CVE-2026-27824 calibre has IP Ban Bypass via X-Forwarded-For Header Spoofing

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, the calibre Content Server's brute-force protection mechanism uses a ban key derived from both remoteaddr and the X-Forwarded-For header. Since the X-Forwarded-For header i...

EUVD-2025-208129

Insufficient protection mechanisms in the Health Module may lead to partial information disclosure...

CVE-2025-15567

Insufficient protection mechanisms in the Health Module may lead to partial information disclosure...

CVE-2025-15567

Technical details are not publicly available in the provided documents. Monitor for updates from vendors and security advisories to learn affected products, components, and remediation information.

CVE-2025-15567

Insufficient protection mechanisms in the Health Module may lead to partial information disclosure...

CVE-2025-15567

Insufficient protection mechanisms in the Health Module may lead to partial information disclosure...

CVE-2025-15567

Insufficient protection mechanisms in the Health Module may lead to partial information disclosure...

Vivo Health 安全漏洞

Vivo Health is a sports guidance and health management software developed by the Chinese company Vivo. There is a security vulnerability in Vivo Health, which stems from insufficient protection mechanisms, potentially leading to the leakage of certain information...

Kiteworks 跨站脚本漏洞

Kiteworks is a security private network data software developed by Kiteworks Corporation in the United States. Versions of Kiteworks prior to 9.2.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from defects in the configuration interface of Email Protection Gateway,...

PT-2026-22309

Insufficient protection mechanisms in the Health Module may lead to partial information disclosure...

PT-2026-22396

Name of the Vulnerable Software and Affected Versions Kiteworks versions prior to 9.2.0 Description Kiteworks Email Protection Gateway contains a flaw that allows authenticated administrators to inject malicious scripts through a configuration interface. These scripts execute when users interact...

Calibre 访问控制错误漏洞

Calibre is an open-source, free tool developed by Kovid Goyal, a personal developer from India. It serves as a comprehensive e-book reading management and format conversion tool. Versions of Calibre prior to 9.4.0 contained a access control error vulnerability. This vulnerability stemmed from a...

Important: Red Hat Security Advisory: Red Hat OpenShift API for Data Protection

A new version of OpenShift API for Data Protection OADP is now available. OpenShift API for Data Protection OADP enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and...

Pelco, Inc. Sarix Pro 3 Series IP Cameras

RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to gain unauthorized access to sensitive device data, bypass surveillance controls, and expose facilities to privacy breaches, operational risks, and regulatory compliance issues. 2. RECOMMENDED PRACTICES CISA...

CVE-2026-25124

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the OpenEMR application is vulnerable to an access control flaw that allows low-privileged users, such as receptionists, to export the entire message list containing...

GO-2026-4546 FileBrowser Quantum: Password Protection Not Enforced on Shared File Links in github.com/gtsteffaniak/filebrowser/backend

FileBrowser Quantum: Password Protection Not Enforced on Shared File Links in github.com/gtsteffaniak/filebrowser/backend...

CVE-2026-23859

Dell Wyse Management Suite, versions prior to WMS 5.5, contain a Client-Side Enforcement of Server-Side Security vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability to Protection mechanism bypass...

CVE-2026-25953

CVE-2026-25953 (FreeRDP) : A use-after-free condition exists in FreeRDP prior to 3.23.0 where the RDPGFX DVC thread obtains a bare pointer to an xfAppWindow via xf_rail_get_window. The main thread can concurrently delete the window (via a fastpath window-delete order), causing xf_AppUpdateWindowF...

GHSA-3534-XP88-25RC Parse Dashboard is Missing CSRF Protection for its Agent Endpoint

Impact The AI Agent API endpoint POST /apps/:appId/agent lacks CSRF protection. An attacker can craft a malicious page that, when visited by an authenticated dashboard user, submits requests to the agent endpoint using the victim's session. Patches The fix adds CSRF middleware to the agent endpoi...

GHSA-8VRH-3PM2-V4V6 FileBrowser Quantum: Password Protection Not Enforced on Shared File Links

Summary When users share password-protected files, the recipient can completely bypass the password and still download the file. Details This happens because the API returns a direct download link in the details of the share, which is accessible to anyone with JUST THE SHARE LINK, even without th...