GHSA-MWMH-MQ4G-G6GR Electron: Registry key path injection in app.setAsDefaultProtocolClient on Windows

Impact On Windows, app.setAsDefaultProtocolClientprotocol did not validate the protocol name before writing to the registry. Apps that pass untrusted input as the protocol name may allow an attacker to write to arbitrary subkeys under HKCU\Software\Classes, potentially hijacking existing protocol...

Rico só vantagem pra investir App 安全漏洞

Rico só vantagem pra investir App is a digital investment application developed by the Brazilian company Rico. The version 4.58.32.12421 and earlier versions of Rico só vantagem pra investir App have security vulnerabilities, which stem from the use of a hardcoded encryption key for the parameter...

Wahoo Fitness SYSTM App 安全漏洞

The Wahoo Fitness SYSTM App is a comprehensive structured training app developed by Wahoo Fitness in the United States. The Wahoo Fitness SYSTM App versions 7.2.1 and earlier contained security vulnerabilities, which stemmed from the use of hardcoded encryption keys for the SEGMENTWRITEKEY...

ROS-20260403-73-0026

A vulnerability in the fbdev component of the Linux operating system kernel is related to writing outside of buffer boundaries. Exploitation of the vulnerability allows an attacker to affect confidentiality, integrity and availability of protected information...

PT-2026-29987

A vulnerability was found in GRID Organiser App up to 1.0.5 on Android. Impacted is an unknown function of the file file res/raw/app.json of the component co.gridapp.organiser. Performing a manipulation of the argument SegmentWriteKey results in use of hard-coded cryptographic key . The attack is...

Noelse Individuals & Pro App 安全漏洞

Noelse Individuals & Pro App is a financial services app developed by the French company Noelse, designed for individual and professional users to manage online accounts, handle payments, and access financial tools. The Noelse Individuals & Pro App versions 2.1.7 and earlier contain security...

CVE-2025-59711

An issue was discovered in Biztalk360 before 11.5. Because of mishandling of user-provided input in an upload mechanism, an authenticated attacker is able to write files outside of the destination directory and/or coerce an authentication from the service, aka Directory Traversal...

PT-2026-29986

A vulnerability has been found in Rico só vantagem pra investir App up to 4.58.32.12421 on Android. This issue affects some unknown processing of the file br/com/rico/mobile/di/SegmentSettingsModule.java of the component br.com.rico.mobile. Such manipulation of the argument SEGMENT WRITE KEY lead...

PT-2026-30166

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the serial core related to handling transmission for unknown ports PORT UNKNOWN. Inconsistencies between uart write room and uart write when xmit buf ...

PT-2026-30021

Name of the Vulnerable Software and Affected Versions goshs affected versions not specified Description goshs is susceptible to a critical path traversal flaw in the PUT upload functionality. The PUT upload process lacks proper path sanitization, allowing attackers to write arbitrary files to the...

Dialogue App 安全漏洞

Dialogue App is an artificial intelligence dialogue application developed by Dialogue Company. Versions of Dialogue App 4.3.2 and earlier contained security vulnerabilities, which were caused by the use of a hardcoded encryption key for the parameter SEGMENTWRITEKEY...

Sumi Interactive GRID Organiser 安全漏洞

Sumi Interactive GRID Organizer is an activity planning and management application developed by Sumi Interactive in China. Versions of Sumi Interactive GRID Organizer prior to 1.0.5 contained security vulnerabilities, which were caused by the use of hardcoded encryption keys for the Parameter...

CVE-2026-28373

The Stackfield Desktop App before 1.10.2 for macOS and Windows contains a path traversal vulnerability in certain decryption functionality when processing the filePath property. A malicious export can write arbitrary content to any path on the victim's filesystem...

Linux Distros Unpatched Vulnerability : CVE-2026-34544

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version...

Linux Distros Unpatched Vulnerability : CVE-2026-5318

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A weakness has been identified in LibRaw up to 0.22.0. This impacts the function HuffTable::initval of the file src/decompressors/losslessjpeg.cpp of the...

Roundcube Webmail 代码问题漏洞

Roundcube Webmail is an open-source browser-based IMAP client developed by Roundcube. It supports address book management, information search, spelling checking, and more. Versions of Roundcube Webmail prior to 1.5.14 and 1.6.14 had code vulnerabilities due to unsafe deserialization, which could...

PT-2026-30261

Hirschmann Industrial HiVision versions 06.0.00 and 07.0.00 prior to 06.0.06 and 07.0.01 contains an improper authorization vulnerability that allows read-only users to gain write access to managed devices by bypassing access control mechanisms. Attackers can exploit alternative interfaces such a...

PT-2026-29975

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsafe deserialization in the redis/memcache session handler may lead to arbitrary file write operations by unauthenticated attackers via crafted session data...

PT-2026-29995

A vulnerability was identified in Wahoo Fitness SYSTM App up to 7.2.1 on Android. Impacted is an unknown function of the file com/WahooFitness/SYSTM/BuildConfig.java of the component com.WahooFitness.SYSTM. Such manipulation of the argument SEGMENT WRITE KEY leads to use of hard-coded cryptograph...

Amazon Athena ODBC driver 安全漏洞

The Amazon Athena ODBC driver is a database connection driver developed by the American company Amazon. Versions of the Amazon Athena ODBC driver prior to 2.1.0.0 contained a security vulnerability. This vulnerability stemmed from out-of-bounds writing in the query processing component, which cou...