CVE-2026-7584

The LabOne Q serialization framework uses a class-loading mechanism importcls to dynamically import and instantiate Python classes during deserialization. Prior to the fix, this mechanism accepted arbitrary fully-qualified class names from the serialized data without any validation of the target...

EUVD-2026-22207

PraisonAI is a multi-agent teams system. Versions 4.5.138 and below are vulnerable to arbitrary code execution through automatic, unsanitized import of a tools.py file from the current working directory. Components including call.py importtoolsfromfile, toolresolver.py loadlocaltools, and CLI...

GO-2025-3911 Mattermost has Potential Server Crash due to Unvalidated Import Data in github.com/mattermost/mattermost-server

Mattermost has Potential Server Crash due to Unvalidated Import Data in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports...

ActFax Server 安全漏洞

ActFax Server is a fax server software from ActFax Austria. A security vulnerability exists in ActFax Server version 4.32, which originates from an unvalidated .exp file field length in the Import User function, and could lead to a stack buffer overflow and arbitrary code execution...