PT-2026-43121

Apache Shiro’s Jakarta EE module used the HTTP Referer header in certain cases to issue redirect after a user login. In affected versions, insufficient validation of this client-controlled value could allow an attacker to influence the redirect target in applications using the Jakarta EE module...

CVE-2026-43916

Summary: pam_authnft is affected by a heap buffer over-read in peer_lookup_tcp (src/peer_lookup.c:134) that could allow a crafted NETLINK_SOCK_DIAG reply to bypass the message-size check and dereference past the end of the allocation. This vulnerability exists prior to version 0.2.0-alpha and is ...

parcel 安全漏洞

parcel is a zero-configuration build tool for the web from Parcel open source. A security vulnerability exists in parcel 2.0.0-alpha and earlier versions, which stems from a source validation error that allows a malicious website to send XMLHTTPRequests to the development server and read the...

AI Playground Software Advisory

Summary: A potential security vulnerability for some AI Playground software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2025-27559 Description: Incorrect default permissions for some AI Playgrou...

WordPress plugin GHActivity 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...