CVE-2026-42277

Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the GET /chat/file/fileid endpoint allows any authenticated user to download any other user's uploaded files by providing the file UUID. The endpoint verifies the caller is authenticated but never checks that the file...

CVE-2026-34838 Group-Office: Authenticated Remote Code Execution via PHP Insecure Deserialization in `AbstractSettingsCollection`

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.156, 25.0.90, and 26.0.12, a vulnerability in the AbstractSettingsCollection model leads to insecure deserialization when these settings are loaded. By injecting a serialized FileCookieJar...

SUSE CVE-2026-25576

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in multiple raw image format handles. The vulnerability occurs when processing images with -extract dimensions larg...

EUVD-2026-7442

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a NULL pointer dereference in ClonePixelCacheRepository allows a remote attacker to crash any application linked against ImageMagick by supplying a crafted imag...

EUVD-2021-2419

Malware in sbrugna...

EUVD-2023-43650

Malicious code in bioql PyPI...

EUVD-2022-2791

Malicious code in bioql PyPI...

CVE-2025-38004 affecting package kernel for versions less than 6.6.96.1-1

CVE-2025-38004 affecting package kernel for versions less than 6.6.96.1-1. A patched version of the package is available...

CVE-2025-6395 affecting package gnutls for versions less than 3.8.3-6

CVE-2025-6395 affecting package gnutls for versions less than 3.8.3-6. A patched version of the package is available...

WordPress Team Showcase plugin < 25.05.13 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Tran Nguyen Bao KhanhVCI - VNPT in WordPress Plugin Team Showcase versions 25.05.13...

WordPress Testimonials Showcase plugin <= 1.9.16 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Tran Nguyen Bao KhanhVCI - VNPT in WordPress Plugin Testimonials Showcase versions = 1.9.16...

CVE-2021-43836

Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions an attacker can read arbitrary local files via a PHP file include. In a default configuration this also leads to remote code execution. The problem is patched with the Versions 1.6.44, 2.2.18...

CVE-2023-32611 affecting package glib for versions less than 2.71.0-4

CVE-2023-32611 affecting package glib for versions less than 2.71.0-4. A patched version of the package is available...

CVE-2025-29925

XWiki Platform REST API vulnerability CVE-2025-29925: the /rest/wikis/[wikiName]/pages endpoint could disclose information about protected/private pages to unauthenticated users before fixes. The issue occurs because the endpoint listed pages even when the user had no view rights, notably when th...

CVE-2025-22869 affecting package kubernetes for versions less than 1.28.4-15

CVE-2025-22869 affecting package kubernetes for versions less than 1.28.4-15. A patched version of the package is available...

CVE-2023-5678 affecting package edk2 for versions less than 20230301gitf80f052277c8-38

CVE-2023-5678 affecting package edk2 for versions less than 20230301gitf80f052277c8-38. A patched version of the package is available...

CVE-2023-38469 affecting package avahi for versions less than 0.8-3

CVE-2023-38469 affecting package avahi for versions less than 0.8-3. A patched version of the package is available...

WordPress Robin image optimizer Plugin <= 1.6.9 is vulnerable to Broken Access Control

Software Robin image optimizer Type Plugin Vulnerable versions = 1.6.9 Fixed in 1.7.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43122 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID a94e3ea55a34 Credits Joshua Chan...

CVE-2024-27319 affecting package pytorch for versions less than 2.2.2-1

CVE-2024-27319 affecting package pytorch for versions less than 2.2.2-1. A patched version of the package is available...

PT-2024-34582 · Lunary Ai · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary versions 1.2.2 through 1.2.24 Description: An improper access control issue exists in the versions.patch functionality for updating prompts, allowing unauthorized users to update prompt details due to insufficient access...