Suprema BioStar 安全漏洞

Suprema BioStar is a web-based, open-integrated security platform developed by the South Korean company Suprema. It offers comprehensive features for access control, attendance management, visitor management, and video log maintenance. There were security vulnerabilities in the versions of Suprem...

CVE-2025-48977

Relative Path Traversal vulnerability in Apache Ignite REST API. Authenticated REST API users can read any file on the server with "cmd=log" command and a log path crafted in a certain way. This issue affects Apache Ignite: from 2.0.0 through 2.17.0. Users are recommended to upgrade to version...

CVE-2026-42736

Authorization Bypass Through User-Controlled Key vulnerability in wordplus BP Better Messages bp-better-messages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BP Better Messages: from n/a through = 2.14.16...

SUSE CVE-2026-44059

A race condition in the privilege toggle mechanism in Netatalk 2.2.5 through 4.4.2 allows a local attacker to obtain limited information, modify limited data, or cause a minor service disruption...

Netatalk 安全漏洞

Netatalk is an open-source software developed by Netatalk Inc. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 2.0.4 to 4.4.2 of Netatalk contain security vulnerabilities. These vulnerabilities stem from a confusion between UCS-2 typ...

CVE-2026-39079

An issue in prestashop upsshipping all versions through at least 2.4.0 allows a remote attacker to obtain sensitive information via the /modules/upsshipping/logs/, and /modules/upsshipping/lib/UPSBaseApi.php components...

CVE-2026-42031

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastoresearchsql allowed attackers to inject SQL in order to gain access to private resources and PostgreSQL system information This vulnerability is fixed ...

PT-2026-40763

Name of the Vulnerable Software and Affected Versions cowboy versions 2.0.0 through 2.14.x Description An issue in multipart header parsing allows an unauthenticated attacker to cause a denial of service via unbounded buffer accumulation. The function read part in src/cowboy req.erl accumulates...

CVE-2026-7474 Nomad vulnerable to path traversal in dynamic host volume which may lead to code execution

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to code execution on the client host through a path traversal attack. This vulnerability CVE-2026-7474 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11...

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for Lte/Nr networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from a function in the delete Endpoint component called...

CVE-2026-8149

CVE-2026-8149 affects Legion of the Bouncy Castle BC-FJA/BC-FIPS on Linux x86_64 with AVX/AVX-512f. Vulnerable components: gcm128w and gcm512w ; affected versions: 2.1.0–2.1.2 . Root cause details and specific fixes are not provided in the documents. No exploitation details are included. No remed...

Gitroom Postiz 跨站脚本漏洞

Gitroom Postiz is an open-source social media scheduling tool developed by Gitroom. Versions of Gitroom Postiz from 2.21.6 to 2.21.7 contained a cross-site scripting vulnerability. This vulnerability allowed any authenticated user to store arbitrary HTML in post content by manipulating saved...

CVE-2026-42798

Little CMS lcms2 2.16 through 2.18 before 2.19 has an integer overflow in ParseCube in cmscgats.c...

Astra Linux - уязвимость в qemu

A use-after-free flaw was discovered in the MegaRAID emulator of QEMU. This issue occurs during the processing of SCSI I/O requests when the mptsasfreerequest function fails to dequeue the request object ‘req’ from the pending requests queue. This flaw allows a privileged guest user to crash the...

Astra Linux - уязвимость в ansible

A flaw was discovered in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then select a new destination path on the controller node. All versions under 2.7.x, 2.8.x, and 2.9.x branches are believed to be vulnerable...

IBM Watsonx.data 安全漏洞

IBM Watsonx.data is an open data lake platform developed by IBM. Versions 2.2 to 2.3 of IBM Watsonx.data contain security vulnerabilities. These vulnerabilities stem from insufficient restrictions on communication between Pods, allowing attackers to transfer data between Pods without any...

GHSA-MPFM-FPGX-647Q CKAN has no certificate validation on STMP connection

Impact Configured SMTP server may be spoofed with any certificate e.g. self-signed, leaving credentials and all emails sent open to MITM attacks. Patches The vulnerability has been patched in CKAN 2.10.10 and CKAN 2.11.5...

NextChat 代码问题漏洞

NextChat is an open-source project developed by NextChat for quickly deploying private ChatGPT web applications. Versions of NextChat 2.16.1 and earlier have code vulnerabilities. These vulnerabilities stem from improper handling of the proxyHandler function in the file...

CVE-2026-5928

CVE-2026-5928 affects glibc’s ungetwc on FILE streams with wide characters where overlaps between single-byte and multi-byte encodings occur, in version 2.43 or earlier. A bug in the wide character pushback (_IO_wdefault_pbackfail) causes ungetwc() to operate on the regular input buffer (fp->_...

WordPress Petje.af plugin <= 2.1.8 - Cross-Site Request Forgery to Account Deletion via 'petjeaf_disconnect' AJAX Action vulnerability

Cross-Site Request Forgery to Account Deletion via 'petjeafdisconnect' AJAX Action vulnerability discovered by theviper17y in WordPress Plugin Petje.af versions = 2.1.8...