ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +62 more potentially affected by CVE-2026-41712 via org.springframework.ai:spring-ai-openai (>=1.1.0-M1 <=1.1.5)

org.springframework.ai:spring-ai-openai MAVEN version =1.1.0-M1, =0.1.0, =0.1.0, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =0.6.0, =1.21.2, =1.1.0.0, =1.1.0.0, =1.1.2.3 and more Source cves: CVE-2026-41712 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16624639...

dataspace-portal 安全漏洞

Dataspace-portal is an open-source data space management portal developed by Sovity. Versions of Dataspace-portal from 2.1.1 to 7.3.2 had security vulnerabilities, which were caused by insufficient authorization for self-registered “PENDING” organization/user accounts...

Nuclei 访问控制错误漏洞

Nuclei is a fast-customizable vulnerability scanner based on simple YAML, open-sourced by ProjectDiscovery. In versions 3.0.0 to 3.8.0 of Nuclei, there was an access control vulnerability. This vulnerability stemmed from the JavaScript protocol’s runtime feature, which allowed reading of local.js...

dash-uploader 资源管理错误漏洞

dash-uploader is a file upload component developed by Niko Föhr for Dash applications. Versions 0.1.0 to 0.7.0a2 of dash-uploader contain resource management vulnerabilities. These vulnerabilities originate from the Upload function in dashuploader/httprequesthandler.py, the maxfilesize parameter ...

Absinthe 安全漏洞

Absinthe is an open-source GraphQL implementation framework based on Elixir. Versions of Absinthe from 1.2.0 to 1.10.2 contained security vulnerabilities. These vulnerabilities were due to a quadratic algorithm complexity issue in the uniqueness validation of fragment names, which could lead to...

FastGPT 访问控制错误漏洞

FastGPT is an open-source knowledge base question-answering system based on large language models, developed by Labring. In versions 4.14.10 to 4.14.13 of FastGPT, there was an access control vulnerability. This vulnerability stemmed from the agent-sandbox component’s startup script using the...

Gitroom Postiz 代码问题漏洞

Gitroom Postiz is an open-source social media scheduling tool developed by Gitroom. Versions of Gitroom Postiz from 2.16.6 to 2.21.7 contained code vulnerabilities. These vulnerabilities were caused by a TOCTOU vulnerability in the SSRF protection mechanism, which could allow attackers to redirec...

PT-2026-39009

Name of the Vulnerable Software and Affected Versions fohrloop dash-uploader versions 0.1.0 through 0.7.0a2 Description A remote attacker can execute arbitrary code through the Upload function and the max file size parameter within the dash uploader/httprequesthandler.py, dash uploader/upload.py,...

PT-2026-39147

Name of the Vulnerable Software and Affected Versions absinthe plug versions 1.2.0 through 1.10.1 Description Reflected cross-site scripting is possible via the GraphiQL interface. The js escape/1 function in lib/absinthe/plug/graphiql.ex fails to escape backslashes when processing the query GET...

CVE-2026-38360

CVE-2026-38360 affects fohrloop dash-uploader, with directory traversal in dash_uploader/httprequesthandler.py affecting versions 0.1.0 through 0.7.0a2. The vulnerability arises from unvalidated user-supplied values used in get_temp_root (upload_id), resumableFilename, and resumableIdentifier, wh...

CVE-2024-27686

CVE-2024-27686 affects MikroTik RouterOS on x86, with versions 6.40.5 through 6.49.10 vulnerable to remote denial of service via specially crafted SMB data on TCP port 445; 6.49.10 is among the tested ranges and the fix is in version 7. The root cause involves handling of SMB requests that can cr...

CVE-2026-41554

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bricks Builder allows Reflected XSS. This issue affects Bricks Builder: from n/a through 1.9.2 to 2.2...

CVE-2025-14341 Input Data Manipulation in DivvyDrive Information Technologies' DivvyDrive

Improperly controlled modification of Dynamically-Determined object attributes, Allocation of resources without limits or throttling vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Excessive Allocation, Flooding. This issue affects DivvyDrive: from 4.8.2.19 before...

CVE-2026-5784

The CVE-2026-5784 entry concerns DivvyDrive Information Technologies’ DivvyDrive product. It describes a Stored XSS vulnerability caused by improper neutralization of input during web page generation, affecting DivvyDrive versions 4.8.2.9 up to (and including) 4.8.3.1, with the issue fixed in 4.8...

CVE-2026-6002 HTML Injection in DivvyDrive Information Technologies' DivvyDrive

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross-Site Scripting XSS. This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2...

CVE-2026-3953

CVE-2026-3953 describes a Reflected XSS in Gosoft Software Industry and Trade Ltd. Co. Proticaret E-Commerce due to improper neutralization of input during web page generation. Affected software: Proticaret E-Commerce from v5.0.0 to before v6.0.1767.1383. The CVSS 3.1 base metrics indicate HIGH i...

NPM: vm2: Mutable Proxies for Host Intrinsic Prototypes Allows Sandbox Escape

NPM: vm2: Mutable Proxies for Host Intrinsic Prototypes Allows Sandbox Escape vulnerability discovered by ? in WordPress Npm vm2 versions = 3.9.6, = 3.10.5...

CVE-2026-41891 CI4MS: Deactivated User Session Bypass (active=0)

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.26.0 to before version 0.31.8.0, the auth filter has the deactivated/banned user check commented out. This issue has been patched in version...

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +2845 more potentially affected by CVE-2026-42587 via io.netty:netty-codec-http (>=4.2.0.Alpha1 <=4.2.12.Final)

io.netty:netty-codec-http MAVEN version =4.2.0.Alpha1, =0.1.0, =0.1.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.2 and more Source cves: CVE-2026-42587 Source advisory: OSV:GHSA-F6HV-JMP6-3VWV...

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +753 more potentially affected by CVE-2026-42582 via io.netty:netty-codec-http3 (>=4.2.10.Final <=4.2.12.Final)

io.netty:netty-codec-http3 MAVEN version =4.2.10.Final, =0.1.0, =0.1.0, =0.0.1-alfa, =0.0.1-demo, =6.0.1, =4.0.3-M1, =1.21.9, =1.0.5, =3.6.4, =1.0.1, =26.2.1, =26.4.2 and more Source cves: CVE-2026-42582 Source advisory: SNYK:JAVA-IONETTY-16438978...