getLastModDate function, specifically in the NTFS extended timestamp extra field parser. The...

PT-2026-24698

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. From 11.0.0 to before 11.0.5, an authenticated technician user can upload a malicious file and trigger its execution through an unsafe PHP...

R 安全漏洞

R is a statistical computing software developed by The R Foundation. Version 3.4.4 of R contains a security vulnerability. This vulnerability stems from a buffer overflow in the GUI preference language menu field, which could allow local attackers to bypass DEP and ASLR protections and execute...

Varient SQL注入漏洞

Varient is a news magazine software developed by Varient Corporation. Version 1.6.1 of Varient contains an SQL injection vulnerability. This vulnerability stems from the userid parameter, which allows for SQL injections. It may allow unverified attackers to manipulate database queries and extract...