CVE-2026-47323 Apache Camel: Camel-CXF Message Header Injection via Missing Inbound Filtering

Camel-CXF and Camel-Knative Message Header Injection via Missing Inbound Filtering The CXF and Knative HeaderFilterStrategy implementations CxfRsHeaderFilterStrategy in camel-cxf-rest, CxfHeaderFilterStrategy in camel-cxf-transport, and KnativeHttpHeaderFilterStrategy in camel-knative-http only...

CVE-2026-46722

The OOXML parsing of the file indexer does not disable external entity resolution. A crafted xlsx or pptx document placed in an indexed directory can cause local files to be read or outbound HTTP requests to be performed, with the retrieved content being written to the search index...

CVE-2026-31379

CVE-2026-31379 affects Apache OFBiz prior to version 24.09.06. The incident combines multiple flaws: improper neutralization of input (XSS), path traversal restricting directory access, and improper generation of code, enabling a path traversal/file upload validation bypass with potential arbitra...

CVE-2026-31379 Apache OFBiz: Path Traversal and File Upload Validation Bypass Leading to Arbitrary File Write, Stored XSS and RCE in Catalog Manager

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting', Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Improper Control of Generation of Code 'Code Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06...

kernel: Linux kernel: Denial of service and memory corruption in RDMA umad

A flaw was found in the Linux kernel's Remote Direct Memory Access RDMA umad User Mode Access Device component. A local user can exploit this vulnerability by manipulating input, causing an integer underflow that leads to an out-of-bounds memory write. This memory corruption can result in a denia...

BIT-MONGODB-2026-8053 FlatBSON Duplicate Field Index Drift

An issue in MongoDB Server's time-series collection implementation allows an authenticated user with database write privileges to trigger an out-of-bounds memory write in the mongod process. The issue results from an inconsistency in the internal field-name-to-index mapping within the time-series...

CVE-2026-47314

Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3...

CVE-2026-47314

CVE-2026-47314 describes an out-of-bounds write vulnerability in Samsung Open Source Escargot, affecting the Escargot codebase listed (hash: 590345cc6258317c5da850d846ce6baaf2afc2d3d3). The issue is caused by an out-of-bounds write, with practical impact stated as high confidentiality, integrity,...

CVE-2026-47314

Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3...

CVE-2026-25781 kernel_liteos_a has an out-of-bounds write vulnerability

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS and it cannot be recovered...

CVE-2026-27648

OpenHarmony WebWebView component on OpenHarmony v6.0 and earlier is affected by an out-of-bounds write vulnerability that enables remote code execution in pre-installed apps. Affected: web_webview in OpenHarmony before/including v6.0. Root cause: out-of-bounds write (details not enumerated beyond...

CVE-2026-27648 web_webview has an out-of-bounds write vulnerability

in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps...

CVE-2026-34883

The CVE-2026-34883 affects the Portrait Dell Color Management application (before version 3.7.0) on Windows systems used with Dell monitors. The root cause is a symbolic link vulnerability in the installer that runs with elevated privileges, allowing a local low-privileged user to escalate to Adm...

PT-2026-41975

Name of the Vulnerable Software and Affected Versions HAX CMS versions prior to 26.0.0 Description An authenticated Server-Side Request Forgery SSRF allows users to fetch arbitrary internal or local resources and write the responses to a web-accessible directory, enabling arbitrary file read and...

CtrlPanel.gg 访问控制错误漏洞

CtrlPanel.gg is an open-source host service billing management tool developed by CtrlPanel.gg. Versions of CtrlPanel.gg 1.1.1 and earlier contained a security vulnerability related to access control. This vulnerability arose from multiple administrator controllers performing permission checks on...

PT-2026-41836

Name of the Vulnerable Software and Affected Versions Samsung Open Source Escargot version 590345cc6258317c5da850d846ce6baaf2afc2d3 Description An out-of-bounds write issue exists that allows overflow buffers. Recommendations At the moment, there is no information about a newer version that...

EUVD-2026-30934

An issue was discovered in the Portrait Dell Color Management application before 3.7.0 for Dell monitors. On Windows, a symbolic link vulnerability allows a local low-privileged user to escalate privileges to Administrator. During installation, the software writes the file CCFLFamily07Feb11.edr t...

CVE-2026-34883

An issue was discovered in the Portrait Dell Color Management application before 3.7.0 for Dell monitors. On Windows, a symbolic link vulnerability allows a local low-privileged user to escalate privileges to Administrator. During installation, the software writes the file CCFLFamily07Feb11.edr t...

PT-2026-41966

Summary The mailpit dump --http sub-command downloads every message from a remote Mailpit instance and writes each one as .eml inside the user-supplied output directory. The message ID field is taken verbatim from the JSON response of the remote server and concatenated into the output path with...

PT-2026-41967

Summary The screenshot/print proxy /proxy?data=… maintains a package-level assets mapstringMessageAssets cache, but reads the map without holding assetsMutex while a long-running cleanup goroutine and re-entrant CSS-rewriting code path concurrently write to it under the lock. When the...