Linux Distros Unpatched Vulnerability : CVE-2026-7765

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect authorization in the User Messages dashboard widget in Checkmk 2.5.0p5 causes the message- fetching endpoints to return the dashboard creator's messag...

CVE-2026-8237

Concrete CMS 9.5.0 and below is vulnerable to IDOR. The /ccm/frontend/conversations/messagedetail endpoint returns the full content of any conversation message. An unauthenticated attacker can enumerate all conversation messages, including messages from restricted pages, member-only areas, and th...

MAL-2026-4618 Malicious code in n8n-nodes-whatsapp-business-api-by-automations-builder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a012be4fda5d6832fa3f4b404fd0026c0b351642260408e7f4fbb955e48b38a8 Package presents itself as an n8n node for the WhatsApp Business API Meta Graph. Instead of calling graph.facebook.com, every request — credential...

Concrete CMS 安全漏洞

Concrete CMS is an open-source content management system designed for teams. Concrete CMS versions 9.5.0 and earlier have security vulnerabilities, which stem from IDOR. These vulnerabilities may allow unauthorized parties to access confirmation messages and obtain ratings...

CVE-2026-3321

A vulnerability of authorization bypass through user-controlled key in the 'console-survey/api/v1/answer/EVENTID/TIMESTAMP/' endpoint. Exploiting this vulnerability would allow an unauthenticated attacker to enumerate event IDs and obtain the complete Q&A history. This publicly exposed data may...

Discourse 安全漏洞

Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. Versions of Discourse prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain security vulnerabilities. These...

CVE-2026-25220

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Message Center accepts the URL parameter showall=yes and passes it to getPnotesByUser, which returns all internal messages all users’ notes. The backend does not...

CVE-2026-25808

Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Prior to 0.6.20 and 0.7.2, there is a security vulnerability where DMs and followers-only posts were exposed through the ActivityPub outbox endpoint without authorization. This vulnerability is...

Hollo 安全漏洞

Hollo is a micro-blogging software developed by Fedify. Versions of Hollo prior to 0.6.20 and 0.7.2 contained security vulnerabilities. These vulnerabilities were due to the exposure of private messages and posts visible only to followers through the ActivityPub inbox endpoint, which could lead t...

CVE-2025-1395 Sensitive Data Exposure in CoDeriApp's HeyGarson

Generation of Error Message Containing Sensitive Information vulnerability in Codriapp Innovation and Software Technologies Inc. HeyGarson allows Fuzzing for application mapping. This issue affects HeyGarson: through 30012026. NOTE: The vendor was contacted several times to verifying fixing proce...

Aptsys Gemscms POS Platform security vulnerabilities

Aptsys Gemscms POS Platform is a catering management system developed by the Indian company Aptsys. There is a security vulnerability in the Aptsys Gemscms POS Platform. This vulnerability arises from the PHP backend, which triggers detailed error messages when processing specially crafted HTTP...

CVE-2026-22646

Certain error messages returned by the application expose internal system details that should not be visible to end users, providing attackers with valuable reconnaissance information like file paths, database errors, or software versions that can be used to map the application's internal structu...

CVE-2026-22646

Certain error messages returned by the application expose internal system details that should not be visible to end users, providing attackers with valuable reconnaissance information like file paths, database errors, or software versions that can be used to map the application's internal structu...

EUVD-2025-199576

The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getorderbyid function in all versions up to, and including, 14. This makes it possible for unauthenticated attackers t...

PT-2025-47697

The Return Refund and Exchange For WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.5.5 via the wps rma fetch order msgs due to missing validation on a user controlled key. This makes it possible for authenticated attackers...

EUVD-2025-35202

The CloudEdge Cloud does not sanitize the MQTT topic input, which could allow an attacker to leverage the MQTT wildcard to receive all the messages that should be delivered to other users by subscribing to the a MQTT topic. In these messages, the attacker can obtain the credentials and key...

PT-2025-32547 · Wukongopensource · Wukongcrm

Name of the Vulnerable Software and Affected Versions: WuKongOpenSource WukongCRM version 11.0 Description: A vulnerability exists in WuKongOpenSource WukongCRM 11.0, specifically within an unknown part of the /adminFile/upload file of the API Response Handler component. This allows for informati...

IBM Cognos Controller和IBM Controller 安全漏洞

IBM Cognos Controller and IBM Controller are both products of International Business Machines IBM.IBM Cognos Controller is a business intelligence and planning solution. The product features process automation, financial audit control, and the creation and management of financial reports.IBM...

PT-2024-7108 · Jenkins +1 · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.478 and earlier Jenkins LTS versions 2.462.2 and earlier Description: The issue is related to the lack of protection for sensitive data in Jenkins. Specifically, Jenkins does not redact multi-line secret values in error...

SUSE CVE-2015-1870

The event scripts in Automatic Bug Reporting Tool ABRT uses world-readable permission on a copy of sosreport file in problem directories, which allows local users to obtain sensitive information from /var/log/messages via unspecified vectors...