CVE-2026-44207 Frappe: Insecure Direct Object Reference for email accounts

Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, an IDOR vulnerability allows authenticated users to access other users' email configuration details. This issue has been patched in versions 15.107.0 and 16.17.0...

CVE-2026-44208

CVE-2026-44208 affects the Frappe framework (full-stack web app). A lack of input/permission validations in the submit_discussion() endpoint allows unauthorized access to resources (IDOR) in affected builds. The issue is fixed in versions 15.107.0 and 16.17.0; prior releases were vulnerable. No e...

CGA-P8W9-M28M-QR3H

Bulletin has no description...

MINI-CQG7-G865-G789

Bulletin has no description...

MINI-FGF4-CVWR-G3X6

Bulletin has no description...

PT-2026-48844

Name of the Vulnerable Software and Affected Versions Apache CXF versions prior to 4.2.2 Apache CXF versions prior to 4.1.7 Description The EndpointReferenceUtils and W3CMultiSchemaFactory classes construct a SAXParserFactory without the required JAXP hardening configurations. This allows for...

PT-2026-48890

Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, an IDOR vulnerability allows authenticated users to access other users' email configuration details. This issue has been patched in versions 15.107.0 and 16.17.0...

MINI-HX3F-6G5R-RVQ9

Bulletin has no description...

MINI-FQMX-XP7P-X6Q8

Bulletin has no description...

MINI-QCQP-F2X4-75V6

Bulletin has no description...

MINI-23MF-V8V3-QMH5

Bulletin has no description...

MINI-HPFF-82WF-C64V

Bulletin has no description...

MINI-WR78-V5PP-PQ56

Bulletin has no description...

CGA-PFR2-624J-PJCP

Bulletin has no description...

CGA-X969-39Q4-2J4C

Bulletin has no description...

Malicious Package

Overview solana-web3 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

Malicious Package

Overview @solana-labs/web3.js is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview solana-mev-bot is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MINI-9F48-HX76-X6RF

Bulletin has no description...

CVE-2026-7787 Unauthenticated Session History Access via Public Flow Execution

IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references...