PT-2026-25706

HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific...

PT-2026-25756

HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific...

EulerOS Virtualization 2.12.1 : mod_http2 (EulerOS-SA-2026-1444)

According to the versions of the modhttp2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In certain proxy configurations, a denial of service attack againstApache HTTP Server versions 2.4.26 through to 2.4.63 can be...

Huawei EulerOS: Security Advisory for mod_http2 (EulerOS-SA-2026-1501)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EUVD-2026-11758

The Appointment Booking Calendar — Simply Schedule Appointments plugin for WordPress is vulnerable to unauthorized access of sensitive data in all versions up to and including 1.6.9.29. This is due to two compounding weaknesses: 1 a non-user-bound publicnonce is exposed to unauthenticated users...

EUVD-2026-11772

A broken access control may allow an authenticated user to perform a horizontal privilege escalation. The vulnerability only impacts specific configurations...

CVE-2026-3999

CVE-2026-3999 describes a broken access control vulnerability that can enable an authenticated user to perform horizontal privilege escalation in certain configurations of the ID Server. The CVSS 4.0 metrics indicate high impact on confidentiality and integrity, with privilege level Low and no us...

CVE-2026-3999 Broken access control vulnerability affecting ID Server

A broken access control may allow an authenticated user to perform a horizontal privilege escalation. The vulnerability only impacts specific configurations...

CVE-2026-3999

A broken access control may allow an authenticated user to perform a horizontal privilege escalation. The vulnerability only impacts specific configurations...

CVE-2026-3999 Broken access control vulnerability affecting ID Server

A broken access control may allow an authenticated user to perform a horizontal privilege escalation. The vulnerability only impacts specific configurations...

CVE-2026-3045 Appointment Booking Calendar <= 1.6.9.29 - Missing Authorization to Unauthenticated Sensitive Information Exposure via Settings REST API Endpoint

The Appointment Booking Calendar — Simply Schedule Appointments plugin for WordPress is vulnerable to unauthorized access of sensitive data in all versions up to and including 1.6.9.29. This is due to two compounding weaknesses: 1 a non-user-bound publicnonce is exposed to unauthenticated users...

PT-2026-25162

Name of the Vulnerable Software and Affected Versions Apache HTTP Server affected versions not specified Description A broken access control may allow an authenticated user to perform a horizontal privilege escalation. The issue only impacts specific configurations. Recommendations At the moment,...

OneUptime 跨站脚本漏洞

OneUptime is a comprehensive open-source solution developed by OneUptime. It is used to monitor and manage your online services. Versions of OneUptime prior to 10.0.23 contained a cross-site scripting vulnerability. This vulnerability stemmed from the Markdown viewer component rendering Mermaid...

OpenClaw Encryption Problem Vulnerability

OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw suffers from a cryptographic issue vulnerability that stems from the use of SHA-1 hashed Docker and browser sandbox configurations of the sandbox identifier cache key, which can be exploited by an attacker to enable...

CVE-2026-32126

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, an inverted boolean condition in ControllerRouter::route causes the admin/super ACL check to be enforced only for controllers that already have their own internal authorizati...

CVE-2026-32126

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, an inverted boolean condition in ControllerRouter::route causes the admin/super ACL check to be enforced only for controllers that already have their own internal authorizati...

EUVD-2026-11399

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, an inverted boolean condition in ControllerRouter::route causes the admin/super ACL check to be enforced only for controllers that already have their own internal authorizati...

CVE-2026-1471

Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.01.4 leads to authenticated users inheriting the context of the first user who authenticated after restart. The issue is limited to certain non-default configurations of SSO UserInfo endpoint. We...

CVE-2026-2917

The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.21.0 via the haduplicatething admin action handler. This is due to the canclone method only checking currentusercan'editposts' a general capability without...

OpenEMR 安全漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0.1 contained security...