PT-2026-34226

Name of the Vulnerable Software and Affected Versions F Prime versions prior to 4.2.0 Description An integer overflow occurs during a bounds check where the addition of byteOffset and dataSize wraps around on overflow. This allows a specially crafted DataPacket to bypass the check, enabling a fil...

PT-2026-34185

Name of the Vulnerable Software and Affected Versions NTFS-3G versions 2022.10.3 through 2026.2.24 Description A heap buffer overflow exists in the ntfs build permissions posix function within acls.c. This issue allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by using a...

VulnCheck KEV: CVE-2019-25714

Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads. Attackers can wri...

PT-2026-34087

Vulnerability in the PeopleSoft Enterprise HCM Shared Components product of Oracle PeopleSoft component: Person Search. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise H...

Seeyon OA A8 代码问题漏洞

Seeyon OA A8 is a collaborative office management system developed by the Chinese company Seeyon. There is a code vulnerability in Seeyon OA A8. This vulnerability stems from an unauthenticated file writing operation at the /seeyon/htmlofficeservlet endpoint. This could allow a remote attacker to...

XiangShan 安全漏洞

XiangShan is an open-source high-performance RISC-V processor project developed by XiangShan in China. There is a security vulnerability in XiangShan, which stems from improper control of the distributed CSR write enablement path. This vulnerability could allow local attackers to modify memory...

EUVD-2026-24467

In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in ntfsbuildpermissionsposix in acls.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered on the READ path stat, readdir, open when...

Lego 安全漏洞

Lego is an open-source library written in Go by go-acme. Versions of Lego before 4.34.0 have security vulnerabilities; these vulnerabilities stem from path traversal in the webroot HTTP-01 challenge provider, which could lead to arbitrary file writing and deletion...

PT-2026-34063

WWBN AVideo is an open source video platform. In versions 29.0 and prior, the locale save endpoint locale/save.php constructs a file path by directly concatenating $ POST'flag' into the path at line 30 without any sanitization. The $ POST'code' parameter is then written verbatim to that path via...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013093)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013093 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: refresh inline data size before write operations The cached ei-iinlinesize can become stal...

Apktool 路径遍历漏洞

Apktool is a reverse-engineering tool for Android APK files developed by Connor Tumbleson. Versions 3.0.0 and 3.0.1 of Apktool contain a path traversal vulnerability. This vulnerability stems from a path traversal issue in the brut/androlib/res/decoder/ResFileDecoder.java file. It could allow a...

CVE-2026-40706

In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in ntfsbuildpermissionsposix in acls.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered on the READ path stat, readdir, open when...

PT-2026-34003

Name of the Vulnerable Software and Affected Versions October versions prior to 3.7.14 October versions prior to 4.1.10 Description A flaw in the Twig sandbox security policy allows database write operations when cms.safe mode is enabled. Backend users with Developer permissions can use Twig...

PT-2026-33997

Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads. Attackers can wri...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-006955)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006955 advisory. In the Linux kernel, the following vulnerability has been resolved: tracing/hist: Fix out-of-bound write on 'actiondata.varrefidx' When generate a synthetic event wi...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013128)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013128 advisory. In the Linux kernel, the following vulnerability has been resolved: media: av7110: prevent underflow in writetstodecoder The buf4 value comes from the user via tspla...

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-006900)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006900 advisory. In the Linux kernel, the following vulnerability has been resolved: x86/mm/pat: fix VMPAT handling in COW mappings PAT handling won't do the right thing in COW...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013220)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013220 advisory. In the Linux kernel, the following vulnerability has been resolved: fs: hfsplus: remove WARNON from hfspluscatread,writeinode syzbot is hitting WARNON in...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013094)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013094 advisory. In the Linux kernel, the following vulnerability has been resolved: dccp: fix data-race around dp-dccpsmsscache dccpsendmsg reads dp-dccpsmsscache before locking the...

Siemens SICAM 8 Products Out-of-Bounds Write (CVE-2026-27664)

A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V26.10. The affected application contains an out-of-bounds write vulnerability while parsing specially crafted XML inputs. This could allow an unauthenticated attacker to exploit this issue by sending a...