CVE-2026-47153

In EmberZNet v9.0.2 and earlier, a malformed Level Control Step command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted...

EUVD-2026-39411

Improper bounds validation in EmberZNet SDK versions 9.0.2 and earlier may result in crashes or dynamic memory leakage...

CVE-2026-6432

The CVE-2026-6432 entry concerns EmberZNet SDK versions 9.0.2 and earlier, with a root cause of improper bounds validation. This can lead to crashes or dynamic memory leakage. The available documents do not specify additional details such as affected products beyond EmberZNet SDK, release version...

CVE-2026-47150

The advisory concerns EmberZNet v9.0.2 and earlier where malformed IAS Zone enrollment messages can trigger an out-of-bounds write to a state-table, terminating the process. The write’s size/location are bounded, and only messages from devices that have already joined the network affect devices s...

CVE-2025-60474

GPAC MP4Box up to version 26.01.x has a buffer overflow in the gf_media_import() function (in /media_tools/av_parsers.c). The underlining issue allows DoS via crafted input, affecting MP4Box before 26.02.0. Public sources consistently cite GPAC MP4Box versions prior to 26.02.0 as vulnerable, with...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: The calltrace warning in amddrmbuddyfini has been fixed. The following call trace was observed when the amdgpu driver was removed. This issue arises because the BOs allocated for psp are not freed until the driver is...

CVE-2026-52700

Subscriber SQL Injection in WCMultiShipping = 3.0.2 versions...

CVE-2026-49780

Customer Privilege Escalation in Dokan = 5.0.2 versions...

EUVD-2026-36897

Customer Privilege Escalation in Dokan = 5.0.2 versions...

Security Bulletin: IBM Engineering Systems Design Rhapsody was affected by CVE-2025-11143

Summary IBM Engineering Systems Design Rhapsody was affected by CVE-2025-11143. Although the vulnerability is generally rated low to medium severity due to the specific conditions required for exploitation, it can become more impactful in complex multi-layered architectures where consistent URL...

PT-2026-49516

Name of the Vulnerable Software and Affected Versions Dokan versions prior to 5.0.3 Description A privilege escalation issue exists that allows a user with customer privileges to gain higher access levels. Recommendations Update to a version later than 5.0.2...

CVE-2026-11561 SSTI in Soagen Informatics' Apinizer

Improper neutralization of special elements used in an expression language statement 'expression language injection' vulnerability in Soagen Informatics Technologies Software and Consulting Inc. Apinizer allows Code Injection. This issue affects Apinizer: from 2026.04.0 before 2026.04.6...

CVE-2026-6269

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to modify hidden merge requests due to incorrect...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among...

MiracleLinux 8 : ruby:3.3 (AXSA:2026-769:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-769:01 advisory. erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 Tenable has extracted the preceding description block directly from the...

Open XDMoD 操作系统命令注入漏洞

Open XDMoD is an open-source tool developed by the Center for Computational Research for managing high-performance computing resources. Versions 9.5.0 to 11.0.2 of Open XDMoD contain a vulnerability related to operating system command injection. This vulnerability allows attackers to remotely...

CVE-2025-64390

A privilege escalation vulnerability exists in PlayStation 4 firmware versions 13.00 through 13.02. The BD-J Blu-ray Disc Java sandbox can be escaped through a malformed JAR file...

CVE-2026-1829 Content Visibility for Divi Builder <= 4.02 - Authenticated (Contributor+) Remote Code Execution

The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.02 via the 'etpbtext' shortcode 'cvdbcontentvisibilitycheck' parameter. This makes it possible for authenticated attackers, with Contributor-level access and...

Sony PlayStation 4 安全漏洞

The Sony PlayStation 4 is a home video game console developed by the Japanese company Sony. There were security vulnerabilities in the versions 13.00 to 13.02 of the Sony PlayStation 4. These vulnerabilities stemmed from the BD-J sandbox feature, which could allow an abnormal JAR file to escape,...

CVE-2026-40989

Under infinite recursion in the routing layer, request-handling can cause OOM error. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 Spring Cloud Function 4.1.x: versions prior to 4.1.10 Spring Cloud Function 4.2.x: versions prior to 4.2.6 Spring Cloud...