CVE-2026-46400

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 11.0.6 and prior to version 25.0.0, the file upload functionality in HAXCMS PHP only validates file extensions using a regex pattern without checking the actual file content or MIME type. This allows attacker...

GHSA-Q4WQ-4WHJ-CXHX vulnerabilities

Vulnerabilities for packages: openjdk-25-openj9, openjdk-17-openj9, openjdk-8-openj9, openjdk-26-openj9, openjdk-21-openj9, openjdk-11-openj9...

GHSA-75HH-423H-RVWG vulnerabilities

Vulnerabilities for packages: openjdk-25-openj9, openjdk-17-openj9, openjdk-8-openj9, openjdk-26-openj9, openjdk-21-openj9, openjdk-11-openj9, openjdk...

CVE-2026-34268 vulnerabilities

Vulnerabilities for packages: openjdk-25-openj9, openjdk-17-openj9, openjdk-8-openj9, openjdk-26-openj9, openjdk-21-openj9, openjdk-11-openj9, openjdk...

GHSA-5FXQ-F64V-57FQ vulnerabilities

Vulnerabilities for packages: openjdk-25-openj9, openjdk-17-openj9, openjdk-8-openj9, openjdk-26-openj9, openjdk-21-openj9, openjdk-11-openj9...

GHSA-99RJ-3595-5FRJ vulnerabilities

Vulnerabilities for packages: openjdk-25-openj9, openjdk-17-openj9, openjdk-8-openj9, openjdk-26-openj9, openjdk-21-openj9, openjdk-11-openj9...

CVE-2025-10911 vulnerabilities

Vulnerabilities for packages: openjdk-25-openj9, openjdk-17-openj9, openjdk-8-openj9, openjdk-26-openj9, openjdk-21-openj9, openjdk-11-openj9...

CVE-2026-46400 HAXCMS PHP has a File Upload Validation Bypass

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 11.0.6 and prior to version 25.0.0, the file upload functionality in HAXCMS PHP only validates file extensions using a regex pattern without checking the actual file content or MIME type. This allows attacker...

CVE-2026-26378

Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via file upload function in Invoice features...

Seagate openSeaChest 安全漏洞

Seagate openSeaChest is a set of cross-platform storage device management tools developed by Seagate Corporation. The version of Seagate openSeaChest v25.05.3 contains a security vulnerability. This vulnerability stems from out-of-bounds writing and reading operations during the --showSCSIDefects...

CVE-2026-34643

CVE-2026-34643 affects Adobe After Effects versions 26.0, 25.6.4 and earlier with an out-of-bounds write (CWE-787) that could enable arbitrary code execution in the context of the current user. Exploitation requires user interaction: the victim must open a malicious file. The entry provides CVSS ...

EUVD-2026-26842

A vulnerability has been found in AV Stumpfl Pixera Two Media Server up to 25.1 R2. The affected element is an unknown function of the component Service Port 1338. Such manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. Upgrading to version 25.2 R3...

CVE-2026-7703 AV Stumpfl Pixera Two Media Server Websocket API code injection

A flaw has been found in AV Stumpfl Pixera Two Media Server up to 25.2 R2. Impacted is an unknown function of the component Websocket API. This manipulation causes code injection. The attack can be initiated remotely. The exploit has been published and may be used. Upgrading to version 25.2 R3 is...

AV Stumpfl Pixera Two Media Server 路径遍历漏洞

The AV Stumpfl Pixera Two Media Server is a professional media server system developed by the Austrian company AV Stumpfl. Versions of the AV Stumpfl Pixera Two Media Server 25.1 R2 and earlier contained a path traversal vulnerability. This vulnerability originated from an unknown function in the...

CVE-2026-41492 Unauthenticated Admin Token Disclosure Leading to Authentication Bypass via /debug/vars in Dgraph

Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, Dgraphl exposes the process command line through the unauthenticated /debug/vars endpoint on Alpha. Because the admin token is commonly supplied via the --security "token=..." startup flag, an unauthenticated attacker can...

CVE-2025-70420

A SQL injection vulnerability exists in Genesys Latitude v25.1.0.420 that allows an authenticated attacker to execute arbitrary SQL queries against the backend database. The vulnerability is caused by unsanitized user-supplied input being concatenated directly into SQL statements...

CVE-2026-22008

Vulnerability in Oracle Java SE component: Libraries. The supported version that is affected is Oracle Java SE: 25.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this...

CVE-2025-70420

...

EUVD-2026-23117

Dgraph: Unauthenticated /debug/pprof/cmdline discloses admin auth token, enabling unauthorized access to protected Alpha admin endpoints...

CVE-2025-15610

The .NET Remoting framework used by OpenText Fax RightFax includes known security vulnerabilities that could be exploited if the service is exposed in environments where the remoting ports are accessible...