Leantime < 2.4 - Authenticated SQL Injection

Leantime is an open source project management system. A 'userId' variable in app/domain/files/repositories/class.files.php is not parameterized. An authenticated attacker can send a carefully crafted POST request to /api/jsonrpc to exploit an SQL injection vulnerability. Confidentiality is impact...

CVE-2026-8466 affecting package rabbitmq-server for versions less than 3.13.7-4

CVE-2026-8466 affecting package rabbitmq-server for versions less than 3.13.7-4. A patched version of the package is available...

PT-2026-45816

A privilege escalation vulnerability exists in PlayStation 4 firmware versions 13.00 through 13.02. The BD-J Blu-ray Disc Java sandbox can be escaped through a malformed JAR file...

TencentOS Server 4: kernel (TSSA-2026:0409)

"The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0409 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilitie...

PT-2026-45963

These are all security issues fixed in the ffmpeg-4-4.4.7-3.1 package on the GA media of openSUSE Tumbleweed...

pgAdmin 4 - Authentication Bypass

pgAdmin 4 versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data. id: CVE-2024-9014 info: name: pgAdmin 4 - Authentication Bypass author...

CVE-2026-39821 affecting package prometheus-node-exporter for versions less than 1.7.0-4

CVE-2026-39821 affecting package prometheus-node-exporter for versions less than 1.7.0-4. A patched version of the package is available...

CVE-2026-25680 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4

CVE-2026-25680 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4. A patched version of the package is available...

CVE-2026-42506 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4

CVE-2026-42506 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4. A patched version of the package is available...

CVE-2026-27136 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4

CVE-2026-27136 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4. A patched version of the package is available...

CVE-2026-25681 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4

CVE-2026-25681 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4. A patched version of the package is available...

CVE-2026-42502 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4

CVE-2026-42502 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4. A patched version of the package is available...

CVE-2026-27136 affecting package cloud-provider-kubevirt for versions less than 0.5.1-4

CVE-2026-27136 affecting package cloud-provider-kubevirt for versions less than 0.5.1-4. A patched version of the package is available...

CVE-2026-39821 affecting package prometheus-process-exporter for versions less than 0.8.2-4

CVE-2026-39821 affecting package prometheus-process-exporter for versions less than 0.8.2-4. A patched version of the package is available...

CVE-2026-39821 affecting package jx for versions less than 3.10.182-4

CVE-2026-39821 affecting package jx for versions less than 3.10.182-4. A patched version of the package is available...

CVE-2026-42506 affecting package cloud-provider-kubevirt for versions less than 0.5.1-4

CVE-2026-42506 affecting package cloud-provider-kubevirt for versions less than 0.5.1-4. A patched version of the package is available...

CVE-2026-9256 affecting package nginx for versions less than 1.28.3-4

CVE-2026-9256 affecting package nginx for versions less than 1.28.3-4. A patched version of the package is available...

CVE-2026-39821 affecting package opa for versions less than 0.63.0-4

CVE-2026-39821 affecting package opa for versions less than 0.63.0-4. A patched version of the package is available...

CVE-2026-39821 affecting package cloud-provider-kubevirt for versions less than 0.5.1-4

CVE-2026-39821 affecting package cloud-provider-kubevirt for versions less than 0.5.1-4. A patched version of the package is available...

CVE-2026-46402

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO uses the user-controlled taskname value directly when constructing session log paths. An authenticated client can supply path traversal sequences in taskname and cause...