CVE-2026-48687

FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the Juniper router integration plugin. The log function in src/juniperplugin/fastnetmonjuniper.php lines 117-118 constructs shell commands by concatenating the $msg parameter directly into exec calls:...

PT-2026-43274

Name of the Vulnerable Software and Affected Versions FastNetMon Community Edition versions prior to 1.3.0 Description An OS command injection issue exists in the Juniper router integration plugin. The log function in src/juniper plugin/fastnetmon juniper.php constructs shell commands by...

PT-2026-43355

Name of the Vulnerable Software and Affected Versions FastNetMon Community Edition versions prior to 1.2.10 Description An OS command injection issue exists in the MikroTik router integration plugin. The log function in src/mikrotik plugin/fastnetmon mikrotik.php constructs shell commands by...

PT-2026-43277

Name of the Vulnerable Software and Affected Versions IBM Db2 versions 11.5.0 through 11.5.9 IBM Db2 versions 12.1.0 through 12.1.4 Description IBM Db2 for Linux, UNIX, and Windows, including DB2 Connect Server, stores potentially sensitive information in log files. This data could be accessed an...

CVE-2026-48695

FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the MikroTik router integration plugin. The log function in src/mikrotikplugin/fastnetmonmikrotik.php lines 107-108 constructs shell commands by concatenating the $msg parameter directly into exec calls:...

EUVD-2026-31949

FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the MikroTik router integration plugin. The log function in src/mikrotikplugin/fastnetmonmikrotik.php lines 107-108 constructs shell commands by concatenating the $msg parameter directly into exec calls:...

CVE-2026-48695

CVE-2026-48695: FastNetMon Community Edition

CVE-2026-48687

CVE-2026-48687 affects FastNetMon Community Edition up to 1.2.9, specifically the Juniper router integration plugin. The OS command injection stems from the PHP file src/juniper_plugin/fastnetmon_juniper.php (log function) which builds shell commands by concatenating unsanitized user data from ar...

CVE-2026-48695

FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the MikroTik router integration plugin. The log function in src/mikrotikplugin/fastnetmonmikrotik.php lines 107-108 constructs shell commands by concatenating the $msg parameter directly into exec calls:...

CVE-2026-48687

FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the Juniper router integration plugin. The log function in src/juniperplugin/fastnetmonjuniper.php lines 117-118 constructs shell commands by concatenating the $msg parameter directly into exec calls:...

Atlassian Confluence 8.9.0 < 9.2.20 / 9.3.1 < 10.2.11 (CONFSERVER-103708)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-103708 advisory. - This Improper Encoding or Escaping of Output vulnerability allows an unauthenticated attacker to potentially disclose sensitive information via t...

CVE-2026-45435

CVE-2026-45435 : A DOM-based XSS vulnerability affects the WordPress WP Activity Log plugin, specifically versions up to 5.6.3. The issue is described as an Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) in Melapress WP Activity Log, enabling DOM-based XSS. The...

EUVD-2026-31764

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Melapress WP Activity Log allows DOM-Based XSS. This issue affects WP Activity Log: from n/a through 5.6.3...

CVE-2026-45435

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Melapress WP Activity Log allows DOM-Based XSS. This issue affects WP Activity Log: from n/a through 5.6.3...

CVE-2026-45435 WordPress WP Activity Log plugin <= 5.6.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Melapress WP Activity Log allows DOM-Based XSS. This issue affects WP Activity Log: from n/a through 5.6.3...

CVE-2026-45435 WordPress WP Activity Log plugin <= 5.6.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Melapress WP Activity Log allows DOM-Based XSS. This issue affects WP Activity Log: from n/a through 5.6.3...

CVE-2026-40127

OutSystems Lifetime is vulnerable to Authorization Bypass Through User-Controlled Key vulnerability in ApplicationID parameter. Any authenticated user, can read the Change Log containing actions performed by other users as well as application name of any application. This issue was fixed in...

CVE-2026-40127 Authorization Bypass Through User-Controlled Key in OutSystems Lifetime

OutSystems Lifetime is vulnerable to Authorization Bypass Through User-Controlled Key vulnerability in ApplicationID parameter. Any authenticated user, can read the Change Log containing actions performed by other users as well as application name of any application. This issue was fixed in...

EUVD-2026-31662

OutSystems Lifetime is vulnerable to Authorization Bypass Through User-Controlled Key vulnerability in ApplicationID parameter. Any authenticated user, can read the Change Log containing actions performed by other users as well as application name of any application. This issue was fixed in...

SUSE-SU-2026:21831-1 Security update for libarchive

This update for libarchive fixes the following issues - CVE-2026-4111: logical deadlock the RAR5 filter subsystem and the half-window output limiter leads to infinite loop and DoS bsc1259635. - CVE-2026-4424: 257-byte heap memory leak when processing a 170-byte RAR3 bsc1259928. - CVE-2026-4426:...