South Korean President Lee Jae Myung is spending the first weeks of the new year attempting a feat of diplomatic
Vulnerabilities
CVE-2026-22777 | Comfy ComfyUI-Manager up to 3.39.1/4.0.4 config.ini crlf injection (GHSA-562r-8445-54r2)
A vulnerability was found in Comfy ComfyUI-Manager up to 3.39.1/4.0.4. It has been rated as problematic. Affected by this vulnerability
CVE-2026-22703 | sigstore cosign up to 2.6.1/3.0.3 data authenticity (GHSA-whqx-f9j3-ch6m)
A vulnerability categorized as problematic has been discovered in sigstore cosign up to 2.6.1/3.0.3. Affected by this issue is some
CVE-2026-22693 | HarfBuzz up to 12.2.x src/hb-ot-cmap-table.hh create null pointer dereference (GHSA-xvjr-f2r9-c7ww)
A vulnerability identified as problematic has been detected in HarfBuzz up to 12.2.x. This affects the function SubtableUnicodesCache::create of the
CVE-2026-22600 | opf openproject up to 16.6.3 SVG File information disclosure (GHSA-m8f2-cwpq-vvhh)
A vulnerability labeled as problematic has been found in opf openproject up to 16.6.3. This vulnerability affects unknown code of
CVE-2026-22685 | DevToys prior 2.0.9.0 NUPKG Archives path traversal (GHSA-ggxr-h6fm-p2qh)
A vulnerability marked as critical has been reported in DevToys. This issue affects some unknown processing of the component NUPKG
CVE-2026-22689 | axllent mailpit up to 1.28.1 missing origin validation in websockets (GHSA-524m-q5m7-79mm)
A vulnerability described as problematic has been identified in axllent mailpit up to 1.28.1. Impacted is an unknown function. The
CVE-2025-59057 | remix-run react-router API meta cross site scripting (GHSA-3cgp-3xvw-98×8)
A vulnerability classified as problematic has been found in remix-run react-router. The affected element is the function meta of the
CVE-2025-68470 | remix-run react-router up to 6.30.1/7.9.5 navigate/redirect (GHSA-9jcx-v3wj-wh4m)
A vulnerability classified as problematic was found in remix-run react-router up to 6.30.1/7.9.5. The impacted element is the function navigate/redirect.
CVE-2026-21884 | remix-run react-router API getKey/storageKey cross site scripting (GHSA-8v8x-cx79-35w7)
A vulnerability, which was classified as problematic, has been found in remix-run react-router. This affects an unknown function of the
CVE-2026-22030 | remix-run react-router POST Request cross-site request forgery (GHSA-h5cw-625j-3rxh)
A vulnerability, which was classified as problematic, was found in remix-run react-router. This impacts an unknown function of the component
CVE-2026-22610 | Angular up to 19.2.17/20.3.15/21.0.6 cross site scripting (GHSA-jrmj-c5cx-3cw6)
A vulnerability has been found in Angular up to 19.2.17/20.3.15/21.0.6 and classified as problematic. Affected is an unknown function. The
CVE-2025-61674 | October CMS up to 3.7.12/4.0.11 cross site scripting (GHSA-gxxc-m74c-f48x)
A vulnerability was found in October CMS up to 3.7.12/4.0.11 and classified as problematic. Affected by this vulnerability is an
CVE-2025-61676 | October CMS up to 3.7.12/4.0.11 Customize Backend Styles cross site scripting (GHSA-wvpq-h33f-8rp6)
A vulnerability was found in October CMS up to 3.7.12/4.0.11. It has been classified as problematic. Affected by this issue
CVE-2025-14506 | ConvertForce Popup Builder Plugin up to 0.0.7 on WordPress Gutenberg Block entrance_animation cross site scripting
A vulnerability was found in ConvertForce Popup Builder Plugin up to 0.0.7 on WordPress. It has been declared as problematic.
