XWiki >= 6.0-rc-1 - Cross-Site Scripting

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the delete template to perform a XSS, e.g. by using URL such as:...

CVE-2026-40172

authentik is an open-source identity provider. In versions prior to 2025.12.5 and 2026.2.0-rc1 through 2026.2.2, the PATCH /api/v3/core/users/pk/ API allows a caller with changeuser on a target user to assign arbitrary groups through UserSerializer, including groups with issuperuser=True, without...

CVE-2026-32439

Missing Authorization vulnerability in WebGeniusLab BigHearts bighearts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BigHearts: from n/a through = 3.1.14...

RLSA-2026:3407 Important: mingw-fontconfig security update

MinGW Windows Fontconfig library. Security Fixes: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing CVE-2025-59375 For more details about the security issues, including the impact, a CVSS score, acknowledgments...

CVE-2025-68005

Missing Authorization vulnerability in themewant Easy Hotel Booking easy-hotel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Hotel Booking: from n/a through = 1.9.3...

PT-2026-20691

Missing Authorization vulnerability in PSM Plugins SupportCandy supportcandy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SupportCandy: from n/a through = 3.4.4...

CVE-2019-2680

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...

CVE-2025-61736

Successful exploitation of this vulnerability could result in the product failing to re-establish communication once the certificate expires...

EUVD-2025-202420

Authorization Bypass Through User-Controlled Key vulnerability in Im Park Information Technology, Electronics, Press, Publishing and Advertising, Education Ltd. Co. DijiDemi allows Exploitation of Trusted Identifiers.This issue affects DijiDemi: through 28.11.2025...

PT-2025-49991

Missing Authorization vulnerability in berthaai BERTHA AI bertha-ai-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BERTHA AI: from n/a through = 1.13...

TencentOS Server 3: mingw-expat (TSSA-2022:0251)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0251 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

EUVD-2017-13079

Malware in sbrugna...

EUVD-2020-4332

Malware in sbrugna...

EUVD-2019-15086

Malware in sbrugna...

EUVD-2018-12518

Malware in sbrugna...

EUVD-2021-23615

Malware in sbrugna...

EUVD-2021-26333

Malware in sbrugna...

EUVD-2016-7337

Malware in sbrugna...

EUVD-2017-10570

Malware in sbrugna...

EUVD-2020-2298

Malware in sbrugna...