PT-2026-31458

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.5.115 Description A flaw exists in PraisonAI where user input from agent.start is directly passed into template-rendering tools like acp create file without proper escaping. This allows execution of template...

PT-2026-30957

ChurchCRM is an open-source church management system. Prior to 7.1.0, he FindFundRaiser.php endpoint reflects user-supplied input DateStart and DateEnd into HTML input field attributes without proper output encoding for the HTML attribute context. An authenticated attacker can craft a malicious U...

CVE-2023-21262

In startInput of AudioPolicyInterfaceImpl.cpp, there is a possible way of erroneously displaying the microphone privacy indicator due to a race condition. This could lead to false user expectations. User interaction is needed for exploitation...

Division by zero

Overview Affected versions of this package are vulnerable to Division by zero via the startinputtga function in rdtarga.c. An attacker can cause a denial of service by sending an image with a zero width or height, resulting in a SIGFPE. Remediation A fix was pushed into the master branch but not...

CVE-2023-21262

In startInput of AudioPolicyInterfaceImpl.cpp, there is a possible way of erroneously displaying the microphone privacy indicator due to a race condition. This could lead to false user expectations. User interaction is needed for exploitation...

The vulnerability of the `start_input_ppm` function in the rdppm.c library used for image processing in libjpeg-turbo, related to reading beyond the buffer data’s allowable limits, allows attackers to gain access to confidential data and cause service failures.

The vulnerability of the startinputppm function in the rdppm.c library used for working with images in libjpeg-turbo is related to reading data beyond the buffer’s acceptable limits. Exploiting this vulnerability could allow a remote attacker to gain access to confidential data and also cause...