LibreNMS 安全漏洞

LibreNMS is an open-source network monitoring system developed by the LibreNMS community, based on PHP and MySQL. This system features custom alerts, automatic discovery of networks, and automatic updates. There were security vulnerabilities in LibreNMS versions 24.10.0 to 26.1.1. These...

Cilium 安全漏洞

Cilium is an open-source software developed by Cilium contributors. It is used to provide and transparently protect network connections and load balancing between application workloads, such as application containers or processes. Versions of Cilium from 1.18.0 to 1.18.5 contain security...

uTLS 安全漏洞

uTLS is an open-source Go language codebase developed by Refraction Networking. Versions 1.6.0 to 1.8.0 of uTLS contain security vulnerabilities. These vulnerabilities stem from inconsistent password selection logic when using GREASE ECH, which may lead to fingerprint mismatches...

CVE-2026-26323 OpenClaw has a command injection in maintainer clawtributors updater

OpenClaw is a personal AI assistant. Versions 2026.1.8 through 2026.2.13 have a command injection in the maintainer/dev script scripts/update-clawtributors.ts. The issue affects contributors/maintainers or CI who run bun scripts/update-clawtributors.ts in a source checkout that contains a malicio...

ai.agentican:agentican-framework-core (>=0.1.0-alpha.1 <=0.1.0-alpha.4), ai.agentican:agentican-quarkus-deployment (>=0.1.0-alpha.1 <=0.1.0-alpha.4) +4670 more potentially affected by CVE-2026-29062 via tools.jackson.core:jackson-core (>=3.0.0-rc1 <=3.1.0-rc1)

tools.jackson.core:jackson-core MAVEN version =3.0.0-rc1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.3, =0.1.0-alpha.1, =0.1.2, =0.1.0, =0.1.0, =0.7.6, =0.7.17 and more Source cves:...

CVE-2025-8350

Execution After Redirect EAR, Missing Authentication for Critical Function vulnerability in Inrove Software and Internet Services BiEticaret CMS allows Authentication Bypass, HTTP Response Splitting. This issue affects BiEticaret CMS: from 2.1.13 through 19022026. NOTE: The vendor was contacted...

CVE-2025-9062

Authorization Bypass Through User-Controlled Key vulnerability in MeCODE Informatics and Engineering Services Ltd. Envanty allows Parameter Injection. This issue affects Envanty: before 1.0.6. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. The...

WordPress plugin Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress plugin IDonate 授权问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-20948

User Interface UI Misrepresentation of Critical Information vulnerability in OpenText™ Directory Services allows Cache Poisoning. The vulnerability could be exploited by a bad actor to inject manipulated text into the OpenText application, potentially misleading users. This issue affects Director...

01os (>=0.0.5 <=0.0.13), 3m (>=0.1.0 <=0.1.3) +2018 more potentially affected by CVE-2026-27026 via pypdf (>=6.0.0 <=6.7.0)

pypdf PYPI version =6.0.0, =0.0.5, =0.1.0, =0.0.1, =0.4.1, =0.3.6, =0.2.5, =0.0.2, =0.2.0, =1.2.27, =0.1.0, =0.6.0, =1.2.32, =1.0.1, =0.2.5, =0.2.10 and more Source cves: CVE-2026-27026 Source advisory: SNYK:PYTHON-PYPDF-15309551...

01os (>=0.0.5 <=0.0.13), 3m (>=0.1.0 <=0.1.3) +2538 more potentially affected by CVE-2026-27024 via pypdf (>=3.10.0 <=6.7.0)

pypdf PYPI version =3.10.0, =0.0.5, =0.1.0, =0.0.1, =0.4.1, =0.3.6, =0.2.5, =0.0.2, =0.2.0, =1.2.27, =0.1.0, =0.6.0, =1.2.32, =2.0.2 and more Source cves: CVE-2026-27024 Source advisory: OSV:GHSA-996Q-PR4M-CVGQ...

@agentuity/evals (>=0.0.104 <=2.0.23), @agentuity/hono (>=3.0.0-alpha.0 <=3.0.0-beta.4) +347 more potentially affected by CVE-2026-26318 via systeminformation (>=5.0.6 <=5.30.8)

systeminformation NPM version =5.0.6, =0.0.104, =3.0.0-alpha.0, =0.0.6, =0.0.63, =0.0.2, =3.0.0-alpha.0, =0.1.1, =0.1.1, =4.1.0, =4.0.0-devnet.2-patch.0, =0.0.1-2.1-beta-provision, =0.0.0-test.0, =0.0.0-test.0, =0.0.0-test.0, =5.0.0-private.20260319 and more Source cves: CVE-2026-26318 Source...

CVE-2025-36019

IBM Concert 1.0.0 through 2.1.0 for Z hub framework is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

CVE-2024-43178

IBM Concert 1.0.0 through 2.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

vantuz (>=3.3.2 <=3.3.7) potentially affected by CVE-2026-28462 via openclaw (=0.0.1)

openclaw NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on openclaw and may be impacted: - vantuz =3.3.2, =3.3.7 Source cves: CVE-2026-28462 Source advisory: OSV:GHSA-GQ9C-WG68-GWJ2...

CVE-2025-7706

Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Remote Code Inclusion.This issue affects Liderahenk: from 3.0.0 to 3.3.1 before 3.5.0...

CVE-2025-33088

IBM Concert Software (versions 1.0.0–2.1.0) contains a local privilege escalation flaw due to incorrect file permissions on critical resources, allowing a local user with architectural knowledge to elevate privileges. Root cause identified as improper permissions for sensitive files/resources. Af...

CVE-2025-33088

IBM Concert 1.0.0 through 2.1.0 could allow a local user with specific knowledge about the system's architecture to escalate their privileges due to incorrect file permissions for critical resources...

vantuz (>=3.3.2 <=3.3.7) potentially affected by CVE-2026-28450 via openclaw (=0.0.1)

openclaw NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on openclaw and may be impacted: - vantuz =3.3.2, =3.3.7 Source cves: CVE-2026-28450 Source advisory: OSV:GHSA-MV9J-6XHH-G383...