CVE-2026-34582

Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed prior to the Finished message being received. A server which is attempting to enforce client authentication via certificates can by bypassed by a client which...

CVE-2026-32757

Admidio is an open-source user management solution. In versions 5.0.6 and below, the eCard send handler uses a raw $POST'ecardmessage' value instead of the HTMLPurifier-sanitized $formValues'ecardmessage' when constructing the greeting card HTML. This allows an authenticated attacker to inject...

CVE-2026-27626 OliveTin vulnerable to OS Command Injection via `password` argument type and webhook JSON extraction bypasses shell safety checks

OliveTin gives access to predefined shell commands from a web interface. In versions up to and including 3000.10.0, OliveTin's shell mode safety check checkShellArgumentSafety blocks several dangerous argument types but not password. A user supplying a password-typed argument can inject shell...

Security Bulletin: Multiple vulnerabilities affect IBM® Semeru Runtime (CVE-2026-21945, CVE-2026-21932, CVE-2026-21933, CVE-2026-21925, CVE-2026-1188)

Summary This bulletin for IBM Semeru Runtime covers all applicable Java SE CVEs published by OpenJDK as part of their January 2026 Vulnerability Advisory, plus CVE-2026-1188. For more information please refer to OpenJDK's January 2026 Vulnerability Advisory and the CVE links below. Vulnerability...

Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition (CVE-2026-21945, CVE-2026-21932, CVE-2026-21933, CVE-2026-21925)

Summary This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their January 2026 Critical Patch Update. For more information please refer to Oracle's January 2026 CPU Advisory and the CVE links referenced below. Vulnerability Details...

PT-2026-4589

Name of the Vulnerable Software and Affected Versions Allow HTML in Category Descriptions plugin for WordPress affected versions not specified Description The “Allow HTML in Category Descriptions” plugin for WordPress has a flaw where it incorrectly removes security checks on input data...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the defVals parameter in the Edit Document Controller. An attacker can insert unauthorized data into restricted database fields by bypassing field-level access checks during record creation, provided the user...

EUVD-2010-0070

Malware in sbrugna...

EUVD-2025-3702

Malicious code in bioql PyPI...

EUVD-2022-41532

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2013-2083

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The MoodleQuickForm class in lib/formslib.php in Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not properly handle...

Linux Distros Unpatched Vulnerability : CVE-2024-45397

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QUIC 0-RTT packets ...

FreeScout Cross-Site Scripting Vulnerability (CNVD-2025-20786)

FreeScout is an ultra-lightweight free open source helpdesk and shared inbox built using PHP Laravel framework by FreeScout. FreeScout suffers from a security bypass vulnerability that is caused by improper validation of user-supplied input in the session POST dataset. No detailed vulnerability...

CVE-2025-5690

PostgreSQL Anonymizer v2.0 and v2.1 contain a vulnerability that allows a masked user to bypass the masking rules defined on a table and read the original data using a database cursor or the --insert option of pgdump. This problem occurs only when dynamic masking is enabled, which is not the...

ABB Cylon Aspect 3.08.03 (MIX->IPConfigServlet) Network Manipulation

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description ABB Cylon Aspect MIX's IPConfigServlet allows unauthenticated network...

CVE-2024-8900

An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. This vulnerability affects Firefox 129, Firefox ESR 128.3, and Thunderbird 128.3...

CVE-2024-4774

The ShmemCharMapHashEntry code was susceptible to potentially undefined behavior by bypassing the move semantics for one of its data members. This vulnerability affects Firefox 126...

CVE-2023-50428

Affected software: Bitcoin Core up to 26.0 and Bitcoin Knots up to 25.1.knots20231115. Issue: datacarrier size limits can be bypassed by obfuscating data as code (e.g., OP_FALSE OP_IF). In the wild, this has been exploited by Inscriptions in 2022–2023. Impact: data-carrier limit bypass; potential...

CVE-2023-46227 Apache inlong has an Arbitrary File Read Vulnerability

Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can use \t to bypass. Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick 1 to solve it. 1...

About the security content of tvOS 17

About the security content of tvOS 17 This document describes the security content of tvOS 17. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent...