CVE-2026-1698

CVE-2026-1698 affects PcVue WebClient and WebScheduler web apps (versions 15.0.0–16.3.3). A HTTP Host header vulnerability could let an attacker craft requests that influence server-side behavior, specifically targeting endpoints /Authentication/ExternalLogin, /Authentication/AuthorizationCodeCal...

CVE-2026-1697

The Secure and SameSite attribute are missing in the GraphicalData web services and WebClient web app of PcVue in version 12.0.0 through 16.3.3 included...

CVE-2026-1695

An XSS vulnerability affects the OAuth web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It might allow a remote attacker to trick a legitimate user into loading content from another site upon unsuccessful user...

CVE-2026-27609

Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint POST /apps/:appId/agent lacks CSRF protection. An attacker can craft a malicious page that, when visited by an authenticated dashboard user, submit...

@budibase/server (>=3.32.1 <=3.38.1), @builders-of-stuff/svelte-sui-wallet-adapter (>=0.6.6 <=2.1.0) +56 more potentially affected by CVE-2026-27901 via svelte (>=5.0.0-next.1 <=5.53.3)

svelte NPM version =5.0.0-next.1, =3.32.1, =0.6.6, =4.0.0-alpha.1, =4.0.0-alpha.1, =0.1.0, =0.0.1, =1.3.0, =0.1.4, =0.0.20, =0.15.0, =1.1.0-beta.0, =5.0.0-next.80, =0.1.1-alpha.24, =0.1.3-next.2 and more Source cves: CVE-2026-27901 Source advisory: SNYK:JS-SVELTE-15353449...

@asherng/storybook (>=0.0.18 <=0.1.14), @bluefin-exchange/starship-v2 (>=1.1.1 <=1.1.16) +32 more potentially affected by CVE-2026-27148 via storybook (>=7.0.12 <=7.6.20)

storybook NPM version =7.0.12, =0.0.18, =1.1.1, =0.0.1, =0.0.4, =1.2.108, =3.50.0-next.2, =9.0.0-next.4, =1.0.967, =0.0.1, =1.0.0, =1.2.2, =0.0.1, =0.0.1, =7.6.4-next.32, =6.0.0-canary.234, =6.0.0-canary.318 and more Source cves: CVE-2026-27148 Source advisory: SNYK:JS-STORYBOOK-15353401...

PcVue 安全漏洞

PcVue is a reliable, secure, and powerful operational software platform developed by PcVue Corporation. It is specifically designed for monitoring and controlling applications in industries such as building management and park management. Versions 12.0.0 to 16.3.3 of PcVue contain security...

Unitree Go2 数据伪造问题漏洞

The Unitree Go2 is a robotic dog developed by the Chinese company Unitree. In versions 1.1.7 to 1.1.11 of Unitree Go2, there is a vulnerability related to data manipulation. This vulnerability stems from the lack of integrity protection and verification of user-created programs, which may lead to...

PT-2026-22129

Name of the Vulnerable Software and Affected Versions PcVue versions 12.0.0 through 16.3.3 Description The Secure and SameSite attributes are missing in the GraphicalData web services and WebClient web app. This could potentially allow for certain attacks related to cookie handling. Recommendatio...

CVE-2025-50857

ZenTaoPMS v18.11 through v21.6.beta is vulnerable to Directory Traversal in /module/ai/control.php. This allows attackers to execute arbitrary code via a crafted file upload...

@adel-t/angular-ssr (>=1.0.0 <=1.0.2), @angularexpert/my-workspace (=0.0.0) +62 more potentially affected by CVE-2026-27739 via @angular/ssr (>=17.0.5 <=19.2.19)

@angular/ssr NPM version =17.0.5, =1.0.0, =3.1.1-0, =1.0.0, =0.0.1, =0.0.1, =19.3.0, =0.30.0, =0.30.0, =19.0.0-alpha.20, =19.0.0-alpha.20, =0.1.0, =0.2.0 - @quest-poc/my-angular-app =0.0.0 and more Source cves: CVE-2026-27739 Source advisory: OSV:GHSA-X288-3778-4HHX...

@angular-devkit/build-angular (>=21.2.0-next.0 <=21.2.0-next.2) potentially affected by CVE-2026-27739 via @angular/build (>=21.2.0-next.0 <=21.2.0-next.2)

@angular/build NPM version =21.2.0-next.0, =21.2.0-next.0, =21.2.0-next.2 Source cves: CVE-2026-27739 Source advisory: SNYK:JS-ANGULARBUILD-15357312...

@regis-samurai/n8n (>=0.216.1 <=0.219.1), n8n-nodes-accelo (>=0.1.0 <=0.1.9) +11 more potentially affected by CVE-2026-27495 via n8n (>=0.138.0 <=0.93.0)

n8n NPM version =0.138.0, =0.216.1, =0.1.0, =0.18.0, =0.1.0, =0.1.0, =0.2.14, =0.1.0, =0.1.0, =0.0.2, =0.0.2, =1.1.3 Source cves: CVE-2026-27495 Source advisory: OSV:GHSA-JJPJ-P2WH-QF23...

CVE-2026-3172

Buffer overflow in parallel HNSW index build in pgvector 0.6.0 through 0.8.1 allows a database user to leak sensitive data from other relations or crash the database server...

CVE-2025-14103

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthorized user with Developer-role permissions to set pipeline variables for manually triggered jobs under certain conditions...

EUVD-2026-8593

Parse Dashboard Has a Cache Key Collision that Leaks Master Key to Read-Only Sessions...

CVE-2026-25554 OpenSIPS 3.1 <= 3.6.4 auth_jwt SQL Injection Enables JWT Authentication Bypass

OpenSIPS versions 3.1 before 3.6.4 containing the authjwt module prior to commit 3822d33 contain a SQL injection vulnerability in the jwtdbauthorize function in modules/authjwt/authorize.c when dbmode is enabled and a SQL database backend is used. The function extracts the tag claim from a JWT...

1k-tasks (>=4.0.0 <=4.2.2), @adobe/helix-deploy (>=9.3.8 <=9.3.16) +400 more potentially affected by CVE-2026-27606 via rollup (>=4.0.2 <=4.58.0)

rollup NPM version =4.0.2, =4.0.0, =9.3.8, =0.0.0, =0.0.0, =0.0.0, =0.0.0, =0.0.0, =0.0.0, =0.3.0, =2.17.15, =1.0.4, =1.9.12, =2.0.4, =2.0.4, =2.0.4, =2.0.5 and more Source cves: CVE-2026-27606 Source advisory: SNYK:JS-ROLLUP-15340920...

CVE-2026-27609 Parse Dashboard Missing CSRF Protection on Agent Endpoint

Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint POST /apps/:appId/agent lacks CSRF protection. An attacker can craft a malicious page that, when visited by an authenticated dashboard user, submit...

PT-2026-21831

Information Exposure Vulnerability in Hitachi Ops Center API Configuration Manager, Hitachi Configuration Manager, Hitachi Device Manager allows Session Hijacking.This issue affects Hitachi Ops Center API Configuration Manager: from 10.0.0-00 before 11.0.5-00; Hitachi Configuration Manager: from...