CVE-2025-14555 | Countdown Timer Plugin up to 2.7.7 on WordPress Shortcode wpdevart_countdown cross site scripting
A vulnerability was found in Countdown Timer Plugin up to 2.7.7 on WordPress. It has been rated as problematic. This
CVE-2025-12379 | Shortcodes and Extra Features for Phlox Theme Plugin Modern Heading Widget cross site scripting
A vulnerability categorized as problematic has been discovered in Shortcodes and Extra Features for Phlox Theme Plugin up to 2.17.13
CVE-2025-13393 | Featured Image from URL FIFU Plugin up to 5.3.1 on WordPress getimagesize fifu_input_url server-side request forgery
A vulnerability identified as critical has been detected in Featured Image from URL FIFU Plugin up to 5.3.1 on WordPress.
CVE-2025-15505 | Luxul XWR-600 up to 4.0.1 Web Administration Interface Guest Network/Wireless Profile SSID cross site scripting
A vulnerability labeled as problematic has been found in Luxul XWR-600 up to 4.0.1. The affected element is an unknown
CVE-2026-0836 | UTT 进取 520W 1.7.7-180627 formConfigFastDirectionW strcpy ssid buffer overflow
A vulnerability marked as critical has been reported in UTT 进取 520W 1.7.7-180627. The impacted element is the function strcpy
CVE-2026-0837 | UTT 进取 520W 1.7.7-180627 /goform/formFireWall strcpy GroupName buffer overflow
A vulnerability described as critical has been identified in UTT 进取 520W 1.7.7-180627. This affects the function strcpy of the
CVE-2026-0838 | UTT 进取 520W 1.7.7-180627 ConfigWirelessBase strcpy ssid buffer overflow
A vulnerability classified as critical has been found in UTT 进取 520W 1.7.7-180627. This impacts the function strcpy of the
CVE-2026-0839 | UTT 进取 520W 1.7.7-180627 /goform/APSecurity strcpy wepkey1 buffer overflow
A vulnerability classified as critical was found in UTT 进取 520W 1.7.7-180627. Affected is the function strcpy of the file
CVE-2026-0840 | UTT 进取 520W 1.7.7-180627 formConfigNoticeConfig strcpy timestart buffer overflow
A vulnerability, which was classified as critical, has been found in UTT 进取 520W 1.7.7-180627. Affected by this vulnerability is
CVE-2026-0841 | UTT 进取 520W 1.7.7-180627 /goform/formPictureUrl strcpy importpictureurl buffer overflow
A vulnerability, which was classified as critical, was found in UTT 进取 520W 1.7.7-180627. Affected by this issue is the
CVE-2026-0842 | Flycatcher Toys smART Sketcher up to 2.0 Bluetooth Low Energy Interface missing authentication
A vulnerability has been found in Flycatcher Toys smART Sketcher up to 2.0 and classified as critical. This affects an
CVE-2026-0843 | jiujiujia/victor123/wxw850227 jjjfood/jjjshop_food up to 20260103 index latitude sql injection
A vulnerability was found in jiujiujia/victor123/wxw850227 jjjfood and jjjshop_food up to 20260103 and classified as critical. This vulnerability affects unknown
Debian: Chromium Critical Arbitrary Code Execution DSA-6097-1
A security issue was discovered in Chromium which could result in the execution of arbitrary code, denial of service, or
Fedora 42: Critical Remote Code Exec Flaw in MariaDB 10.11.15 Found
MariaDB 10.11.15 Release notes: https://mariadb.com/docs/release-notes/community- server/10.11/10.11.15LinuxSecurity – Security AdvisoriesRead More
Fedora 42: wget2 Critical Memory Crash Advisory 2026-28b0f7bd35
New version 2.2.1LinuxSecurity – Security AdvisoriesRead More
