PT-2026-5033

Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 7.0.4 Description OpenEMR is an electronic health records and medical practice management application. Versions before 7.0.4 allow users without appropriate privileges to view and modify sensitive information within...

Moderate: Red Hat Security Advisory: Red Hat Advanced Cluster Management for Kubernetes v2.15.1 security update

Red Hat Advanced Cluster Management for Kubernetes 2.15 General Availability release images, which add new features and enhancements, bug fixes, and updated container images. Red Hat Advanced Cluster Management for Kubernetes 2.15 images Red Hat Advanced Cluster Management for Kubernetes provides...

RLSA-2025:20155 Moderate: binutils security update

The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Security Fixes: binutils: GNU Binutils ld...

open-vm-tools bug fix and enhancement update

An update is available for open-vm-tools. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linu...

EUVD-2026-4466

Langflow execglobals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.19.22 bug fix and security update

Red Hat OpenShift Container Platform release 4.19.22 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.19. Red Hat Product Security has rated this update as having a...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.17.47 bug fix and security update

Red Hat OpenShift Container Platform release 4.17.47 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.17. Red Hat Product Security has rated this update as having a...

Fedora: Security Advisory (FEDORA-2026-297c251448)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-47855

Openlitespeed 1.7.9 contains a stored cross-site scripting vulnerability in the dashboard's Notes parameter that allows administrators to inject malicious scripts. Attackers can craft a payload in the Notes field during listener configuration that will execute when an administrator clicks on the...

CVE-2021-47855

Openlitespeed 1.7.9 is affected by CVE-2021-47855, a stored cross-site scripting vulnerability in the dashboard Notes parameter. The issue allows an attacker to craft a payload in the Notes field during listener configuration that will execute when an administrator clicks the Default Icon, enabli...

CVE-2021-47855

Openlitespeed 1.7.9 contains a stored cross-site scripting vulnerability in the dashboard's Notes parameter that allows administrators to inject malicious scripts. Attackers can craft a payload in the Notes field during listener configuration that will execute when an administrator clicks on the...

CVE-2021-47855 Openlitespeed 1.7.9 - 'Notes' Stored Cross-Site Scripting

Openlitespeed 1.7.9 contains a stored cross-site scripting vulnerability in the dashboard's Notes parameter that allows administrators to inject malicious scripts. Attackers can craft a payload in the Notes field during listener configuration that will execute when an administrator clicks on the...

CVE-2021-47855 Openlitespeed 1.7.9 - 'Notes' Stored Cross-Site Scripting

Openlitespeed 1.7.9 contains a stored cross-site scripting vulnerability in the dashboard's Notes parameter that allows administrators to inject malicious scripts. Attackers can craft a payload in the Notes field during listener configuration that will execute when an administrator clicks on the...

EUVD-2026-3632

Openlitespeed 1.7.9 contains a stored cross-site scripting vulnerability in the dashboard's Notes parameter that allows administrators to inject malicious scripts. Attackers can craft a payload in the Notes field during listener configuration that will execute when an administrator clicks on the...

CLSA-2026-1769014292 httpd: Fix of 2 CVEs

CVE-2025-66200: don't use request notes for suexec, stop accepting the obscure "note" option in RequestHeader - CVE-2025-65082: fix precedence of envvars from HTTP headers and Apache configuration...

Litespeed Technologie OpenLiteSpeed Cross-Site Script Vulnerability

Litespeed Technologie OpenLiteSpeed is an open-source web server developed by Litespeed Technologie. Version 1.7.9 of Litespeed Technologie OpenLiteSpeed contains a cross-site scripting vulnerability. This vulnerability stems from a stored-cross-site scripting vulnerability in the dashboard’s Not...

PT-2026-3808

Openlitespeed 1.7.9 contains a stored cross-site scripting vulnerability in the dashboard's Notes parameter that allows administrators to inject malicious scripts. Attackers can craft a payload in the Notes field during listener configuration that will execute when an administrator clicks on the...

EUVD-2026-3377

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system...

Mageia: Security Advisory (MGASA-2026-0013)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2026-0695

In ConnectWise PSA versions older than 2026.1, Time Entry notes stored in the Time Entry Audit Trail may be rendered without applying output encoding to certain content. Under specific conditions, this may allow stored script code to execute in the context of a user’s browser when the affected...