Unity Linux 20.1060e / 20.1070e Security Update: postgresql (UTSA-2026-017576)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017576 advisory. A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns...

CVE-2026-44349

Daptin is a GraphQL/JSON-API headless CMS. Prior to version 0.11.5, processFuzzySearch in server/resource/resourcefindallpaginated.go:1484 splits the user-supplied column parameter by comma and interpolates each segment directly into goqu.Lfmt.Sprintf"LOWER%s LIKE ?", prefix+col raw SQL with no...

SUSE CVE-2026-33680

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.2, the LinkSharing.ReadAll method allows link share authenticated users to list all link shares for a project, including their secret hashes. While LinkSharing.CanRead correctly blocks link share users from readi...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the improper enforcement of access controls in the ReadAll and GetTaskAttachment processes. An attacker can gain unauthorized access to and delete file attachments across all...

CVE-2026-33680

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.2, the LinkSharing.ReadAll method allows link share authenticated users to list all link shares for a project, including their secret hashes. While LinkSharing.CanRead correctly blocks link share users from readi...

Vikjuna: Link Share Hash Disclosure via ReadAll Endpoint Enables Permission Escalation

Summary The LinkSharing.ReadAll method allows link share authenticated users to list all link shares for a project, including their secret hashes. While LinkSharing.CanRead correctly blocks link share users from reading individual shares via ReadOne, the ReadAllWeb handler bypasses this check by...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the ReadAll process. An attacker can obtain plaintext BasicAuth credentials intended for external webhook authentication by accessing the API with only read permissions to a project. Remediation Upgrade...

Vikjuna: Link Share Hash Disclosure via ReadAll Endpoint Enables Permission Escalation

The LinkSharing.ReadAll method allows link share authenticated users to list all link shares for a project, including their secret hashes. While LinkSharing.CanRead correctly blocks link share users from reading individual shares via ReadOne, the ReadAllWeb handler bypasses this check by never...

CVE-2026-33680 Vikunja Vulnerable to Link Share Hash Disclosure via ReadAll Endpoint Enables Permission Escalation

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.2, the LinkSharing.ReadAll method allows link share authenticated users to list all link shares for a project, including their secret hashes. While LinkSharing.CanRead correctly blocks link share users from readi...

CVE-2026-33680

Vikunja before version 2.2.2 is affected: the LinkSharing.ReadAll() API lets link-share users list all shares for a project, exposing secret hashes. Although LinkSharing.CanRead() blocks reading individual shares via ReadOne, the ReadAllWeb handler bypasses this check by never calling CanRead(), ...

CVE-2026-33680 Vikunja Vulnerable to Link Share Hash Disclosure via ReadAll Endpoint Enables Permission Escalation

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.2, the LinkSharing.ReadAll method allows link share authenticated users to list all link shares for a project, including their secret hashes. While LinkSharing.CanRead correctly blocks link share users from readi...

PT-2026-27453

Name of the Vulnerable Software and Affected Versions Vikunja versions prior to 2.2.2 Description Vikunja is a self-hosted task management platform. A flaw exists in the LinkSharing.ReadAll method where authenticated users with link share access can list all link shares for a project, including...

GO-2026-4593 Traefik has unbounded io.ReadAll on auth server response body that causes OOM DOS in github.com/traefik/traefik

Traefik has unbounded io.ReadAll on auth server response body that causes OOM DOS in github.com/traefik/traefik...

CVE-2026-28685

CVE-2026-28685 : Kimai’s API endpoint GET /api/invoices/{id} lacked customer-level access control. Before v2.51.0, the API checked only the role-based view_invoice permission, allowing any user with the ROLE_TEAMLEAD to read invoices for any customer, breaking data isolation. The Red Hat/NVD/NVD-...

CVE-2026-1514

Technical details are not publicly available in the provided documents (no affected version, patch info, or exploit details). Monitor for updates.

PT-2026-5056

Official Document Management System developed by 2100 Technology has a Incorrect Authorization vulnerability, allowing authenticated remote attackers to modify front-end code to read all official documents...

CVE-2022-0555

Subiquity Shows Guided Storage Passphrase in Plaintext with Read-all Permissions...

CVE-2025-14694 ketr JEPaaS readAllPostil sql injection

A vulnerability was found in ketr JEPaaS up to 7.2.8. This impacts the function readAllPostil of the file /je/postil/postil/readAllPostil. Performing a manipulation of the argument keyWord results in sql injection. The attack can be initiated remotely. The exploit has been made public and could b...

CVE-2025-10039 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.2.9 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'eh_crm_ticket_single_view_client'

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.2.9 via the 'ehcrmticketsingleviewclient' due to missing validation on a user controlled key. This makes it possible for...

EUVD-2022-35187

Malicious code in bioql PyPI...