Command Injection

Overview aws-mcp is an AWS Model Context Protocol Server Affected versions of this package are vulnerable to Command Injection via improper validation of user-supplied input in the allowed commands process. An attacker can execute arbitrary system commands by supplying crafted input that is used ...

WordPress plugin wpForo Forum 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

Photon OS 5.0: Linux PHSA-2026-5.0-0813

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0813. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

pypdf: Manipulated XMP metadata entity declarations can exhaust RAM

Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the XMP metadata. Patches This has been fixed in pypdf==6.10.0. Workarounds If you cannot upgrade yet, consider applying the changes from PR 3724...

EUVD-2026-21492

Rembg has a Path Traversal via Custom Model Loading...

GHSA-W95V-4H65-J455 SiYuan Affected by Zero-Click NTLM Hash Theft and Blind SSRF via Mermaid Diagram Rendering

SiYuan configures Mermaid.js with securityLevel: "loose" and htmlLabels: true. In this mode, tags with src attributes survive Mermaid's internal DOMPurify and land in SVG blocks. The SVG is injected via innerHTML with no secondary sanitization. When a victim opens a note containing a malicious...

EUVD-2026-21553

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.9.0, a cross-tenant authorization bypass exists in Chartbrew in GET /team/:teamid/template/generate/:projectid. The GET handler calls checkAccessreq,...

CVE-2026-33141 Chamilo LMS has an IDOR in REST API Stats Endpoint Exposes Any User's Learning Data

Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Reference IDOR vulnerability in the REST API stats endpoint allows any authenticated user including low-privilege students with ROLEUSER to read any other user's learning progress, certificates, and...

EUVD-2026-21535

Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Reference IDOR vulnerability in the REST API stats endpoint allows any authenticated user including low-privilege students with ROLEUSER to read any other user's learning progress, certificates, and...

CVE-2026-32893

Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, a Reflected Cross-Site Scripting XSS vulnerability in the exercise question list admin panel allows an attacker to execute arbitrary JavaScript in an authenticated teacher's browser. The pagination code merges all $GET parameters v...

EUVD-2026-21525

Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, a Reflected Cross-Site Scripting XSS vulnerability in the exercise question list admin panel allows an attacker to execute arbitrary JavaScript in an authenticated teacher's browser. The pagination code merges all $GET parameters v...

UBUNTU-CVE-2026-34480

Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.htmlXmlLayout , in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/charsets producing invalid XML output whenever a log message or M...

CVE-2026-35602 Vikunja has a File Size Limit Bypass via Vikunja Import

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the Vikunja file import endpoint uses the attacker-controlled Size field from the JSON metadata inside the import zip instead of the actual decompressed file content length for the file size enforcement check. By...

Vikunja: Link Share JWT tokens remain valid for 72 hours after share deletion or permission downgrade

Title Link Share JWT tokens remain valid for 72 hours after share deletion or permission downgrade Description Vikunja's link share authentication constructs authorization objects entirely from JWT claims without any server-side database validation. When a project owner deletes a link share or...

Claude Mythos: Preparing for a World Where AI Finds and Exploits Vulnerabilities Faster Than Ever

Anthropic's new model can autonomously discover zero-days and develop working exploits. While access is currently limited to responsible actors, now is the time to strengthen response playbooks, reduce exposure, and incorporate AI into security programs...

CVE-2025-5804

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Case Themes Case Theme User case-theme-user allows PHP Local File Inclusion.This issue affects Case Theme User: from n/a through 1.0.4...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the minimatch library

Summary Due to the use of the minimatch library, DevOps Test Performance and Rational Performance Tester contain potential denial of service DoS vulnerabilities. CVE-2026-26996 Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION: minimatch is a minimal matching utility for converting glob...

Vulnerabilities fixed in Microsoft Windows

Microsoft fixed vulnerabilities in Windows A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Accessing sensitive data - Execution of arbitrary code user privileges - Executio...

CVE-2026-6032 code-projects Simple Laundry System checkcheckout.php cross site scripting

A vulnerability was found in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /checkcheckout.php. Performing a manipulation of the argument serviceId results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made...

Security Bulletin: Decompression Bomb Vulnerability in urllib3 affects watsonx.data

Summary urllib3 versions ≥1.24 and 2.6.0 are vulnerable to unbounded decompression chains. A malicious server can trigger excessive CPU and memory usage by sending many nested compression steps. The issue is fixed in version 2.6.0. This can affect watsonx.data. Vulnerability Details...