PT-2026-38702

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...

PT-2026-38851

Vulnerability in Oracle Java SE component: Compiler. Supported versions that are affected are Oracle Java SE: 21.0.6, 24; Oracle GraalVM for JDK: 21.0.6 and 24. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java...

BerriAI LiteLLM SQL Injection Vulnerability

BerriAI LiteLLM contains a SQL injection vulnerability that allows an attacker to read data from the proxy's database and potentially modify it, leading to unauthorized access to the proxy and the credentials it manages...

PT-2026-38810

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JavaFX. Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated...

solidtime 安全漏洞

Solidtime is an open-source time tracking application developed by Solidtime developers. Version 0.12.0 of Solidtime contains a security vulnerability. This vulnerability stems from the fact that the PUT /api/v1/organizations/organization/time-entries/timeEntry API accepts routing bindings for...

PT-2026-38698

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...

PT-2026-38815

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM...

PT-2026-38800

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM...

PT-2026-38819

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0....

PT-2026-38724

Vulnerability in the Java SE product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 11.0.6 and 14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability c...

ROS-20260508-73-0007

Vulnerability in roundcubemail related to the use of an insecure alternate channel. Exploitation of the vulnerability could allow an attacker acting remotely to modify user projects and/or device configuration via cip commands...

PT-2026-38768

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JGSS. Supported versions that are affected are Oracle Java SE: 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated...

Important: Red Hat Security Advisory: nginx security update

An update for nginx is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

EUVD-2025-209728

Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials to modify encrypted drive data...

CVE-2026-41903

CVE-2026-41903 affects FreeScout (Laravel-based). Before 1.8.217, a user with PERM_EDIT_USERS can read/modify any user’s notification subscriptions via a single POST, including admins, enabling silent disabling of email/browser/mobile alerts and related notices. This is a continuation of CVE-2025...

CVE-2025-4397

Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials to modify encrypted drive data...

CVE-2025-4397 Medtronic MyCareLink Patient Monitor Data Encryption Weakness

Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials to modify encrypted drive data...

CVE-2025-4397 Medtronic MyCareLink Patient Monitor Data Encryption Weakness

Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials to modify encrypted drive data...

WordPress Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin <= 1.6.10.6 - Unauthenticated Arbitrary Appointment View, Modification and Deletion vulnerability

Unauthenticated Arbitrary Appointment View, Modification and Deletion vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Simply Schedule Appointments versions = 1.6.10.6...

CVE-2026-4807 Appointment Booking Calendar <= 1.6.10.6 - Unauthenticated Arbitrary Appointment View, Modification and Deletion

The Appointment Booking Calendar plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.6.10.6. This is due to a flawed authorization logic in the noncepermissionscheck method combined with the public exposure of a site-wide reusable nonce. The plugin expose...