PT-2026-34075

Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft component: Employee Snapshot. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise...

Oracle Business Process Management Suite 安全漏洞

Oracle Business Process Management Suite is a business process management platform provided by Oracle, a company in the United States. Versions 12.2.1.4.0 and 14.1.2.0.0.0 of the Oracle Business Process Management Suite contain security vulnerabilities. These vulnerabilities stem from issues with...

EUVD-2026-23798

EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

CVE-2026-5964 Digiwin｜EasyFlow .NET - SQL Injection

EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

CVE-2026-5963 Digiwin｜EasyFlow .NET - SQL Injection

EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

libarchive: Infinite Loop Denial of Service in RAR5 Decompression via archive_read_data() in libarchive

A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archivereaddata processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This...

Red Hat System Security Services Daemon 安全漏洞

The Red Hat System Security Services Daemon is a daemon process component in Linux developed by Red Hat Inc. There is a security vulnerability associated with the Red Hat System Security Services Daemon. This vulnerability stems from the improper handling of raw pipe bytes by the...

CVE-2026-27681

Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can execute crafted SQL statements to read, modify, and delete database data. This leads to a high impact on the confidentiality, integrity, and availability of th...

CVE-2026-38532

A Broken Object-Level Authorization BOLA in the /Contact/Persons/PersonController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently delete any contact owned by other users via supplying a crafted GET request...

CVE-2026-33141

Chamilo LMS contains an IDOR in the REST API stats endpoint (CVE-2026-33141). Prior to version 2.0.0-RC.3, any authenticated user (including ROLE_USER) could read another user’s learning progress, certificates, and gradebook scores for any course without enrollment or supervisory relationship. Th...

SUSE CVE-2026-5302

CORS misconfiguration in CoolerControl/coolercontrold 4.0.0 allows unauthenticated remote attackers to read data and send commands to the service via malicious websites...

libarchive: Infinite Loop Denial of Service in RAR5 Decompression via archive_read_data() in libarchive

A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archivereaddata processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This...

libarchive: Infinite Loop Denial of Service in RAR5 Decompression via archive_read_data() in libarchive

A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archivereaddata processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This...

EUVD-2026-20461

CORS misconfiguration in CoolerControl/coolercontrold 4.0.0 allows unauthenticated remote attackers to read data and send commands to the service via malicious websites...

CVE-2026-5302

CORS misconfiguration in CoolerControl/coolercontrold 4.0.0 allows unauthenticated remote attackers to read data and send commands to the service via malicious websites...

CVE-2026-5302 Permissive Cross-domain Policy with Untrusted Domains in coolercontrold

CORS misconfiguration in CoolerControl/coolercontrold 4.0.0 allows unauthenticated remote attackers to read data and send commands to the service via malicious websites...

PT-2026-31302

Name of the Vulnerable Software and Affected Versions CoolerControl/coolercontrold versions prior to 4.0.0 Description A Cross-Origin Resource Sharing CORS misconfiguration exists in CoolerControl/coolercontrold versions prior to 4.0.0. This allows unauthenticated remote attackers to read data an...

CoolerControl 安全漏洞

CoolerControl is an open-source control software for cooling devices developed by CoolerControl. Versions of CoolerControl prior to 4.0.0 contained security vulnerabilities. These vulnerabilities were caused by incorrect CORS configurations, which could allow unverified remote attackers to read...

libarchive: Infinite Loop Denial of Service in RAR5 Decompression via archive_read_data() in libarchive

A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archivereaddata processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This...

RHEL 9 : libarchive (RHSA-2026:6647)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:6647 advisory. The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM...