CVE-2026-7505

A flaw has been found in nextlevelbuilder GoClaw and GoClaw Lite up to 3.8.5. This affects an unknown function of the component RPC Handler. This manipulation causes improper authorization. The attack may be initiated remotely. The exploit has been published and may be used. Upgrading to version...

SUSE CVE-2026-4046

The iconv function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application. This vulnerability can be trivially mitigated by removing the IBM1390 and...

CVE-2026-33332

NiceGUI is a Python-based UI framework. Prior to version 3.9.0, NiceGUI's app.addmediafile and app.addmediafiles media routes accept a user-controlled query parameter that influences how files are read during streaming. The parameter is passed to the range-response implementation without...

PT-2026-25220

Missing Authorization vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SMS Alert Order Notifications: from n/a through = 3.9.0...

CVE-2025-15126 JeecgBoot getPositionUserList improper authorization

A weakness has been identified in JeecgBoot up to 3.9.0. Affected by this vulnerability is the function getPositionUserList of the file /sys/position/getPositionUserList. This manipulation of the argument positionId causes improper authorization. The attack may be initiated remotely. The complexi...

EUVD-2025-205492

A vulnerability has been found in JeecgBoot up to 3.9.0. The affected element is the function getDeptRoleByUserId of the file /sys/sysDepartRole/getDeptRoleByUserId. Such manipulation of the argument departId leads to information disclosure. The vendor was contacted early about this disclosure bu...

CVE-2025-15120 JeecgBoot getDeptRoleList improper authorization

A flaw has been found in JeecgBoot up to 3.9.0. Impacted is the function getDeptRoleList of the file /sys/sysDepartRole/getDeptRoleList. This manipulation of the argument departId causes improper authorization. The attack is possible to be carried out remotely. A high degree of complexity is need...

CVE-2025-68571 WordPress SALESmanago plugin <= 3.9.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in SALESmanago SALESmanago & Leadoo salesmanago allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SALESmanago & Leadoo: from n/a through = 3.9.0...

PT-2025-53259

Missing Authorization vulnerability in SALESmanago SALESmanago salesmanago allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SALESmanago: from n/a through = 3.9.0...

EUVD-2025-199708

Out-of-bounds Read vulnerability in ASR1903、ASR3901 in ASR LapwingLinux on Linux nrfw modules. This vulnerability is associated with program files Code/nrfw/DLP/src/NrCgi.C. This issue affects LapwingLinux: before 2025/11/26...

UBUNTU-CVE-2025-53557

A heap-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch 35a819fa. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

The Biosig Project libbiosig MFER Tag 3 null write stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2025-2236 The Biosig Project libbiosig MFER Tag 3 null write stack-based buffer overflow vulnerability August 25, 2025 CVE Number CVE-2025-46411 SUMMARY A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project...

PT-2025-5884 · Mindskip · Mindskip Xzs-Mysql 学之思开源考试系统

Name of the Vulnerable Software and Affected Versions: Mindskip xzs-mysql 学之思开源考试系统 version 3.9.0 Description: A problematic issue was found in the CORS Handler component, leading to a permissive cross-domain policy with untrusted domains. The attack can be launched remotely, but the complexity i...

PT-2025-34630 · Libbiosig +1 · Libbiosig +1

Name of the Vulnerable Software and Affected Versions: libbiosig versions 3.9.0 and Master Branch 35a819fa Description: A heap-based buffer overflow exists in the MFER parsing functionality. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious fi...

Man Group D-Tale Code Issue Vulnerability

Man Group D-Tale is a pandas data structure visualization tool from Man Group. A code issue vulnerability exists in Man Group D-Tale versions prior to 3.9.0. An attacker could exploit the vulnerability to gain access to files on the server...

aiohttp Security Vulnerabilities

aiohttp is an open source asynchronous HTTP client/server framework for asyncio and Python. A security vulnerability exists in aiohttp versions prior to 3.9.0, which stems from incorrect authentication that allows an attacker to modify an HTTP request or create a new HTTP request while the attack...

CVE-2023-28696

Cross-Site Request Forgery CSRF vulnerability in Harish Chouhan, Themeist I Recommend This allows Cross Site Request Forgery.This issue affects I Recommend This: from n/a through 3.9.0...

GHSA-4VVM-4W3V-6MR8 pypdf and PyPDF2 possible Infinite Loop when a comment isn't followed by a character

Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop if parsecontentstream is executed. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. That is, for example, the case if the...

Rocket.Chat 跨站脚本漏洞

Rocket.Chat is an open source team chat software. A cross-site scripting vulnerability exists in Rocket.Chat server versions prior to 3.9.0, which stems from the drag-and-drop functionality being susceptible to XSS attacks. No details of the vulnerability are available at this time...

CVE-2020-12815

An improper neutralization of input vulnerability in FortiTester before 3.9.0 may allow a remote authenticated attacker to inject script related HTML tags via IPv4/IPv6 address fields...