Fedora 42: Critical Buffer Overflow and Heap Vulnerabilities in libpng
fixes several security issuesLinuxSecurity – Security AdvisoriesRead More
Fedora 43: python-urllib3 High Threat HTTP Redirect Issue CVE-2026-21441
2.6.3 (2026-01-07) Fixed a high-severity security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were
Fedora 43: mariadb10.11 Important Remote Code Execution 2026-39e035a84c
MariaDB 10.11.15 Release notes: https://mariadb.com/docs/release-notes/community- server/10.11/10.11.15LinuxSecurity – Security AdvisoriesRead More
CVE-2026-22690 | py-pdf pypdf up to 6.5.x Root Object Size resource consumption (GHSA-4xc4-762w-m6cg)
A vulnerability categorized as problematic has been discovered in py-pdf pypdf up to 6.5.x. This vulnerability affects unknown code of
CVE-2026-22607 | trailofbits fickling up to 0.1.6 cProfile cProfile.run incomplete blacklist (GHSA-p523-jq9w-64×9)
A vulnerability identified as critical has been detected in trailofbits fickling up to 0.1.6. This issue affects the function cProfile.run
CVE-2026-22608 | trailofbits fickling up to 0.1.6 ctypes/pydoc incomplete blacklist (GHSA-5hvc-6wx8-mvv4)
A vulnerability labeled as critical has been found in trailofbits fickling up to 0.1.6. Impacted is an unknown function of
CVE-2026-22609 | trailofbits fickling up to 0.1.6 unsafe_imports incomplete blacklist (GHSA-q5qq-mvfm-j35x)
A vulnerability marked as critical has been reported in trailofbits fickling up to 0.1.6. The affected element is the function
CVE-2026-22589 | Spree up to 4.10.1/5.0.6/5.1.8/5.2.4 authorization (GHSA-3ghg-3787-w2xr)
A vulnerability described as problematic has been identified in Spree up to 4.10.1/5.0.6/5.1.8/5.2.4. The impacted element is an unknown function.
CVE-2026-22691 | py-pdf pypdf up to 6.5.x PDF File Parser redos (GHSA-4f6g-68pf-7vhv)
A vulnerability classified as problematic has been found in py-pdf pypdf up to 6.5.x. This affects an unknown function of
CVE-2026-22612 | trailofbits fickling up to 0.1.6 deserialization (GHSA-h4rm-mm56-xf63)
A vulnerability classified as critical was found in trailofbits fickling up to 0.1.6. This impacts an unknown function. Such manipulation
CVE-2026-22702 | pypa virtualenv up to 20.36.0 app_data/lock link following (GHSA-597g-3phw-6986)
A vulnerability, which was classified as critical, has been found in pypa virtualenv up to 20.36.0. Affected is the function
CVE-2026-22701 | tox-dev filelock up to 3.20.2 on Python File Creation _acquire link following (GHSA-qmgc-5h2g-mvrw)
A vulnerability, which was classified as critical, was found in tox-dev filelock up to 3.20.2 on Python. Affected by this
CVE-2026-22697 | NASA CryptoLib up to 1.4.2 Link Security Protocol len_data_out heap-based overflow (GHSA-qjx3-83jh-2jc4)
A vulnerability has been found in NASA CryptoLib up to 1.4.2 and classified as critical. Affected by this issue is
CVE-2026-22603 | opf openproject up to 16.6.1 /account/change_password excessive authentication (GHSA-93×5-prx9-x239)
A vulnerability was found in opf openproject up to 16.6.1 and classified as problematic. This affects an unknown part of
CVE-2026-22700 | RustCrypto elliptic-curves 0.14.0-pre.0/0.14.0-rc.0 decrypt denial of service (GHSA-j9xq-69pf-pcm8)
A vulnerability was found in RustCrypto elliptic-curves 0.14.0-pre.0/0.14.0-rc.0. It has been classified as problematic. This vulnerability affects the function decrypt.
