CVE-2026-41073

RT is an open source, enterprise-grade issue and ticket tracking system. Versions prior to 5.0.10 and 6.0.0 through 6.0.2 contain a spreadsheet CSV/formula injection vulnerability. User-controlled data in spreadsheet exports is not sanitized before being written to the output file, which can caus...

CVE-2026-41075

RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.0 through 5.0.9 and 6.0.0 through 6.0.2 contain an SQL injection vulnerability. An authenticated user can craft input that is incorporated into database queries without proper validation, potentially allowing th...

CVE-2026-41074

CVE-2026-41074 affects RT (Resource Tracker) versions 6.0.0–6.0.2, where a Cross-Site Request Forgery (CSRF) vulnerability exists. An attacker who lures a logged-in RT user to visit a malicious page can trigger arbitrary state-changing actions in RT on that user’s behalf. The issue is fixed in RT...

CVE-2026-41073 RT: Spreadsheet downloads vulnerable to CSV/formula injection in Microsoft Excel and similar apps

RT is an open source, enterprise-grade issue and ticket tracking system. Versions prior to 5.0.10 and 6.0.0 through 6.0.2 contain a spreadsheet CSV/formula injection vulnerability. User-controlled data in spreadsheet exports is not sanitized before being written to the output file, which can caus...

PT-2026-36803

Name of the Vulnerable Software and Affected Versions Assimp versions prior to 6.0.3 Description A buffer overflow exists in the FBX Importer. The issue occurs within the aiMaterial::AddBinaryProperty function, where a property key string from a specially crafted FBX file is copied into a...

[20260305] - Core - Arbitrary file deletion in com_joomlaupdate

Lack of input validation leads to an arbitrary file deletion vulnerability in the autoupdate server mechanism...

[20260304] - Core - XSS vectors in various article title outputs

Lack of output escaping for article titles leads to XSS vectors in various locations...

[20260306] - Core - Improper access check in webservice endpoints

An improper access check allows unauthorized access to webservice endpoints...

OPENSUSE-SU-2026:10283-1 python313-Django6-6.0.3-1.1 on GA media

These are all security issues fixed in the python313-Django6-6.0.3-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10189-1 libowncloudsync-devel-6.0.3-1.1 on GA media

These are all security issues fixed in the libowncloudsync-devel-6.0.3-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-22888

Improper input verification issue exists in Cybozu Garoon 5.0.0 to 6.0.3, which may lead to unauthorized alteration of portal settings, potentially blocking access to the product...

EUVD-2026-5120

Cross-site scripting vulnerability exists in Message function of Cybozu Garoon 5.15.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords...

CVE-2026-22881

Cross-site scripting vulnerability exists in Message function of Cybozu Garoon 5.15.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords...

Cybozu Garoon 跨站脚本漏洞

Cybozu Garoon is a portal-based OA office system developed by Cybozu. This system provides functions such as portals, email, bookmarks, calendar management, bulletin boards, and file management. Versions of Cybozu Garoon from 5.15.0 to 6.0.3 had a cross-site scripting vulnerability. This...

PT-2026-5616

Cross-site scripting vulnerability exists in Message function of Cybozu Garoon 5.15.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords...

CVE-2025-69082

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Frenify Arlo arlo allows Reflected XSS.This issue affects Arlo: from n/a through = 6.0.3...

WordPress plugin Arlo 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

PT-2026-1647

Name of the Vulnerable Software and Affected Versions Frenify Arlo versions through 6.0.3 Description A flaw exists in Frenify Arlo that allows for Reflected Cross-site Scripting XSS. This issue arises from improper input validation during web page generation. The vulnerability could potentially...

CVE-2025-66511

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 6.0.3, the Calendar app generates participant tokens for meeting proposals using a hash function, allowing an attacker to compute valid participant tokens, which allowed them to request details and submit dates in meeting proposals. The...

EUVD-2025-201444

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 6.0.3, the Calendar app generates participant tokens for meeting proposals using a hash function, allowing an attacker to compute valid participant tokens, which allowed them to request details and submit dates in meeting proposals. The...