CVE-2026-39559

Unauthenticated Local File Inclusion in Uppercase 1.2.2 versions...

CVE-2026-27410

Unauthenticated Deserialization of untrusted data in Slimstat Analytics 5.4.0 versions...

CVE-2026-41280

CVE-2026-41280 affects Apache DolphinScheduler prior to 3.4.2. The issue is an Incorrect Authorization vulnerability where users with system login privileges can delete task definitions in unauthorized projects due to insufficient access controls. The documented impact is deletion of task definit...

CVE-2026-39446

The CVE-2026-39446 entry describes an unauthenticated PHP Object Injection in WordPress Kapee theme versions prior to 1.7.0. The root cause is a PHP object injection flaw in the Kapee theme’s code path, enabling an attacker with network access and no user interaction to trigger impact. Impact is ...

CVE-2025-69105

Technical details (affected versions beyond Modernee

NPM: hono: AWS Lambda adapter merges multiple `Set-Cookie` headers into one value, dropping cookies on ALB single-header and Lattice

NPM: hono: AWS Lambda adapter merges multiple Set-Cookie headers into one value, dropping cookies on ALB single-header and Lattice vulnerability discovered by ? in WordPress Npm hono versions 4.12.25...

Langflow < 1.9.0 - Remote Code Execution

Langflow versions prior to 1.9.0 are vulnerable to unauthenticated remote code execution RCE via the buildpublictmp endpoint. Attackers can submit a manipulated flow JSON containing Python code that is executed during the build process without proper sandboxing. id: CVE-2026-33017 info: name:...

CVE-2026-48723

BrowserStack Cypress CLI prior to 1.36.4 is vulnerable to OS command injection via the cypress_config_file parameter in readCypressConfigUtil.js (loadJsFile()), which builds a shell command by interpolating cypress_config_filepath into a template literal and runs it with child_process.execSync()....

CVE-2026-10879 affecting package perl-DBI for versions less than 1.643-4

CVE-2026-10879 affecting package perl-DBI for versions less than 1.643-4. A patched version of the package is available...

CVE-2026-42013 affecting package gnutls for versions less than 3.8.13-1

CVE-2026-42013 affecting package gnutls for versions less than 3.8.13-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-11822 affecting package sqlite for versions less than 3.44.0-4

CVE-2026-11822 affecting package sqlite for versions less than 3.44.0-4. A patched version of the package is available...

CVE-2026-5222 affecting package rust for versions less than 1.75.0-30

CVE-2026-5222 affecting package rust for versions less than 1.75.0-30. A patched version of the package is available...

CVE-2026-54057 Kitty vulnerable to command injection via unsanitized OSC 21 query reply

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.3, kitty's OSC 21 color-control query reply reflects attacker-controlled bytes, including newlines, into the shell's input without sanitization. Version 0.47.3 fixes the issue...

CVE-2026-45170

Idira Privilege Cloud Connector versions prior 1.1.100504 under specific conditions and configuration scenarios, TLS certificate validation may not be fully enforced. CyberArk Security Bulletin: CA26-17...

Nimiq 数据伪造问题漏洞

Nimiq is an open-source implementation of the Albatross protocol in Rust. Versions of Nimiq prior to 1.4.0 had a data manipulation vulnerability. This vulnerability stems from a logical flaw in the BlockInclusionProof::isblockproven function, causing it to return true without performing any...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among...

Adobe CAI Content Credentials 路径遍历漏洞

Adobe CAI Content Credentials is a content trust marking system provided by Adobe Inc. in the United States. It offers capabilities for authenticating digital content sources and tracking editing history. The Adobe CAI Content Credentials version [email protected] and versions prior to c2pa-v0.80.1...