CVE-2026-22704 | HAX CMS up to 24.x cross site scripting (GHSA-3fm2-xfq7-7778)
A vulnerability was found in HAX CMS up to 24.x. It has been declared as problematic. This issue affects some
CVE-2026-22026 | NASA CryptoLib up to 1.4.2 Link Security Protocol write_callback memory allocation (GHSA-w9cm-q69w-34×7)
A vulnerability was found in NASA CryptoLib up to 1.4.2. It has been rated as problematic. Impacted is the function
SUSE: libheif Moderate Heap Buffer Over-Read Fix CVE-2025-68431
An update that solves one vulnerability can now be installed.LinuxSecurity – Security AdvisoriesRead More
SUSE: Kernel Important Security Update 2026:20015-1 CVE-2025-40131
An update that solves 100 vulnerabilities, contains five features and has 19 fixes can now be installed.LinuxSecurity – Security AdvisoriesRead
SUSE Linux 16.0 fontforge Low Risk Memory Leak Fix 2026:20016-1
An update that solves one vulnerability can now be installed.LinuxSecurity – Security AdvisoriesRead More
SUSE: libjpeg62 Critical Buffer Overflow Vulnerability 2026:0120-1
An update that solves one vulnerability can now be installed.LinuxSecurity – Security AdvisoriesRead More
SUSE Advisory 2026:0086-1 for Moderate Heap Overflow in php8 CVE-2025-14177
An update that solves three vulnerabilities can now be installed.LinuxSecurity – Security AdvisoriesRead More
openSUSE: Chromium Important Insufficient Policy Enforcement CVE-2026-0628
An update that fixes one vulnerability is now available.LinuxSecurity – Security AdvisoriesRead More
openSUSE: gdk-pixbuf-loader-webp Moderate Risk CVE-2025-76432
An update that solves one vulnerability can now be installed.LinuxSecurity – Security AdvisoriesRead More
Fedora 43: python3.12 Important Denial of Service Fix CVE-2025-12084
Security fix for CVE-2025-12084 Require at least the same expat version as used during the build timeLinuxSecurity – Security AdvisoriesRead
openSUSE: patch Moderate Upgrade addressing 5 Security Flaws 2026:20018-2
An update that solves 5 vulnerabilities can now be installed.LinuxSecurity – Security AdvisoriesRead More
openSUSE: traefik Moderate Security Advisory for 2026:10020-1
An update that solves 2 vulnerabilities can now be installed.LinuxSecurity – Security AdvisoriesRead More
openSUSE: GIMP Moderate Security Patch 2026:10018-1 CVE-2025-15059
An update that solves one vulnerability can now be installed.LinuxSecurity – Security AdvisoriesRead More
openSUSE Tumbleweed: ChromeDriver Moderate Security Fix CVE-2026-0628
An update that solves one vulnerability can now be installed.LinuxSecurity – Security AdvisoriesRead More
CVE-2025-51626 | pss.sale.com 1.0 cancel_order.php ID sql injection
A vulnerability was found in pss.sale.com 1.0 and classified as critical. The impacted element is an unknown function of the
CVE-2025-67810 | Area9 Rhapsode up to 1.47.3 POST Request operation/url/filename information disclosure
A vulnerability was found in Area9 Rhapsode up to 1.47.3. It has been classified as problematic. This affects an unknown
CVE-2025-67811 | Area9 Rhapsode up to 1.47.3 API Endpoint sql injection
A vulnerability was found in Area9 Rhapsode up to 1.47.3. It has been declared as critical. This impacts an unknown
CVE-2025-46299 | Apple tvOS/Safari/iOS/iPadOS/visionOS/macOS/watchOS up to 26.1 Web initialization
A vulnerability was found in Apple tvOS, Safari, iOS, iPadOS, visionOS, macOS and watchOS up to 26.1. It has been
CVE-2026-0830 | Amazon AWS Kiro IDE up to 0.6.17 Workspace Folder Name os command injection
A vulnerability categorized as critical has been discovered in Amazon AWS Kiro IDE up to 0.6.17. Affected by this vulnerability
