CVE-2026-39405

The vulnerability CVE-2026-39405 affects Frappe LMS. In versions 2.50.0 and earlier, a user with a course editing role could upload a SCORM ZIP package that allowed writing files outside the intended directory, constituting a path traversal risk. The issue has been fixed in version 2.50.1. The av...

EUVD-2026-31177

Frappe Learning Management System LMS is a learning system that helps users structure their content. In versions 2.50.0 and below, a user with course editing role could upload a SCORM ZIP package to write files outside the intended directory. This issue has been resolved in version 2.50.1...

io.quarkiverse.artemis:quarkus-test-artemis (>=3.12.0 <=3.12.1.CR1), org.apache.artemis:apache-artemis (>=2.50.0 <=2.51.0) +26 more potentially affected by CVE-2026-27446 via org.apache.artemis:artemis-server (>=2.50.0 <=2.51.0)

org.apache.artemis:artemis-server MAVEN version =2.50.0, =3.12.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.50.0, =2.51.0 and more Source cves: CVE-2026-27446 Source advisory: SNYK:JAVA-ORGAPACHEARTEMIS-15423959...

CVE-2026-27446

Missing Authentication for Critical Function CWE-306 vulnerability in Apache Artemis, Apache ActiveMQ Artemis. An unauthenticated remote attacker can use the Core protocol to force a target broker to establish an outbound Core federation connection to an attacker-controlled rogue broker. This cou...

Fedora: Security Advisory (FEDORA-2025-793513dcf7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

webkit2gtk3 security update

2.50.1-1 - Update to 2.50.1 2.50.0-1 - Update to 2.50.0...

Oracle Linux 8 : webkit2gtk3 (ELSA-2025-17802)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-17802 advisory. 2.50.0-1 - Update to 2.50.0 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus h...

EUVD-2024-1144

Malicious code in bioql PyPI...

Fedora 42 : webkitgtk (2025-fcc043d407)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-fcc043d407 advisory. Update to 2.50.0: Improved rendering performance by recording each layer once and replaying every dirty region in different worker threads. Enable...

OESA-2025-1849 git security update

Security Fixes: A vulnerability was found in Microsoft Visual Studio Programming Tool Software affected version not known. It has been classified as problematic.This is going to have an impact on confidentiality, integrity, and availability.Applying a patch is able to eliminate this problem. A...

PT-2024-35092 · Fides · Fides

Name of the Vulnerable Software and Affected Versions: Fides versions prior to 2.50.0 Description: The user invite acceptance API endpoint /api/v1/user/accept-invite lacks server-side password policy enforcement, allowing users to set arbitrarily weak passwords by bypassing client-side validation...

CVE-2024-32868

ZITADEL provides users the possibility to use Time-based One-Time-Password TOTP and One-Time-Password OTP through SMS and Email. While ZITADEL already gives administrators the option to define a Lockout Policy with a maximum amount of failed password check attempts, there was no such mechanism fo...

CVE-2024-32868 ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass

ZITADEL provides users the possibility to use Time-based One-Time-Password TOTP and One-Time-Password OTP through SMS and Email. While ZITADEL already gives administrators the option to define a Lockout Policy with a maximum amount of failed password check attempts, there was no such mechanism fo...

CVE-2024-32868 ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass

ZITADEL provides users the possibility to use Time-based One-Time-Password TOTP and One-Time-Password OTP through SMS and Email. While ZITADEL already gives administrators the option to define a Lockout Policy with a maximum amount of failed password check attempts, there was no such mechanism fo...

Cross site request forgery (csrf)

Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery CSRF vulnerability has been identified in the application, which allows an attacker to obtain tokens and forge malicious requests on behalf of a user. This can lead to unauthorized actions being taken on the...