EUVD-2026-30039

protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion...

CVE-2026-8199 Post-auth memory exhaustion via bitwise match expressions

An authenticated user can cause excess memory usage via bitwise match expression AST processing of $bitsAllSet, $bitsAnySet, $bitsAllClear, and $bitsAnyClear. This contributes to memory pressure and may lead to availability loss by OOM. This issue impacts MongoDB Server v7.0 versions prior to...

Astra Linux - уязвимость в vim

Out-of-bounds write in the GitHub repository for Vim/Vim before version 8.2...

Astra Linux - уязвимость в vim

NULL pointer dereferencing in the GitHub repository for Vim/Vim before version 8.2...

Astra Linux - уязвимость в vim

Heap-based Buffer Overflow in the GitHub repository for vim/vim before version 8.2...

Astra Linux - уязвимость в vim

Uncontrolled recursion in the GitHub repository vim/vim before version 8.2.4975...

EUVD-2026-25377

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 8.2.6.4 have a SQL injection vulnerability in the haproxysectionsave function in app/routes/config/routes.py. The serverip parameter, sourced from the URL path, is passed unsanitized through...

CVE-2026-32573 WordPress Nelio AB Testing plugin <= 8.2.7 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Code Injection.This issue affects Nelio AB Testing: from n/a through = 8.2.7...

CVE-2026-25401 WordPress WPCargo Track & Trace plugin <= 8.0.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Arni Cinco WPCargo Track & Trace wpcargo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCargo Track & Trace: from n/a through = 8.0.2...

CVE-2026-32393

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CreativesPlanet Greenly Theme Addons greenly-addons allows PHP Local File Inclusion.This issue affects Greenly Theme Addons: from n/a through 8.2...

PT-2026-25239

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Creatives Planet Greenly Theme Addons greenly-addons allows PHP Local File Inclusion.This issue affects Greenly Theme Addons: from n/a through 8.2...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

CVE-2024-14024

An improper certificate validation vulnerability has been reported to affect Video Station. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the...

File Inclusion node-tar Dependency in Jira Software Data Center

This High severity File Inclusion vulnerability was introduced in versions 9.15.2, 9.16.0, 9.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.1 of Jira Software Data Center. This File Inclusion vulnerability, with a CVSS Score of 8.2 and a CVS...

RHSA-2026:1409 Red Hat Security Advisory: php:8.2 security update

Bulletin has no description...

Security Bulletin: Vulnerability in juliangruber brace-expansion affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary Vulnerability in juliangruber brace-expansion affect IBM® Db2® Big SQL 8.2 on IBM Cloud Pak for Data 5.2 and earlier Vulnerability Details CVEID:CVE-2025-5889 DESCRIPTION: A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as...

Security Bulletin: IBM Db2 Big SQL on Cloud Pak for Data is vulnerable to a denial of service due to lack of throttling on an API

Summary IBM Db2 Big SQL 7.8 and earlier on CLoud Pak for Data 5.1 and earlier is vulnerable to a denial of service due to lack of throttling on an API Vulnerability Details CVEID:CVE-2024-39724 DESCRIPTION: IBM Big SQL does not properly limit allocation of resources which could allow an...

Security Bulletin: A vulnerability in FreeType affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in FreeType 2.13.0 and earlier affect IBM® Db2® Big SQL 7.8 on IBM Cloud Pak for Data 5.1 and earlier. Vulnerability Details CVEID:CVE-2025-27363 DESCRIPTION: An out of bounds write exists in FreeType versions 2.13.0 and below newer versions of FreeType are not vulnerable...

CVE-2026-21956

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...

CVE-2025-12718 Quick Contact Form <= 8.2.6 - Unauthenticated Open Mail Relay

The Quick Contact Form plugin for WordPress is vulnerable to Open Mail Relay in all versions up to, and including, 8.2.6. This is due to the 'qcfvalidateform' AJAX endpoint allowing a user controlled parameter to set the 'from' email address. This makes it possible for unauthenticated attackers t...