CVE-2025-46286 | Apple iOS/iPadOS up to 26.1 Backup Restore improper authentication
A vulnerability identified as critical has been detected in Apple iOS and iPadOS up to 26.1. Affected by this issue
CVE-2025-46298 | Apple tvOS/Safari/iOS/iPadOS/visionOS/macOS/watchOS up to 26.1 Web memory corruption
A vulnerability labeled as critical has been found in Apple tvOS, Safari, iOS, iPadOS, visionOS, macOS and watchOS up to
CVE-2025-62487 | Palantir com.palantir.acme:gotham-default-apps-bundle prior 100.30251002.0 authorization
A vulnerability marked as problematic has been reported in Palantir com.palantir.acme:gotham-default-apps-bundle, com.palantir.acme:stencil-app-bundle and com.palantir.acme:dossier-app. This vulnerability affects unknown code. Performing
CVE-2025-60538 | shiori up to 1.7.4 excessive authentication (ID 1138)
A vulnerability described as problematic has been identified in shiori up to 1.7.4. This issue affects some unknown processing. Executing
CVE-2025-66715 | ODISSAAS ODIS 1.8.4 uncontrolled search path
A vulnerability classified as problematic has been found in ODISSAAS ODIS 1.8.4. Impacted is an unknown function. The manipulation leads
CVE-2025-46297 | Apple macOS up to 26.1 App Sandbox Container permission
A vulnerability classified as critical was found in Apple macOS up to 26.1. The affected element is an unknown function
CVE-2025-14943 | Blog2Social Plugin up to 8.7.2 on WordPress getShipItemFullText information disclosure
A vulnerability, which was classified as problematic, has been found in Blog2Social Plugin up to 8.7.2 on WordPress. The impacted
CVE-2025-14948 | miniOrange OTP Verification and SMS Notification for WooCommerce Plugin Setting enable_wc_sms_notification authorization
A vulnerability, which was classified as problematic, was found in miniOrange OTP Verification and SMS Notification for WooCommerce Plugin up
CVE-2026-0831 | Templately Plugin up to 3.4.8 on WordPress JSON File save_template_to_file session_id/content_id/ai_page_ids improper authentication
A vulnerability has been found in Templately Plugin up to 3.4.8 on WordPress and classified as critical. This impacts the
CVE-2025-14976 | User Registration & Membership Plugin up to 4.4.8 on WordPress Post process_row_actions cross-site request forgery
A vulnerability was found in User Registration & Membership Plugin up to 4.4.8 on WordPress and classified as problematic. Affected
CVE-2026-22606 | trailofbits fickling 0.1.6 run_path/runpy.run_module deserialization
A vulnerability was found in trailofbits fickling 0.1.6. It has been classified as critical. Affected by this vulnerability is the
CVE-2025-15504 | lief-project LIEF up to 0.17.1 ELF Binary Parser src/ELF/Parser.tcc Parser::parse_binary null pointer dereference (Issue 1277)
A vulnerability was found in lief-project LIEF up to 0.17.1. It has been declared as problematic. Affected by this issue
CVE-2026-22584 | Salesforce Uni2TS up to 1.2.0 Executable File code injection
A vulnerability was found in Salesforce Uni2TS up to 1.2.0. It has been rated as critical. This affects an unknown
CVE-2025-15035 | TP-Link Archer AXE75 up to 1.6 Build 20250107 VPN Module denial of service (PANW-2025-0004)
A vulnerability categorized as problematic has been discovered in TP-Link Archer AXE75 up to 1.6 Build 20250107. This affects an
CVE-2025-66744 | Yonyou YonBIP up to v3 LoginWithV8 Interface path traversal
A vulnerability identified as critical has been detected in Yonyou YonBIP up to v3. This impacts an unknown function of
CVE-2026-0773 | Upsonic Cloudpickle deserialization
A vulnerability labeled as very critical has been found in Upsonic. Affected is an unknown function of the component Cloudpickle.
