GitLab CE/EE - Information Disclosure

GitLab CE/EE is susceptible to information disclosure. An attacker can access runner registration tokens using quick actions commands, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. Affected versions are from 12.10 before 14.6.5,...

Citrix ADC and Citrix NetScaler Gateway - Remote Code Injection

Citrix ADC and NetScaler Gateway are susceptible to remote code injection. An attacker can potentially execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. Affected versions are before 13.0-58.30,...

LiteSpeed Cache <= 5.7 - Unauthenticated Stored XSS

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache- from n/a through 5.7. id: CVE-2023-40000 info: name: LiteSpeed Cache = 5.7 - Unauthenticated Stored XSS...

CVE-2026-10643

Zephyr CVE-2026-10643 affects the IP socket recvmsg() ancillary-data path (insert_pktinfo in subsys/net/lib/sockets/sockets_inet.c). A check only compared msg_controllen to pktinfo_len, omitting the cmsg header size, allowing an under-checked window (e.g., 16–27 bytes for IPv4 IP_PKTINFO on a 64‑...

EUVD-2026-31694

Hackney has unbounded buffer accumulation in WebSocket...

EUVD-2026-31685

Hackney: ssl:connect/2 post-handshake upgrade has no timeout...

CVE-2026-47692

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, PROXY Protocol v2 header generator emits TLVs beyond the maximum length of 65535 bytes, causing a mismatch between bytes written and the length field in th...

CVE-2026-47692

Envoy vulnerability CVE-2026-47692: PROXY Protocol v2 header generator can emit TLVs beyond the maximum 65535-byte length, causing a mismatch between bytes written and the length field and potentially smuggling bytes upstream. Affected versions: 1.34.0 through 1.35.13, 1.36.9, 1.37.5, and 1.38.3....

CVE-2026-47207

CVE-2026-47207 : Envoy crashes when an ext_proc server sends a single gRPC message containing multiple ProcessingResponse messages, leading to a use-after-free during processing of subsequent responses. Affected: Envoy versions 1.34.0 through 1.35.12 (as 1.35.13 fixes the issue) and 1.36.0–1.36.8...

CVE-2026-48044 Envoy Zstd Decompressor: Ratio Check at Wrong Loop Depth lead to memory explosion

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.23.0 until 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability has been identified in Envoy's zstd decompressor implementation ZstdDecompressorImpl. When zstd decompression is enabled, processing a...

EUVD-2026-39808

Podman is a tool for managing OCI containers and pods. From 3.0.0 until 5.7.1, running a malicious container image where the WORKDIR path contains a symlink can create a directory or modify ownership on the host filesystem. Modified ownership is less likely to happen as that requires help from an...

EUVD-2025-210349

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 2.0.0 before 2.0.6, from 1.0.0 before 1.3.6. Users are recommended to upgrade to version 1.3.6 and 2.0.6, which fixes the issue...

CVE-2026-57661 WordPress WPComplete plugin <= 2.9.5.5 - Broken Access Control vulnerability

Subscriber Broken Access Control in WPComplete = 2.9.5.5 versions...

EUVD-2026-39752

Contributor SQL Injection in wpForo Forum = 3.0.9 versions...

CVE-2026-3472 Markdown image rendering bypass in AI bot tool result posts in Mattermost

Mattermost versions 10.11.x = 10.11.18, 11.6.x = 11.6.3, 11.5.x = 11.5.6 fail to properly apply markdown image rendering restrictions to AI bot tool result posts, which allows an authenticated attacker to exfiltrate data to an attacker-controlled server via injecting markdown image syntax into to...

CVE-2025-64152

CVE-2025-64152 describes a Path Traversal vulnerability in Apache IoTDB. Affected versions are IoTDB 1.0.0 up to but not including 1.3.6, and 2.0.0 up to but not including 2.0.7. The issue arises from improper limitation of a pathname to a restricted directory. Remediation recommended by the sour...

Security Bulletin: Multiple Vulnerabilities in WebSphere Application Server Liberty affect IBM Cloud Pak System [CVE-2024-56339. CVE-2023-50314]

Summary Vulnerabilities in IBM WebSphere Application Server Liberty affect IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-56339 DESCRIPTION: IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 could allow a remote attacker to bypass...

CVE-2026-48930

A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

CVE-2026-48935

A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. --allow-fs-read. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

EUVD-2025-210341

Flowise before 3.0.10 affected versions 3.0.7 and earlier fails to invalidate existing sessions and session tokens after a user changes their password. An attacker who already holds an active session, for example via a stolen session token or a device left logged in, remains authenticated as the...