CVE-2026-32693

In Juju from version 3.0.0 through 3.6.18, the authorization of the "secret-set" tool is not performed correctly, which allows a grantee to update the secret content, and can lead to reading or updating other secrets. When the "secret-set" tool logs an error in an exploitation attempt, the secret...

pinchtab 安全漏洞

Pinchtab is an open-source AI proxy browser control tool developed by Pinchtab. Versions of Pinchtab 0.7.7 to 0.8.4 contain security vulnerabilities. These vulnerabilities stem from incomplete request rate-limiting protection, which may weaken...

iCalendar 注入漏洞

iCalendar is an open-source Ruby library for processing iCalendar format files. Versions 2.0.0 to 2.12.2 of iCalendar contain a vulnerability due to improper cleanup of URI attribute values during .ics serialization, which may lead to ICS injection attacks...

libpng 缓冲区错误漏洞

libpng is an open-source PNG reference library developed by The PNG Development Group. It allows for the creation, reading, and writing of PNG graphic files. Versions of LIBPNG from 1.6.36 to 1.6.55 contain a buffer error vulnerability. This vulnerability stems from out-of-bound read and write...

Vim >= 9.1.0011 < 9.2.0137 NULL Pointer Dereference (GHSA-9phh-423r-778r)

The version of Vim installed on the remote host is between 9.1.0011 inclusive and 9.2.0137 exclusive. It is, therefore, affected by a vulnerability as referenced in the GHSA-9phh-423r-778r advisory. - Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA reg...

Linux Distros Unpatched Vulnerability : CVE-2026-33416

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. In versions 1.2.1...

CVE-2026-30892

crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the crun exec option -u --user is incorrectly parsed. The value 1 is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected...

@regis-samurai/n8n (>=0.216.1 <=0.219.1), n8n-nodes-accelo (>=0.1.0 <=0.1.9) +11 more potentially affected by CVE-2026-33722 via n8n (>=0.138.0 <=0.93.0)

n8n NPM version =0.138.0, =0.216.1, =0.1.0, =0.18.0, =0.1.0, =0.1.0, =0.2.14, =0.1.0, =0.1.0, =0.0.2, =0.0.2, =1.1.3 Source cves: CVE-2026-33722 Source advisory: OSV:GHSA-FXCW-H3QJ-8M8P...

EUVD-2025-209029

IBM Concert 1.0.0 through 2.2.0 could allow a local user to obtain sensitive information due to missing function level access control...

EUVD-2025-209027

IBM Concert 1.0.0 through 2.2.0 could allow a privileged user to perform unauthorized actions due to improper restriction of channel communication to intended endpoints...

EUVD-2025-209022

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable due to Insecure Direct Object Reference IDOR...

com.sap.hcp.cf.logging:sample-app-spring-boot (>=3.8.0 <=4.1.0), com.weibo:rill-flow-service (>=0.1.3 <=0.1.18) +159 more potentially affected by CVE-2026-33701 via io.opentelemetry.javaagent:opentelemetry-javaagent (>=0.12.1 <=2.23.0)

io.opentelemetry.javaagent:opentelemetry-javaagent MAVEN version =0.12.1, =3.8.0, =0.1.3, =4.0.0-alpha1, =1.9.0, =0.0.10, =0.2.1, =0.6.2, =0.6.2, =0.80.0, =0.80.0, =0.19.0, =2.5.0, =1.9.0, =1.9.0, =2.3.0 and more Source cves: CVE-2026-33701 Source advisory: OSV:GHSA-XW7X-H9FJ-P2C7...

ace-cm (>=0.0.1 <=0.0.4), active-framework (>=2.0.0 <=2.0.9) +378 more potentially affected by CVE-2026-33682 via streamlit (>=0.49.0 <=1.53.1)

streamlit PYPI version =0.49.0, =0.0.1, =2.0.0, =0.0.0, =1.2.1, =0.0.2, =0.0.5, =0.1.0, =0.0.0, =0.2.0, =0.2.2 and more Source cves: CVE-2026-33682 Source advisory: OSV:GHSA-7P48-42J8-8846...

CVE-2026-1561

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery SSRF. This may allow remote attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating...

4itech-schematics (>=11.0.0 <=11.3.0-1), @142vip/midway (>=0.1.6-alpha.2 <=0.1.6-alpha.12) +575 more potentially affected by CVE-2026-33672 via picomatch (>=1.2.0 <=2.3.1)

picomatch NPM version =1.2.0, =11.0.0, =0.1.6-alpha.2, =7.4.1, =0.0.1, =1.0.1, =0.0.2, =2.0.0, =9.0.0, =9.2.0-alpha.9, =9.2.0-alpha.9, =1.0.101, =1.1.0, =1.4.1 and more Source cves: CVE-2026-33672 Source advisory: OSV:GHSA-3V7F-55P6-F55P...

CVE-2026-1015

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

CVE-2025-64648 Multiple Vulnerabilities in IBM Concert Software

IBM Concert 1.0.0 through 2.2.0 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques...

CVE-2025-64647

IBM Concert 1.0.0 through 2.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

CVE-2025-64647

CVE-2025-64647 affects IBM Concert, versions 1.0.0 through 2.2.0. The flaw is use of weaker-than-expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. The connected sources corroborate this characterization, but no specific root-cause technical de...

CVE-2025-64646 Multiple Vulnerabilities in IBM Concert Software

IBM Concert 1.0.0 through 2.2.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources...