EUVD-2026-34016

Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in elixir-tesla tesla allows HTTP header injection via Tesla.Multipart.addcontenttypeparam/2. Tesla.Multipart.addcontenttypeparam/2 appends caller-supplied strings to the multipart...

EUVD-2026-34014

Improper Handling of Case Sensitivity vulnerability in elixir-tesla tesla allows credential leakage to a third-party origin on cross-origin redirects. Tesla.Middleware.FollowRedirects strips security-sensitive headers on cross-origin redirects using a case-sensitive string comparison against a...

CVE-2026-45626

Summary: CVE-2026-45626 (Arcane) enables OS command injection via the volume browser’s path parameter. Affected: Arcane’s browse API (GET /environments/{id}/volumes/{volumeName}/browse) in 1.18.1 and earlier. Root cause: the path sanitiser only blocks ../ traversal and does not strip Bourne-shell...

CVE-2026-8468 Unbounded buffer accumulation in multipart header parsing causes denial of service in plug

Allocation of Resources Without Limits or Throttling vulnerability in plugproject plug allows denial of service via unbounded buffer accumulation in multipart header parsing. 'Elixir.Plug.Conn':readpartheaders/2 in lib/plug/conn.ex does not obey its :length parameter. There is no upper bound on t...

CLEANSTART-2026-SQ68600 Security fixes for CVE-2023-45288, CVE-2024-24786, CVE-2024-45338, CVE-2025-22868, CVE-2025-22869, CVE-2025-22872, CVE-2025-47911, CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-58190, CVE-2025-65637, ghsa-4f99-4q7p-p3gh, ghsa-4v7x-pqxf-cx7m, ghsa-6v2p-p543-phr9, ghsa-8r3f-844c-mc37, ghsa-f6x5-jh6r-wrfv, ghsa-hcg3-q754-cr77, ghsa-j5w8-q4qc-rx2x, ghsa-qxp5-gwg8-xv66, ghsa-v778-237x-gjrc, ghsa-vvgc-356p-c3xw applied in versions: 1.18.2-r0

Multiple security vulnerabilities affect the kube-fluentd-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2026-26895

User enumeration vulnerability in /pwreset.php in osTicket v1.18.2 allows remote attackers to enumerate valid usernames registered in the platform...

EUVD-2026-18366

User enumeration vulnerability in /pwreset.php in osTicket v1.18.2 allows remote attackers to enumerate valid usernames registered in the platform...

CVE-2026-26895

User enumeration vulnerability in /pwreset.php in osTicket v1.18.2 allows remote attackers to enumerate valid usernames registered in the platform...

CVE-2026-26895

The CVE describes a user enumeration vulnerability in osTicket 1.18.2 exposed via /pwreset.php, allowing remote attackers to determine valid usernames registered on the platform. The connected records confirm the affected product/version and the relevant endpoint, but do not provide exploitation ...

osTicket 安全漏洞

osTicket is a widely used and trusted open-source support ticket system by the osTicket company. Version 1.18.2 of osTicket contains a security vulnerability. This vulnerability stems from a user enumeration issue in the pwreset.php file, which could allow remote attackers to enumerate valid...

PT-2026-29802

User enumeration vulnerability in /pwreset.php in osTicket v1.18.2 allows remote attackers to enumerate valid usernames registered in the platform...

Advisory ROSA-SA-2026-3173

Software: libtomcrypt 1.18.2 OS: ROSA Virtualization 3.0 unaffected versions = libtomcrypt-1.18.2-5.0.1.rv30 affected versions libtomcrypt-1.18.2-5.0.1.rv30 CVE-ID: CVE-2019-17362 BDU-ID: 2025-16070 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the derdecodeutf8string function of the...

MiracleLinux 8 : krb5-1.18.2-31.el8_10 (AXSA:2025-9772:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9772:02 advisory. Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over th...

CVE-2026-22200

Enhancesoft osTicket versions 1.18.x prior to 1.18.3 and 1.17.x prior to 1.17.7 contain an arbitrary file read vulnerability in the ticket PDF export functionality. A remote attacker can submit a ticket containing crafted rich-text HTML that includes PHP filter expressions which are insufficientl...

CVE-2026-22200 osTicket (1.18.x < 1.18.3, 1.17.x < 1.17.7) PDF Export Arbitrary File Read

Enhancesoft osTicket versions 1.18.x prior to 1.18.3 and 1.17.x prior to 1.17.7 contain an arbitrary file read vulnerability in the ticket PDF export functionality. A remote attacker can submit a ticket containing crafted rich-text HTML that includes PHP filter expressions which are insufficientl...

Enhancesoft osTicket 注入漏洞

Enhancesoft osTicket is an open source ticketing system from Enhancesoft, Inc. in the United States. An injection vulnerability exists in Enhancesoft osTicket 1.18.2 and earlier versions, which stems from the presence of arbitrary file reads in the ticket PDF export function, which could lead to ...

PT-2026-2291

Name of the Vulnerable Software and Affected Versions osTicket versions 1.17.x prior to 1.17.7 and 1.18.x prior to 1.18.3 Description osTicket versions 1.17.x prior to 1.17.7 and 1.18.x prior to 1.18.3 contain an arbitrary file read issue in the ticket PDF export functionality. An attacker can...

WordPress Custom Post Type UI plugin <= 1.18.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'label' Import Parameter vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'label' Import Parameter vulnerability discovered by type5afe in WordPress Plugin Custom Post Type UI versions = 1.18.1...

EUVD-2025-19347

Malicious code in bioql PyPI...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : cairo (SUSE-SU-2025:03449-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:03449-1 advisory. - CVE-2025-50422: Fixed Poppler crash on malformed input bsc1247589 - Update to version 1.18.4: - The...