CVE-2026-37232

An issue was discovered in OpenAirInterface5G 2.4.0 nr-softmodem in the E2SM-KPM RAN Function's PRB utilization metric calculation. The functions fillRRUPrbTotDl and fillRRUPrbTotUl in openair2/E2AP/RANFUNCTION/O-RAN/ranfunckpmsubs.c lines 182 and 197 compute PRB usage percentages by dividing by...

PT-2026-45555

Name of the Vulnerable Software and Affected Versions Kiteworks versions prior to 9.3.0 Description A reflected Cross-Site Scripting XSS issue in Kiteworks Secure Data Forms allows an external attacker to trick a user into executing arbitrary JavaScript code. Cross-Site Scripting is a flaw where...

PT-2026-45511

Name of the Vulnerable Software and Affected Versions OpenAirInterface5G version 2.4.0 Description An issue exists in the E2SM-KPM RAN Function's PRB utilization metric calculation within the nr-softmodem component. The functions fill RRU PrbTotDl and fill RRU PrbTotUl compute PRB usage percentag...

PT-2026-45653

Name of the Vulnerable Software and Affected Versions Kiteworks versions prior to 9.3.0 Description An Insecure Direct Object Reference IDOR issue in Kiteworks Secure Data Forms allows an authenticated user to access metadata of resources belonging to other users. This occurs because of...

PT-2026-45650

Name of the Vulnerable Software and Affected Versions Kiteworks versions prior to 9.3.0 Description A stored Cross-Site Scripting XSS issue in Kiteworks Secure Data Forms allows an authenticated attacker to execute arbitrary JavaScript code within the sessions of other users. Recommendations Upda...

PT-2026-45672

A vulnerability has been found in 1Panel-dev CordysCRM up to 1.6.2. This affects an unknown function of the file backend/framework/src/main/java/cn/cordys/config/RequestParamTrimConfig.java. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit...

IBM WebSphere Application Server（WAS） 代码注入漏洞

IBM WebSphere Application Server WAS is an application server product developed by IBM. It serves as a platform for JavaEE and web services applications and forms the foundation of the IBM WebSphere software suite. Both the 9.0 and 8.5 versions of IBM WebSphere Application Server contained a code...

ZeusCart 跨站请求伪造漏洞

ZeusCart is an e-commerce shopping cart system developed by ZeusCart Inc. Version 4.0 of ZeusCart contains a cross-site request forgeing vulnerability. This vulnerability stems from cross-site request forgery, allowing attackers to manipulate user behavior by tricking users into accessing pages...

PT-2026-45540

Name of the Vulnerable Software and Affected Versions AI Tensor Engine for ROCm AITER versions prior to 0.1.15 Description An unauthenticated remote code execution issue exists in the MessageQueue.recv function within shm broadcast.py. This occurs because a ZMQ SUB socket lacks authentication,...

Pwn2Own Berlin 2026: On the Ground With TrendAI™ ZDI's Biggest AI Showdown Yet

47 zero-days fell at Pwn2Own Berlin 2026 for US$1,298,250 in payouts. TrendAI™ was on the ground all three days — here's what we saw...

PT-2026-45355

Privilege chaining issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in to the server where the affected product is installed may obtain SYSTEM privilege...

openairinterface5G 安全漏洞

openairinterface5G is an open-source implementation of the OAI project, focusing on the research, development, and testing of 5G NR New Radio core networks and access networks. Version 2.4.0 of openairinterface5G contains a security vulnerability. This vulnerability stems from the E2SM-KPM RAN...

CodeAstro Online Job Portal SQL注入漏洞

CodeAstro Online Job Portal is an online job portal operated by CodeAstro Corporation. Version 1.0 of CodeAstro Online Job Portal has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter ID in the file/users/applicationstatus.php, which may lead to SQL...

FlexRIC 安全漏洞

FlexRIC is an open-source RAN intelligent controller developed by Mosaic5G. Version FlexRIC v2.0.0 contains a security vulnerability. This vulnerability arises from the fact that when the lookup function returns NULL, the assert function during debugging builds triggers a SIGABRT, or in release...

PT-2026-45543

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls...

PT-2026-45265

An improper neutralization of user-controllable input in OTRS or OTRS Community Edition ticket handling allows authenticated attackers to perform reflected cross-site scripting XSS attacks via crafted request parameters associated with ticket actions. By injecting malicious JavaScript into...

PT-2026-45542

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server version 9.0 IBM WebSphere Application Server version 8.5 Description An issue exists that allows for identity spoofing, where an attacker can impersonate another user or system identity. Recommendations At the...

SourceCodester Pharmacy Sales and Inventory System 代码注入漏洞

SourceCodester Pharmacy Sales and Inventory System is an open-source medication sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Pharmacy Sales and Inventory System contains a code injection vulnerability. This vulnerability arises from improper...

Assimp 安全漏洞

Assimp is an open-source library developed by Assimp. It is used for importing and exporting various 3D model formats. Versions of Assimp 6.0.4 and earlier contained security vulnerabilities. These vulnerabilities stemmed from a zero-division error in the FBXExporter.cpp file’s...

CVE-2026-37232

OpenAirInterface5G 2.4.0 (nr-softmodem) E2SM-KPM RAN Function PRB utilization calculation (fill_RRU_PrbTotDl/Ul in openair2/E2AP/RAN_FUNCTION/O-RAN/ran_func_kpm_subs.c) divides PRB difference by the previous total_prb_aggregate, missing a zero-check. If two consecutive samples are identical and a...