CVE-2026-0774 | WatchYourLAN Configuration Page argument injection
A vulnerability marked as critical has been reported in WatchYourLAN. Affected by this vulnerability is an unknown functionality of the
CVE-2026-0776 | Discord uncontrolled search path
A vulnerability described as problematic has been identified in Discord. Affected by this issue is some unknown functionality. Such manipulation
CVE-2026-0778 | Enel X JuiceBox 40 Telnet Service missing authentication
A vulnerability classified as critical has been found in Enel X JuiceBox 40. This affects an unknown part of the
CVE-2026-0821 | quickjs-ng quickjs up to 0.11.0 quickjs.c js_typed_array_constructor heap-based overflow (Issue 1296)
A vulnerability classified as critical was found in quickjs-ng quickjs up to 0.11.0. This vulnerability affects the function js_typed_array_constructor of
CVE-2026-0822 | quickjs-ng quickjs up to 0.11.0 quickjs.c js_typed_array_sort heap-based overflow (Issue 1297)
A vulnerability, which was classified as critical, has been found in quickjs-ng quickjs up to 0.11.0. This issue affects the
CVE-2026-0824 | questdb ui up to 1.11.9 Web Console cross site scripting
A vulnerability, which was classified as problematic, was found in questdb ui up to 1.11.9. Impacted is an unknown function
CVE-2025-67070 | Intelbras CFTV IP NVD 9032 R Ftd 2.800.00IB00C.0.T Multi-Factor Authentication improper authorization
A vulnerability has been found in Intelbras CFTV IP NVD 9032 R Ftd 2.800.00IB00C.0.T and classified as critical. The affected
CVE-2026-22196 | GestSup up to 3.2.56 Ticket Creation sql injection
A vulnerability classified as critical was found in GestSup up to 3.2.56. This affects an unknown part of the component
CVE-2026-22197 | GestSup up to 3.2.56 Request Parameter sql injection
A vulnerability, which was classified as critical, has been found in GestSup up to 3.2.56. This vulnerability affects unknown code
CVE-2025-69426 | RUCKUS vRIoT IOT Controller up to 2.x SSH Service permission assignment
A vulnerability, which was classified as very critical, was found in RUCKUS vRIoT IOT Controller up to 2.x. This issue
CVE-2026-22194 | GestSup up to 3.2.56 Administrative User Creation Endpoint cross-site request forgery
A vulnerability has been found in GestSup up to 3.2.56 and classified as problematic. Impacted is an unknown function of
CVE-2025-13457 | WooCommerce Square Plugin up to 5.1.1 on WordPress get_token_by_id resource injection
A vulnerability was found in WooCommerce Square Plugin up to 5.1.1 on WordPress and classified as problematic. The affected element
CVE-2026-0779 | ALGO 8180 IP Audio Alerter Ping command injection
A vulnerability was found in ALGO 8180 IP Audio Alerter. It has been classified as critical. The impacted element is
CVE-2026-0780 | ALGO 8180 IP Audio Alerter Web UI command injection
A vulnerability was found in ALGO 8180 IP Audio Alerter. It has been declared as critical. This affects an unknown
CVE-2026-0781 | ALGO 8180 IP Audio Alerter Web UI command injection
A vulnerability was found in ALGO 8180 IP Audio Alerter. It has been rated as critical. This impacts an unknown
CVE-2026-0782 | ALGO 8180 IP Audio Alerter Web UI command injection
A vulnerability categorized as critical has been discovered in ALGO 8180 IP Audio Alerter. Affected is an unknown function of
CVE-2026-0783 | ALGO 8180 IP Audio Alerter Web UI command injection
A vulnerability identified as critical has been detected in ALGO 8180 IP Audio Alerter. Affected by this vulnerability is an
CVE-2026-0784 | ALGO 8180 IP Audio Alerter Web UI command injection
A vulnerability labeled as critical has been found in ALGO 8180 IP Audio Alerter. Affected by this issue is some
CVE-2026-0785 | ALGO 8180 IP Audio Alerter API command injection
A vulnerability marked as critical has been reported in ALGO 8180 IP Audio Alerter. This affects an unknown part of
CVE-2026-0786 | ALGO 8180 IP Audio Alerter SCI command injection
A vulnerability described as critical has been identified in ALGO 8180 IP Audio Alerter. This vulnerability affects unknown code of
CVE-2026-0787 | ALGO 8180 IP Audio Alerter SAC command injection
A vulnerability classified as critical has been found in ALGO 8180 IP Audio Alerter. This issue affects some unknown processing