EUVD-2026-35147

In the Linux kernel, the following vulnerability has been resolved: iio: frequency: admv1013: fix NULL pointer dereference on str When devicepropertyreadstring fails, str is left uninitialized but the code falls through to strcmpstr, ..., dereferencing a garbage pointer. Replace manual read/strcm...

EUVD-2026-35090

A path handling issue in moddavfs in Apache 2.4.67 and earlier allows a WebDAV content author to directly manipulate trusted DAV property databases, potentially causing child process crashes. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

CVE-2026-46282

CVE-2026-46282 affects the Linux kernel IIO: frequency driver for admv1013. The root cause was a NULL/garbage pointer dereference when device_property_read_string() fails, leading to a dereference in strcmp. The fix consolidates the SE mode enums into a single sequential enum and replaces the man...

CVE-2026-46282

In the Linux kernel, the following vulnerability has been resolved: iio: frequency: admv1013: fix NULL pointer dereference on str When devicepropertyreadstring fails, str is left uninitialized but the code falls through to strcmpstr, ..., dereferencing a garbage pointer. Replace manual read/strcm...

Security Bulletin: IBM SPSS Modeler is affected by Improper Access Control vulnerability in Apache Commons

Summary IBM SPSS Modeler is affected by Improper Access Control vulnerability in Apache Commons. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class wa...

CVE-2026-42535

A path handling issue in moddavfs in Apache 2.4.67 and earlier allows a WebDAV content author to directly manipulate trusted DAV property databases, potentially causing child process crashes. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

CVE-2026-46282

In the Linux kernel, the following vulnerability has been resolved: iio: frequency: admv1013: fix NULL pointer dereference on str When devicepropertyreadstring fails, str is left uninitialized but the code falls through to strcmpstr, ..., dereferencing a garbage pointer. Replace manual read/strcm...

CVE-2026-42535

A path handling issue in moddavfs in Apache 2.4.67 and earlier allows a WebDAV content author to directly manipulate trusted DAV property databases, potentially causing child process crashes. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

Joomla! Component Property - Local File Inclusion

A directory traversal vulnerability in the Real Estate Property comproperties component 3.1.22-03 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1875 info: name: Joomla...

PT-2026-47319

A path handling issue in mod dav fs in Apache 2.4.67 and earlier allows a WebDAV content author to directly manipulate trusted DAV property databases, potentially causing child process crashes. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

PT-2026-47354

In the Linux kernel, the following vulnerability has been resolved: iio: frequency: admv1013: fix NULL pointer dereference on str When device property read string fails, str is left uninitialized but the code falls through to strcmpstr, ..., dereferencing a garbage pointer. Replace manual...

Fedora 44 : libinput (2026-5e2446b30f)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-5e2446b30f advisory. libinput 1.31.3, fixes a udev property inject via uinput devices that can lead to local privilege escalation Tenable has extracted the preceding description...

CVE-2026-46721

The create and edit flows do not restrict which user properties may be submitted and do not enforce access control on the frontend user group assignment. As a result, an attacker can assign an arbitrary frontend user group to a newly registered or edited account, gaining unauthorized access to...

CVE-2026-39412

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.4, the sortnatural filter bypasses the ownPropertyOnly security option, allowing template authors to extract values of prototype-inherited properties through a sorting side-channel attack...

CVE-2026-34311

Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications component: Opera. Supported versions that are affected are 5.6.19.24, 5.6.22, 5.6.25.19, 5.6.27.6 and 5.6.28. Easily exploitable vulnerability allows unauthenticated attacker with network...

CVE-2026-41502

BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, an off-by-one out-of-bounds read vulnerability in bacnet-stack's ReadPropertyMultiple service decoder allows unauthenticated remote attackers to read one byte past an allocated buffer boundary by...

CVE-2026-42762

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows DOM-Based XSS.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through = 1.8.9...

CVE-2026-42683

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS allows DOM-Based XSS. This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.8.8...

CVE-2026-42729

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Property Hive PropertyHive propertyhive allows DOM-Based XSS.This issue affects PropertyHive: from n/a through = 2.2.2...

CVE-2026-39326

ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /PropertyTypeEditor.php in ChurchCRM. Authenticated users with the role isMenuOptionsEnabled can inject arbitrary SQL statements through the Name and Description paramete...