ServiceNow - Cross-Site Scripting

ServiceNow through San Diego Patch 4b and Patch 6 contains a cross-site scripting vulnerability in the logout functionality, which can enable an unauthenticated remote attacker to execute arbitrary JavaScript. id: CVE-2022-38463 info: name: ServiceNow - Cross-Site Scripting author: amanrawat...

VMware VRealize Network Insight - Remote Code Execution

VMWare Aria Operations for Networks vRealize Network Insight is vulnerable to command injection when accepting user input through the Apache Thrift RPC interface. This vulnerability allows a remote unauthenticated attacker to execute arbitrary commands on the underlying operating system as the ro...

Intel Active Management - Authentication Bypass

Intel Active Management platforms are susceptible to authentication bypass. A non-privileged network attacker can gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology AMT and Intel Standard Manageability. A non-privileged local attacker can provision...

NPM: protobufjs : Schema-derived names can shadow runtime-significant properties

NPM: protobufjs : Schema-derived names can shadow runtime-significant properties vulnerability discovered by ? in WordPress Npm protobufjs versions = 7.6.2...

CVE-2026-53726 Parse Server: Relation `$relatedTo` query bypasses `protectedFields` and owning-object ACL

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.80 and 9.9.1-alpha.6, a relation query using the $relatedTo operator could read the membership of a Relation field even when that field was hidden from the requesting clie...

PT-2026-48962

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.80 Parse Server versions prior to 9.9.1-alpha.6 Description A relation query using the $relatedTo operator allows an unauthenticated client to read the membership of a Relation field. This occurs even if the...

CVE-2026-40884

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs contains an SFTP authentication bypass when the documented empty-username basic-auth syntax is used. If the server is started with -b ':pass' together with -sftp, goshs accepts that configuration but does not install any SFTP...

CVE-2026-41257 affecting package jq for versions less than 1.7.1-6

CVE-2026-41257 affecting package jq for versions less than 1.7.1-6. A patched version of the package is available...

CVE-2026-40612 affecting package jq for versions less than 1.7.1-6

CVE-2026-40612 affecting package jq for versions less than 1.7.1-6. A patched version of the package is available...

CVE-2026-44777 affecting package jq for versions less than 1.7.1-6

CVE-2026-44777 affecting package jq for versions less than 1.7.1-6. A patched version of the package is available...

CVE-2026-35193 Potential exposure of private data via missing Vary: Authorization in UpdateCacheMiddleware

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header for requests bearing that header without Cache-Control: public, which allows remote attackers to read private...

CVE-2026-7374 affecting package kubevirt for versions less than 1.7.1-6

CVE-2026-7374 affecting package kubevirt for versions less than 1.7.1-6. A patched version of the package is available...

CVE-2026-42506 affecting package sriov-network-device-plugin for versions less than 3.7.0-6

CVE-2026-42506 affecting package sriov-network-device-plugin for versions less than 3.7.0-6. A patched version of the package is available...

CVE-2026-42502 affecting package sriov-network-device-plugin for versions less than 3.7.0-6

CVE-2026-42502 affecting package sriov-network-device-plugin for versions less than 3.7.0-6. A patched version of the package is available...

CVE-2026-27136 affecting package sriov-network-device-plugin for versions less than 3.7.0-6

CVE-2026-27136 affecting package sriov-network-device-plugin for versions less than 3.7.0-6. A patched version of the package is available...

CVE-2026-25681 affecting package sriov-network-device-plugin for versions less than 3.7.0-6

CVE-2026-25681 affecting package sriov-network-device-plugin for versions less than 3.7.0-6. A patched version of the package is available...

CVE-2026-39821 affecting package sriov-network-device-plugin for versions less than 3.7.0-6

CVE-2026-39821 affecting package sriov-network-device-plugin for versions less than 3.7.0-6. A patched version of the package is available...

CVE-2026-25680 affecting package sriov-network-device-plugin for versions less than 3.7.0-6

CVE-2026-25680 affecting package sriov-network-device-plugin for versions less than 3.7.0-6. A patched version of the package is available...

SUSE-SU-2026:21926-1 Security update for the Linux Kernel RT (Live Patch 12 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise Kernel 6.4.0-36.1 fixes various security issues The following security issues were fixed: - CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption bsc1264096. - CVE-2026-23243: RDMA/umad: Reject negative datalen in ibumadwrite bsc1259798. - CVE-2026-23274:...

CVE-2026-42502 affecting package cri-tools for versions less than 1.32.0-6

CVE-2026-42502 affecting package cri-tools for versions less than 1.32.0-6. A patched version of the package is available...