Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2026-1268)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Updates for Microsoft Excel Products (March 2026)

The Microsoft Excel Products are missing a security update. They are, therefore, affected by multiple remote code execution vulnerabilities. An attacker can exploit these to bypass authentication and execute unauthorized arbitrary commands. CVE-2026-26107, CVE-2026-26108, CVE-2026-26109,...

Fedora: Security Advisory (FEDORA-2026-06657d1811)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2026-0053)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2026-30885 WWBN AVideo - Unauthenticated IDOR - Playlist Information Disclosure

WWBN AVideo is an open source video platform. Prior to 25.0, the /objects/playlistsFromUser.json.php endpoint returns all playlists for any user without requiring authentication or authorization. An unauthenticated attacker can enumerate user IDs and retrieve playlist information including playli...

EUVD-2025-208365

An administrator may attempt to block all networks by specifying "" or "all" as the network identifier. However, these values are not supported and do not trigger any validation error. Instead, they are silently interpreted as network 0 which results in no networks being blocked at all...

USN-8018-2: Python regression

USN-8018-1 fixed vulnerabilities in python3. That update introduced regressions. The patches for CVE-2025-15366 and CVE-2025-15367 caused behavior regressions in IMAP and POP3 handling, which upstream chose to avoid by not backporting them. Additionally, the patch for CVE-2026-0865 incorrectly...

CVE-2026-3693

A flaw has been found in Shy2593666979 AgentChat up to 2.3.0. This issue affects the function getuserinfo/updateuserinfo of the file /src/backend/agentchat/api/v1/user.py of the component User Endpoint. This manipulation of the argument userid causes improper control of resource identifiers. It i...

MBS多款产品 安全漏洞

MBS UBR-01 Mk II, etc., are products of the German MBS company. The MBS UBR-01 Mk II is a remote base station device. The MBS UBR-02 is also a remote base station device. The MBS UBR-LON is a communication interface device for industrial automation systems. Several MBS products have security...

SourceCodester Resort Reservation System 代码注入漏洞

The SourceCodester Resort Reservation System is an open-source resort reservation system developed by SourceCodester. Version 1.0 of the SourceCodester Resort Reservation System contains a code injection vulnerability. This vulnerability arises from incorrect handling of parameter IDs in the...

PT-2026-24150

Name of the Vulnerable Software and Affected Versions OneUptime versions prior to 10.0.19 Description OneUptime’s GitHub App callback does not properly validate the state and installation id values received from a user, allowing an attacker to overwrite another project's GitHub App installation...

EUVD-2026-10201

A flaw has been found in Shy2593666979 AgentChat up to 2.3.0. This issue affects the function getuserinfo/updateuserinfo of the file /src/backend/agentchat/api/v1/user.py of the component User Endpoint. This manipulation of the argument userid causes improper control of resource identifiers. It i...

CVE-2026-25072

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a predictable session identifier vulnerability in the /goform/SetLogin endpoint that allows remote attackers to hijack authenticated sessions. Attackers can predict session identifiers using insufficiently random cook...

CVE-2026-30244

Plane is an an open-source project management tool. Prior to version 1.2.2, unauthenticated attackers can enumerate workspace members and extract sensitive information including email addresses, user roles, and internal identifiers. The vulnerability stems from Django REST Framework permission...

CVE-2026-3693

A flaw has been found in Shy2593666979 AgentChat up to 2.3.0. This issue affects the function getuserinfo/updateuserinfo of the file /src/backend/agentchat/api/v1/user.py of the component User Endpoint. This manipulation of the argument userid causes improper control of resource identifiers. It i...

CVE-2026-3693 Shy2593666979 AgentChat User Endpoint user.py update_user_info resource injection

A flaw has been found in Shy2593666979 AgentChat up to 2.3.0. This issue affects the function getuserinfo/updateuserinfo of the file /src/backend/agentchat/api/v1/user.py of the component User Endpoint. This manipulation of the argument userid causes improper control of resource identifiers. It i...

PT-2026-23894

Name of the Vulnerable Software and Affected Versions Shy2593666979 AgentChat versions prior to 2.3.1 Description A flaw exists in Shy2593666979 AgentChat related to improper control of resource identifiers. The issue resides within the get user info/update user info function located in the...

CVE-2026-27027

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

CVE-2026-27777

Charging station authentication identifiers are publicly accessible via web-based mapping platforms...

CVE-2026-2754

Navtor NavBox exposes sensitive configuration and operational data due to missing authentication on HTTP API endpoints. An unauthenticated remote attacker with network access to the device can execute HTTP GET requests to TCP port 8080 to retrieve internal network parameters including ECDIS & OT...