CVE-2026-44168

Summary: CVE-2026-44168 affects MariaDB server during SST (wsrep) when the donor side interpolates joined parameters on the command line. Several affected branches exist: 10.6.1–10.6.25, 10.11.1–10.11.16, 11.4.1–11.4.10, 11.8.1–11.8.6, and 12.3.1. The root cause is incomplete validation of parame...

[SECURITY] [DLA 4629-1] apache2 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4629-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès June 12, 2026 https://wiki.debian.org/LTS -...

CVE-2026-53787

Amasty Order Attributes for Magento 2 before version 4.0.0 contains an unauthenticated arbitrary file upload vulnerability that allows unauthenticated attackers to write arbitrary files to the store's media directory by submitting files of any type or name to the upload endpoint without...

CVE-2026-2049

A flaw was found in GIMP. This heap-based buffer overflow vulnerability, located in the HDR file parsing component, allows a remote attacker to execute arbitrary code. User interaction is required for exploitation, as the target must open a malicious HDR file. The flaw occurs due to a lack of...

CVE-2026-47137 vm2: GHSA-8hg8-63c5-gwmx patch bypass: nesting:true without explicit require still allows full RCE

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the fix for GHSA-8hg8-63c5-gwmx CVE-2023-37903 introduced a check in nodevm.js line 263 that blocks the combination nesting: true + require: false. However, the check uses strict equality options.require === false, which is...

CVE-2026-47137 vm2: GHSA-8hg8-63c5-gwmx patch bypass: nesting:true without explicit require still allows full RCE

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the fix for GHSA-8hg8-63c5-gwmx CVE-2023-37903 introduced a check in nodevm.js line 263 that blocks the combination nesting: true + require: false. However, the check uses strict equality options.require === false, which is...

CVE-2026-47137

Summary (CVE-2026-47137): The vm2 sandbox (NodeVM) had a bypass in versions prior to 3.11.4 where nesting: true with an unspecified require allowed full host RCE. The issue arose because a security check (options.nesting === true && options.require === false) only catches explicit require: false;...

CVE-2026-53787 Amasty Order Attributes for Magento 2 < 4.0.0 Unauthenticated Arbitrary File Upload

Amasty Order Attributes for Magento 2 before version 4.0.0 contains an unauthenticated arbitrary file upload vulnerability that allows unauthenticated attackers to write arbitrary files to the store's media directory by submitting files of any type or name to the upload endpoint without...

EUVD-2026-36430

Amasty Order Attributes for Magento 2 before version 4.0.0 contains an unauthenticated arbitrary file upload vulnerability that allows unauthenticated attackers to write arbitrary files to the store's media directory by submitting files of any type or name to the upload endpoint without...

CVE-2026-53787 Amasty Order Attributes for Magento 2 < 4.0.0 Unauthenticated Arbitrary File Upload

Amasty Order Attributes for Magento 2 before version 4.0.0 contains an unauthenticated arbitrary file upload vulnerability that allows unauthenticated attackers to write arbitrary files to the store's media directory by submitting files of any type or name to the upload endpoint without...

CVE-2026-53787

Amasty Order Attributes for Magento 2 (versions

Active Exploitation of Oracle PeopleSoft Zero-Day (CVE-2026-35273)

Overview On June 10, 2026, Oracle published a security alert for CVE-2026-35273, a critical vulnerability in the Updates Environment Management component of PeopleSoft Enterprise PeopleTools. Oracle released an out-of-band patch the same day as the advisory, underscoring the urgency of remediatio...

OESA-2026-2671 gimp security update

The GIMP is an image composition and editing program, which can be used for creating logos and other graphics for Web pages. The GIMP offers many tools and filters, and provides a large image manipulation toolbox, including channel operations and layers, effects, subpixel imaging and antialiasing...

OESA-2026-2631 python-pip security update

%changelog Sat Jul 13 2024 yangyuan [email protected] - 23.3.1-2 - Fix CVE-2023-45803 and CVE-2024-37891 Security Fixes: A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel...

LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution

Cybersecurity researchers have disclosed details of three now-patched security flaws impacting LangGraph, including a critical vulnerability chain that could result in remote code execution. LangGraph is an open-source framework created by LangChain to build complex, stateful, and multi-agent...

Exploit for CVE-2026-48907

🚨 CVE-2026-48907 - JCE Joomla Content Editor Unauthenticated...

Exploit for CVE-2026-35273

🚨 CVE-2026-35273 - Oracle PeopleSoft PeopleTools Unauthenticat...

Exploit for CVE-2026-49777

CVE-2026-49777 CVE-2026-49777 - ShapedPlugin Product Slider Pr...

Security Bulletin: The IBM Common Licensing product using WebSphere Application Server Liberty is affected by a remote code execution vulnerability (CVE-2025-14914)

Summary IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by a cross-site scripting vulnerability with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0, or servlet-6.0 feature enabled, due to improper validation of user-supplied input. An attacker could...

JoomlaSniper

JoomlaSniper CVE-2026-48907 — Joomla JCE Editor Unauthen...