Oracle Siebel Server <= 26.1 (April 2026 CPU)

The versions of Oracle Siebel CRM installed on the remote host are affected by a vulnerability as referenced in the April 2026 CPU advisory. - Vulnerability in the Siebel CRM Integration product of Oracle Siebel CRM component: Open Integration Snappy. Supported versions that are affected are...

Oracle Siebel Server <= 26.2 (April 2026 CPU)

The versions of Oracle Siebel CRM installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2026 CPU advisory. - Vulnerability in the Siebel CRM Integration product of Oracle Siebel CRM component: REST Jettison. Supported versions that are affected are...

CVE-2026-41454

WeKan before 8.35 contains a missing authorization vulnerability in the Integration REST API endpoints that allows authenticated board members to perform administrative actions without proper privilege verification. Attackers can enumerate integrations including webhook URLs, create new...

justhtml has sanitization bypass in custom policies and programmatic DOM

Summary justhtml 1.17.0 fixes multiple security issues in sanitization, serialization, and programmatic DOM handling. Most of these issues affected advanced or custom configurations rather than the default safe path. Affected versions - justhtml , MathML , SVG / , and MathML text integration poin...

CVE-2026-41455

WeKan before 8.35 contains a server-side request forgery vulnerability in webhook integration URL handling where the URL scheme field accepts any string without protocol restriction or destination validation. Attackers who can create or modify integrations can set webhook URLs to internal network...

CVE-2026-41454 WeKan < 8.35 Missing Authorization via Integration REST API

WeKan before 8.35 contains a missing authorization vulnerability in the Integration REST API endpoints that allows authenticated board members to perform administrative actions without proper privilege verification. Attackers can enumerate integrations including webhook URLs, create new...

CVE-2026-41454

WeKan before 8.35 contains a missing authorization vulnerability in the Integration REST API endpoints that allows authenticated board members to perform administrative actions without proper privilege verification. Attackers can enumerate integrations including webhook URLs, create new...

CVE-2026-41454 WeKan < 8.35 Missing Authorization via Integration REST API

WeKan before 8.35 contains a missing authorization vulnerability in the Integration REST API endpoints that allows authenticated board members to perform administrative actions without proper privilege verification. Attackers can enumerate integrations including webhook URLs, create new...

CVE-2026-41454

CVE-2026-41454 affects WeKan

CVE-2026-25542

A flaw was found in Tekton Pipelines. An attacker can bypass trusted resource verification policies by crafting a malicious source string that contains a trusted pattern as a substring. This is due to the regexp.MatchString function in Go matching patterns anywhere within a string, rather than...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the POST /api/lunchflow/link endpoint, which insufficiently validates user-supplied URLs and fails to restrict access to internal or sensitive network addresses. An attacker can cause the server to...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the POST /api/lunchflow/link endpoint, which insufficiently validates user-supplied URLs and fails to restrict access to internal or sensitive network addresses. An attacker can cause the server to...

K2view vs Broadcom For Test Data Management

Compare Broadcom TDM and K2view across architecture, integration, masking, and scalability to find the right test data management solution for your needs...

CVE-2026-4117

The CalJ plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5. This is due to a missing capability check in the CalJSettingsPage class constructor, which processes the 'save-obtained-key' operation directly from POST data without verifying that the...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Security Bulletin: Due to use angular-1.8.2.min.js , IBM webMethods Integration Server is affected by multiple vulnerabilities.

Summary Multiple vulnerabilities were addressed in IBM webMethods Integration Server by upgrading the version of the Angular framework. Vulnerability Details CVEID:CVE-2025-0716 DESCRIPTION: Improper sanitization of the value of the 'href' and 'xlink:href' attributes in 'image' SVG elements in...

PT-2026-34568

WeKan before 8.35 contains a missing authorization vulnerability in the Integration REST API endpoints that allows authenticated board members to perform administrative actions without proper privilege verification. Attackers can enumerate integrations including webhook URLs, create new...

PT-2026-34611

Name of the Vulnerable Software and Affected Versions monetr versions prior to 1.12.5 Description A server-side request forgery SSRF issue in the Lunch Flow integration allows authenticated users on self-hosted instances to force the server to send HTTP GET requests to arbitrary URLs. The respons...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013526)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013526 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: Fix possible leaked pernet namespace in smcinit In smcinit,...

EUVD-2026-24384

Vulnerability in the Oracle HCM Common Architecture product of Oracle E-Business Suite component: Knowledge Integration. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HCM...