CLEANSTART-2026-HW19594 Within HostnameError

Multiple security vulnerabilities affect the helm package. Within HostnameError. See references for individual vulnerability details...

📄 SPIP Unauthenticated Remote Code Execution / Insecure Deserialization

A remote code execution vulnerability was identified in SPIP due to improper handling of user-supplied serialized data. The application fails to properly validate or restrict unsafe object deserialization, allowing an attacker to supply crafted input that triggers unintended object instantiation...

Piwigo 安全漏洞

Piwigo is a web-based open-source image library software developed by Piwigo contributors. This software includes features such as image management, image classification, and permission management. Versions of Piwigo starting from 15.5.0 and earlier, including 15.x, have security vulnerabilities...

Beyond Limits DocLink 代码问题漏洞

Beyond Limits DocLink is a document management and process automation software developed by the American company Beyond Limits. Version 4.0.336.0 of Beyond Limits DocLink contains a code vulnerability. This vulnerability stems from an insecure.NET Remoting endpoint that lacks authentication and h...

PT-2026-21651

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-15 ImageMagick versions prior to 6.9.13-40 Description ImageMagick is software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crash can occur in the MSL...

Mozilla Firefox和Mozilla Thunderbird 资源管理错误漏洞

Mozilla Firefox and Mozilla Thunderbird are both products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla Application Suite. This software supports IMAP and POP email...

PT-2026-21590

Name of the Vulnerable Software and Affected Versions free5GC SMF versions up to and including 1.4.1 Description free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation 5G mobile core networks. The SMF component experiences a panic and terminates wh...

CVE-2024-58041 Smolder versions through 1.51 for Perl uses insecure rand() function for cryptographic functions

Smolder versions through 1.51 for Perl uses insecure rand function for cryptographic functions. Smolder 1.51 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Smolder::DB::Developer uses t...

DEBIAN-CVE-2025-61146

saitoha libsixel until v1.8.7 was discovered to contain a memory leak via the component mallocstub.c...

GHSA-QVHC-9V3J-5RFW vulnerabilities

Vulnerabilities for packages: dotnet...

Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb

Cybersecurity researchers have disclosed details of a new cryptojacking campaign that uses pirated software bundles as lures to deploy a bespoke XMRig miner program on compromised hosts. "Analysis of the recovered dropper, persistence triggers, and mining payload reveals a sophisticated,...

Important: Red Hat Security Advisory: Red Hat Developer Hub 1.8.4 release.

Red Hat Developer Hub 1.8.4 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

CVE-2025-59873

An information exposure vulnerability exists in Vulnerability in HCL Software ZIE for Web. The application transmits sensitive session tokens and authentication identifiers within the URL query parameters . An attacker who gains access to any network log or operates a site linked from the...

CVE-2026-2897

A security vulnerability has been detected in funadmin up to 7.1.0-rc4. This vulnerability affects unknown code of the file app/backend/view/index/index.html of the component Backend Interface. The manipulation of the argument Value leads to cross site scripting. The attack is possible to be...

HCL Software ZIE for Web 安全漏洞

HCL Software ZIE for Web is a terminal emulation software developed by the Indian company HCL. Version HCL Software ZIE for Web v16 contains a security vulnerability. This vulnerability stems from the application transmitting sensitive session tokens and authentication identifiers through URL que...

PT-2026-21518

Name of the Vulnerable Software and Affected Versions UTT HiPER 810G versions up to 1.7.7-171114 Description A buffer overflow issue exists in UTT HiPER 810G due to the manipulation of the except argument within the strcpy function located in the file /goform/formP2PLimitConfig. Remote exploitati...

munge security update

0.5.15-11 - Fix CVE-2026-25506...

On the Variability of Source Code in Maven Package Rebuilds

Rebuilding packages from open source is a common practice to improve the security of software supply chains, and is now done at an industrial scale. The basic principle is to acquire the source code used to build a package published in a repository such as Maven Central for Java, rebuild the...

CVE-2025-10970

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Kolay Software Inc. Talentics allows Blind SQL Injection.This issue affects Talentics: through 20022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

CVE-2026-27492 Lettermint Node.js SDK leaks email properties to unintended recipients when client instance is reused

Lettermint Node.js SDK is the official Node.js SDK for Lettermint. In versions 1.5.0 and below, email properties such as to, subject, html, text, and attachments are not reset between sends when a single client instance is reused across multiple .send calls. This can cause properties from a...