CVE-2026-44068

CVE-2026-44068 affects Netatalk 2.1.0–4.4.2. The issue is an incomplete sanitization of extended attribute (EA) path components, enabling path traversal. A fix is available in Netatalk 4.4.3 (and later). The NVD entry notes a CVSSv3.1 base score of 7.6 (HIGH) with network vector, low attack compl...

EUVD-2026-28864

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, all Docker container management endpoints in Termix interpolate the containerId URL path parameter and WebSocket message field directly into shell commands execute...

CVE-2026-42454 Termix: OS Command Injection in Docker Container Management Endpoints

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, all Docker container management endpoints in Termix interpolate the containerId URL path parameter and WebSocket message field directly into shell commands execute...

CVE-2026-42454 Termix: OS Command Injection in Docker Container Management Endpoints

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, all Docker container management endpoints in Termix interpolate the containerId URL path parameter and WebSocket message field directly into shell commands execute...

PT-2026-39219

Name of the Vulnerable Software and Affected Versions Termix versions prior to 2.1.0 Description Termix is a web-based server management platform providing SSH terminal, tunneling, and file editing capabilities. The 'extractArchive' and 'compressFiles' endpoints in file-manager.ts use double-quot...

CVE-2026-30769

An issue in the TVicPort64.sys component of EnTech Taiwan TVicPort Product v4.0, File v5.2.1.0 allows attackers to escalate privileges via sending crafted IOCTL 0x80002008 requests...

WordPress plugin Happy Addons for Elementor 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

GHSA-C244-P6M5-VQJ6 Apache Shiro has an Authentication Bypass

Impact Authentication Bypass: A vulnerability exists in Apache Shiro that allows authentication bypass for static files when served from a case-insensitive filesystem such as the default configuration on macOS or Windows. The issue arises when Shiro's URL filters are configured with lower-case...

WordPress Spin Wheel plugin <= 2.1.0 - Unauthenticated Client-Side Prize Manipulation via 'prize_index' Parameter vulnerability

Unauthenticated Client-Side Prize Manipulation via 'prizeindex' Parameter vulnerability discovered by jsonc in WordPress Plugin Spin Wheel versions = 2.1.0...

CVE-2026-21912 Junos OS: MX10k Series: 'show system firmware' CLI command may lead to LC480 or LC2101 line card reset

A Time-of-check Time-of-use TOCTOU Race Condition vulnerability in the method to collect FPC Ethernet firmware statistics of Juniper Networks Junos OS on MX10k Series allows a local, low-privileged attacker executing the 'show system firmware' CLI command to cause an LC480 or LC2101 line card to...

PT-2026-3460

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.21.0 Description The issue is a buffer overflow in the Glyph Alloc function of the FreeRDP Remote Desktop Protocol client. The FastGlyph parsing component trusts the cbData/remaining length and does not validate it...

CVE-2025-64645

IBM Concert 1.0.0 through 2.1.0 could allow a local user to escalate their privileges due to a race condition of a symbolic link...

IBM Planning Analytics Local 安全漏洞

IBM Planning Analytics Local is a web-based local architecture from International Business Machines IBM. A security vulnerability exists in IBM Planning Analytics Local versions 2.1.0 through 2.1.15, which stems from the disclosure of server architecture information and could facilitate further...

CVE-2025-64323

kgateway is a Cloud-Native API and AI Gateway. Versions 2.0.4 and below and 2.1.0-agw-cel-rbac through 2.1.0-rc.2 lack authentication, allowing any client with unrestricted network access to the xDS port to retrieve potentially sensitive configuration data including certificate data, backend...

EUVD-2025-35253

Vulnerability in the Identity Manager product of Oracle Fusion Middleware component: REST WebServices. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager...

Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are vulnerable to Information Disclosure (CVE-2025-36002)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the information disclosure vulnerability Vulnerability Details CVEID:CVE-2025-36002 DESCRIPTION: IBM Sterling B2B Integrator stores user credentials in configuration files which can be read by a local user...

EUVD-2025-33817

The Trinity Audio – Text to Speech AI audio player to convert content into audio plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.21.0 via the /admin/inc/phpinfo.php file that gets created on install. This makes it possible for...

EUVD-2025-25505

Malicious code in bioql PyPI...

IBM Planning Analytics Local 安全漏洞

IBM Planning Analytics Local is a web-based local architecture from International Business Machines IBM. A security vulnerability exists in IBM Planning Analytics Local versions 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13, which stems from improper input validation and could result in...

CVE-2025-59350

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the access control mechanism for the Proxy feature uses simple string comparisons and is therefore vulnerable to timing attacks. An attacker may try to guess the password one character at a time...