CVE-2026-31220

PySyft Syft Datasite/Server versions 0.9.5 and earlier are vulnerable to remote code execution due to insufficient validation and sandboxing of user-submitted code. The system allows low-privileged users to submit Python functions via @sy.syftfunction for remote execution on the server. While a...

EUVD-2026-29504

PySyft Syft Datasite/Server versions 0.9.5 and earlier are vulnerable to remote code execution due to insufficient validation and sandboxing of user-submitted code. The system allows low-privileged users to submit Python functions via @sy.syftfunction for remote execution on the server. While a...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

A NULL pointer dereference flaw was discovered in the az6027 driver, located in the file drivers/media/usb/dev-usb/az6027.c within the Linux Kernel. The message from the user space is not properly checked before being transferred to the device. This flaw could allow a local user to crash the syst...

CVE-2026-40477

Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the expression execution mechanisms. Although the library provides mechanisms to prevent expression injection, it fails to properly...

EUVD-2026-10447

The SAP Customer Checkout application exhibits certain design characteristics that involve locally storing operational data using reversible protection mechanisms. Access to this data, combined with user?initiated interaction, may allow modifications to occur without validation. Such changes coul...

CVE-2026-24112

CVE-2026-24112 affects Tenda W20E V4.0br_V15.11.0.6. The issue is a buffer overflow in addWewifiWhiteUser caused by processing the userInfo parameter with sscanf without size validation. Impact across confidentiality, integrity, and availability is described in sources; some documents note potent...

CVE-2026-24112

An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Attackers may exploit the vulnerability by specifying the value of userInfo. When userInfo is passed into the addWewifiWhiteUser function and processed by sscanf without size validation, it could lead to a buffer overflow vulnerability...

PT-2026-8225

CVE-2026-26249 - Apache HTTP Server Unvalidated User Input CVE ID : CVE-2026-26249 Published : Feb. 13, 2026, 4:15 a.m. | 3 hours, 16 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2026-7977

CVE-2026-26039 - Apache HTTP Server Unvalidated User Input CVE ID : CVE-2026-26039 Published : Feb. 11, 2026, 5:16 a.m. | 2 hours, 4 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2026-7824

CVE-2026-25977 - Apache HTTP Server Unvalidated User Input CVE ID : CVE-2026-25977 Published : 2026年2月10日 05:16 | 1 小时，59 分钟 ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2026-4336

CVE-2026-23915 - Apache HTTP Server Unvalidated User Input CVE ID : CVE-2026-23915 Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 29 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2026-2098

CVE-2026-21748 - Apache HTTP Server Unvalidated User Input CVE ID : CVE-2026-21748 Published : Jan. 6, 2026, 4:15 a.m. | 1 hour, 39 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2026-1218

CVE-2026-21645 - Apache HTTP Server Unvalidated User Input CVE ID : CVE-2026-21645 Published : Jan. 3, 2026, 4:15 a.m. | 3 hours, 20 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2025-52482

CVE-2025-14828 - Apache HTTP Server Unvalidated User Input CVE ID : CVE-2025-14828 Published : Dec. 17, 2025, 7:16 p.m. | 48 minutes ago Description : Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in th...

Fortinet FortiSandbox hcproxy Cross-Site Scripting Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fortinet FortiSandbox. Minimal user interaction is required to exploit this vulnerability. The specific flaw exists within the handling of HA cluster paths. The issue results from the lack of proper...

PT-2025-50928

CVE-2025-67608 - Apache HTTP Server Unvalidated User Input CVE ID : CVE-2025-67608 Published : Dec. 10, 2025, 4:15 a.m. | 49 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Kashipara Responsive School Management System 安全漏洞

Kashipara Responsive School Management System is a school management system from Kashipara. A security vulnerability exists in Kashipara Responsive School Management System version 1.0, which stems from unvalidated formuser and formpassword parameters in adminLogin.php, which could lead to a...

PT-2025-47099

CVE-2025-65067 - Apache HTTP Server Unvalidated User Input CVE ID : CVE-2025-65067 Published : Nov. 15, 2025, 4:15 a.m. | 58 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2025-45535

CVE-2025-64476 - Apache HTTP Server Unvalidated User Input CVE ID : CVE-2025-64476 Published : Nov. 6, 2025, 4:15 a.m. | 3 hours, 33 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

WordPress plugin Tutor LMS Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...