Scraparr 信息泄露漏洞

Scraparr is a Prometheus exporter for arr suites Sonarr, Radarr, Lidarr, etc. developed by TheCfU organization. Versions of Scraparr from 3.0.0-beta to 3.0.2 contained an information leakage vulnerability. This vulnerability occurred when the Readarr integration was enabled, as the exporter expos...

GitLab 13.2 < 18.4.5 / 18.5 < 18.5.3 / 18.6 < 18.6.1 (CVE-2025-13611)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.2 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user with access to...

a-simple-llm-kit (>=0.3.0 <=0.4.2), a62-emotion (>=0.9.2 <=0.11.4) +3482 more potentially affected by CVE-2025-69872 via diskcache (>=2.4.1 <=5.6.3)

diskcache PYPI version =2.4.1, =0.3.0, =0.9.2, =0.1.0, =0.2.1, =0.1.1.dev1, =0.3.4, =0.1.1, =0.3.3, =0.0.2, =20260210.0.0, =20260212.0.0 and more Source cves: CVE-2025-69872 Source advisory: OSV:GHSA-W8V5-VHQR-4H9V...

CVE-2026-25990

Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, an out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1...

CVE-2026-26003

FastGPT is an AI Agent building platform. From 4.14.0 to 4.14.5, attackers can directly access the plugin system through FastGPT/api/plugin/xxx without authentication, thereby threatening the plugin system. This may cause the plugin system to crash and the loss of plugin installation status, but ...

ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.c4-soft.springaddons:keycloak-grants-mapper (>=3.1.13-jdk1.8 <=3.1.14-jdk17) +192 more potentially affected by CVE-2026-2366 via org.keycloak:keycloak-services (>=10.0.0 <=26.5.5)

org.keycloak:keycloak-services MAVEN version =10.0.0, =0.1.0, =3.1.13-jdk1.8, =11.0.1, =1.2.6, =1.2.5, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.4.11 - com.github.wnameless.spring.boot.up:spring-boot-up-embedded-keycloak =24.3.0.0 -...

Turboard 跨站脚本漏洞

Turboard is a business intelligence data visualization and analysis platform developed by Turboard Inc. In versions 2025.07 to 11022026 of Turboard, there is a cross-site scripting vulnerability. This vulnerability stems from improper input during web page generation, which may lead to...

Logo j-Platform 安全漏洞

Logo j-Platform is an enterprise resource planning platform developed by the Turkish company Logo. Versions of Logo j-Platform from 3.29.6.4 to 13112025 contain security vulnerabilities. These vulnerabilities stem from the insertion of sensitive information into externally accessible files or...

PT-2026-7591

Name of the Vulnerable Software and Affected Versions Logo j-Platform versions 3.29.6.4 through 13112025 Description An issue exists in Logo j-Platform that allows for the insertion of sensitive information into externally-accessible files or directories due to incorrectly configured access contr...

PT-2026-7525

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.4 through 18.6.5 GitLab CE/EE versions 18.7 through 18.7.3 GitLab CE/EE versions 18.8 through 18.8.3 Description An unauthenticated user could potentially cause a denial of service by exhausting memory or CPU resources...

GHSA-X9VF-53Q3-CVX6 CASL Ability is Vulnerable to Prototype Pollution

CASL Ability, versions 2.4.0 through 6.7.4, contains a prototype pollution vulnerability...

CVE-2026-26003

FastGPT is an AI Agent building platform. From 4.14.0 to 4.14.5, attackers can directly access the plugin system through FastGPT/api/plugin/xxx without authentication, thereby threatening the plugin system. This may cause the plugin system to crash and the loss of plugin installation status, but ...

CVE-2026-1774 CASL Ability, versions 2.4.0 through 6.7.4, contains a prototype pollution vulnerability.

CASL Ability, versions 2.4.0 through 6.7.4, contains a prototype pollution vulnerability...

emmett (>=2.6.0 <=2.6.3), emmett55 (>=1.0.0 <=1.1.0) potentially affected by CVE-2026-25577 via emmett-core (>=1.0.5 <=1.2.0)

emmett-core PYPI version =1.0.5, =2.6.0, =1.0.0, =1.1.0 Source cves: CVE-2026-25577 Source advisory: OSV:GHSA-X6CR-MQ53-CC76...

be.fluid-it.guice.extensions:guice-multi-shiro-realms (=0.1-1), be.fluid-it.shiro.jee:shiro-jee-authc (>=0.1-1 <=0.1-3) +3103 more potentially affected by CVE-2026-23901 via org.apache.shiro:shiro-core (>=1.0.0-incubating <=2.0.6)

org.apache.shiro:shiro-core MAVEN version =1.0.0-incubating, =0.1-1, =4.0.0-RC2, =1.0.0, =1.0.0, =0.0.2, =0.0.21, =0.0.27, =0.0.2, =0.0.27, =0.0.1, =1.0.2, =1.0.0, =1.0.5 and more Source cves: CVE-2026-23901 Source advisory: OSV:GHSA-C4QC-4Q9P-M9Q9...

CVE-2025-66598

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product supports old SSL/TLS versions, potentially allowing an attacker to decrypt communications with the web server. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN, UNSVR...

GHSA-C869-JX4C-Q5FC FUXA Unauthenticated Remote Arbitrary Scheduler Write

Summary An authorization bypass vulnerability in the FUXA allows an unauthenticated, remote attacker to create and modify arbitrary schedulers, exposing connected ICS/SCADA environments to follow-on actions. This vulnerability affects FUXA version 1.2.8 through version 1.2.10. This has been patch...

SUSE CVE-2026-25556

MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulnerability in fzfillpixmapfromdisplaylist when an exception occurs during display list rendering. The function accepts a caller-owned fzpixmap pointer but incorrectly drops the pixmap in its error handling path before rethrowing the...

CASL 安全漏洞

CASL is a JavaScript library developed by Serhii Stotskyi. Versions 2.4.0 to 6.7.4 of CASL contain security vulnerabilities, which stem from prototype pollution and may lead to logical errors or other attacks...

CVE-2026-25939 FUXA Unauthenticated Remote Arbitrary Scheduler Write

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. From 1.2.8 through version 1.2.10, an authorization bypass vulnerability in the FUXA allows an unauthenticated, remote attacker to create and modify arbitrary schedulers, exposing connected ICS/SCADA environments to follow-on...