CVE-2026-29200

A critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20.11.0 to 26.1.1 and 26.2.1. The vulnerability allows a tenant administrator to impersonate any end-user account of other tenants on the same server via a vulnerable API call...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

CVE-2026-31431 "Copy Fail" — Safe Probe Suite !License: MIT...

ai-24sea (>=0.1.0 <=1.1.1), ai-documentation-writer (>=0.1.0 <=0.1.1) +31 more potentially affected by CVE-2026-7725 via prefect (>=3.0.0rc20 <=3.6.22)

prefect PYPI version =3.0.0rc20, =0.1.0, =0.1.0, =0.16.0, =0.6.1, =6.0.0, =1.0.1, =2.2.8, =2.25.0, =1.1.0, =1.3.0b5, =0.0.2, =0.1.11, =1.1.0, =2.3.0rc19 - mcp-prefect =0.1.0 and more Source cves: CVE-2026-7725 Source advisory: SNYK:PYTHON-PREFECT-16406537...

ai-24sea (>=0.1.0 <=1.1.1), ai-documentation-writer (>=0.1.0 <=0.1.1) +31 more potentially affected by CVE-2026-7724 via prefect (>=3.0.0rc20 <=3.6.22)

prefect PYPI version =3.0.0rc20, =0.1.0, =0.1.0, =0.16.0, =0.6.1, =6.0.0, =1.0.1, =2.2.8, =2.25.0, =1.1.0, =1.3.0b5, =0.0.2, =0.1.11, =1.1.0, =2.3.0rc19 - mcp-prefect =0.1.0 and more Source cves: CVE-2026-7724 Source advisory: SNYK:PYTHON-PREFECT-16383760...

abm-colony-collection (>=0.1.0 <=0.5.0), abm-initialization-collection (>=0.1.0 <=0.7.0) +106 more potentially affected by CVE-2026-7723 via prefect (>=0.9.2 <=3.6.13)

prefect PYPI version =0.9.2, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.0.126, =0.1.0, =1.0.4, =3.4.0, =0.4.0b0, =0.1.11, =0.1.0, =1.0.17, =6.0.0, =11.3.0 and more Source cves: CVE-2026-7723 Source advisory: OSV:GHSA-HVPH-5985-R63V...

abm-colony-collection (>=0.1.0 <=0.5.0), abm-initialization-collection (>=0.1.0 <=0.7.0) +108 more potentially affected by CVE-2026-7724 via prefect (>=0.9.2 <=3.6.22)

prefect PYPI version =0.9.2, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.16.0, =0.0.126, =0.1.0, =1.0.4, =3.4.0, =0.4.0b0, =0.1.11, =0.1.0, =0.5.0 and more Source cves: CVE-2026-7724 Source advisory: OSV:GHSA-P3PQ-HXMR-VQQR...

SambaBox 代码注入漏洞

SambaBox is a file-sharing server solution developed by SambaBox Inc. Based on Samba, versions 5.1 to 5.3 of SambaBox had a code injection vulnerability. This vulnerability stemmed from improper code generation control, which could lead to OS command injections...

Claude SDK for TypeScript 安全漏洞

Claude SDK for TypeScript is an open-source development toolkit by Anthropic, designed for calling the Claude API using TypeScript. There were security vulnerabilities in versions of Claude SDK for TypeScript from 0.79.0 to 0.91.1. These vulnerabilities stemmed from BetaLocalFilesystemMemoryTool...

EUVD-2026-27047

An integer underflow in FRRouting FRR stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

VulnCheck KEV: CVE-2024-13744

The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the validateproductinputfieldsonaddtocart function in versions 4.0.1 to 7.2.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

PT-2026-36875

Name of the Vulnerable Software and Affected Versions FRRouting FRR versions 10.0 through 10.6 Description An integer underflow occurs when a program calculates a value that is smaller than the minimum value the variable can hold, often wrapping around to a very large number. This issue allows...

Astra Linux – Vulnerability in libproxy

In url.cpp within libproxy versions 0.4.x to 0.4.15, it is possible for a remote HTTP server to trigger uncontrolled recursion by sending a response that consists of an infinite stream without a newline character. This leads to a stack exhaustion issue...

Astra Linux – Vulnerability in curl

There is an improper authentication vulnerability in curl versions 7.33.0 through and including 7.82.0. This vulnerability may allow for the reuse of OAUTH2-authenticated connections without ensuring that the connection was authentically verified with the same credentials used for this transfer...

Astra Linux – Vulnerability in curl

curl 7.1.1 up to and including 7.75.0 is vulnerable to a “Exposure of Private Personal Information to an Unauthorized Actor” by leaking credentials in the HTTP Referer: header. libcurl does not remove user credentials from the URL when automatically filling in the Referer: HTTP request header fie...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

The “Use After Free” vulnerability in the Linux kernel allows for the execution of code in a local environment on Linux, x86, and ARM bluetooth modules. This vulnerability is associated with program files located at https://gitee.com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/afbluetooth.C...

PT-2026-36614

Name of the Vulnerable Software and Affected Versions Wireshark versions 4.6.0 through 4.6.4 Description A NULL pointer dereference occurs in the IEEE 802.11 protocol dissector, which can lead to a crash of the application. Recommendations At the moment, there is no information about a newer...

CVE-2026-42786

Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion. The fragment reassembly path in 'Elixir.Bandit.WebSocket.Connection':handleframe/3 in lib/bandit/websocket/connection.ex appends every incomi...

CVE-2026-43506

An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5. A Denial of Service can occur via memory exhaustion caused by memory leaks from unauthenticated connections...

GHSA-RJMP-RWJ4-MV82 @diplodoc/search-extension allows stored XSS via Markdown file title

@diplodoc/search-extension 1.0.0 through 3.0.2 allows stored XSS via .md file title...

PYSEC-2026-205

An issue was discovered in OpenStack ironic-python-agent 1.0.0 through 11.5.0. Ironic Python Agent IPA sometimes executes grub-install from within a chroot of the deployed partition image, leading to code execution in the case of a malicious image...