PT-2026-23936

Name of the Vulnerable Software and Affected Versions libssh versions up to 0.11.3 Description A flaw exists in libssh related to the SFTP Extension Name Handler component, specifically within the sftp extensions get name and sftp extensions get data functions in the src/sftp.c file. A manipulati...

PT-2026-23943

Name of the Vulnerable Software and Affected Versions SourceCodester Pet Grooming Management Software version 1.0 Description A flaw exists in the Financial Report Page component of the software that allows for improper authorization. This can be exploited remotely by an attacker. The exploit is...

PT-2026-23942

Name of the Vulnerable Software and Affected Versions SourceCodester Pet Grooming Management Software version 1.0 Description An improper authorization issue exists in the User Creation Handler component of the software. This can be triggered by manipulating the file add user.php. The attack can ...

SourceCodester Pet Grooming Management Software 授权问题漏洞

SourceCodester Pet Grooming Management Software is an open-source pet grooming management system developed by SourceCodester. Version 1.0 of SourceCodester Pet Grooming Management Software has a vulnerability related to authorization issues. This vulnerability stems from the operation of the user...

Linux Distros Unpatched Vulnerability : CVE-2026-3706

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was determined in mkj Dropbear up to 2025.89. Impacted is the function unpackneg of the file src/curve25519.c of the component S Range Check. Th...

PYSEC-2026-121

pyLoad is a free and open-source download manager written in Python. From version 0.5.0b3.dev13 to 0.5.0b3.dev96, the editpackage function implements insufficient sanitization for the packfolder parameter. The current protection relies on a single-pass string replacement of "../", which can be...

CVE-2026-29784 Ghost: Incomplete CSRF protections around OTC use

Ghost is a Node.js content management system. From version 5.101.6 to 6.19.2, incomplete CSRF protections around /session/verify made it possible to use OTCs in login sessions different from the requesting session. In some scenarios this might have made it easier for phishers to take over a Ghost...

denkair-lab

DenkAir - Windows AD Pentesting Lab A comprehensive Windows A...

CVE-2026-2874

creationtimestamp| type| source ---|---|--- 2026-03-07 10:00:16+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mghkycg5u72m 2026-03-07 10:00:17+00:00| seen| https://bsky.app/profile/potato.software/post/3mghkyczb572j...

BELL-CVE-2026-3381 CVE-2026-3381 does not affect BellSoft software

Bulletin has no description...

BELL-CVE-2026-23232 CVE-2026-23232 does not affect BellSoft software

Bulletin has no description...

GHSA-QR2G-P6Q7-W82M x402 SDK Security Advisory

Impact A security vulnerability exists in outdated versions of the x402 SDK. This vulnerability does not affect users' private keys, smart contracts, or funds. The issue impacts resource servers accepting payments on Solana when the facilitator is running a vulnerable version of the x402 SDK. Who...

UptimeFlare 信息泄露漏洞

UptimeFlare is a cloud-based website availability monitoring and status page software developed by lyc8503 as an individual developer. UptimeFlare has a vulnerability related to information leakage, which stems from the direct import of server-side configurations from client code, potentially...

EUVD-2026-10044

Zarf's symlink targets in archives are not validated against destination directory...

CVE-2026-30231 Flare: Private File IDOR via raw/direct endpoints

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the raw and direct file routes only block unauthenticated users from accessing private files. Any authenticated, non‑owner user who knows the file URL can retrieve the...

EUVD-2026-10068

Vito is a self-hosted web application that helps manage servers and deploy PHP applications into production servers. Prior to version 3.20.3, a missing authorization check in workflow site-creation actions allows an authenticated attacker with workflow write access in one project to create/manage...

Vercel Workflow Allows Webhook Creation with Predictable User-Specified Tokens

createWebhook in Vercel Workflow DevKit accepts a user-specified token parameter that serves as the credential for the public webhook endpoint /.well-known/workflow/v1/webhook/token. Official documentation recommended predictable token patterns, making it possible for an unauthenticated remote...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK (January 2026) affect IBM InfoSphere Information Server

Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in January 2026. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is...

EUVD-2018-21636

Musicco 2.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary directories by manipulating the parent parameter. Attackers can supply directory traversal sequences in the parent parameter of the getAlbum endpoint to access sensitive system...

CVE-2026-27748

Avira Internet Security contains an improper link resolution vulnerability in the Software Updater component. During the update process, a privileged service running as SYSTEM deletes a file under C:\\ProgramData without validating whether the path resolves through a symbolic link or reparse...