EUVD-2026-16166

A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP’s PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation could lead to out-of-bounds memory disclosure and a possib...

CVE-2026-22737

A flaw was found in Spring Framework. When Java scripting engine enabled template views such as those using JRuby or Jython are used in Spring MVC and Spring WebFlux applications, a remote attacker can exploit this to disclose sensitive content from files located outside the intended script...

CVE-2026-4424

A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR...

CVE-2026-4424

A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR...

CVE-2026-26948

Dell iDRAC9/14G versions before 7.00.00.174 and iDRAC15G/16G before 7.10.90.00 expose sensitive system information due to uncleared debug information, enabling potentially high-privilege, remote information disclosure. Affected products are Dell Integrated Dell Remote Access Controller 9, 14G, 15...

CVE-2017-20217

Serviio PRO 1.8 contains an information disclosure vulnerability due to improper access control enforcement in the Configuration REST API that allows unauthenticated attackers to access sensitive information. Remote attackers can send specially crafted requests to the REST API endpoints to retrie...

Advisory ROSA-SA-2026-3212

software: libcupsfilters 2.0.0 OS: ROSA-CHROME unaffected versions = libcupsfilters-2.0.0.0-7 affected versions libcupsfilters-2.0.0-7 CVE-ID: CVE-2024-47076 BDU-ID: 2024-07644 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the cfGetPrinterAttributes5 function of the libcupsfilters library of the...

CVE-2026-2493 IceWarp collaboration Directory Traversal Information Disclosure Vulnerability

IceWarp collaboration Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of IceWarp. Authentication is not required to exploit this vulnerability. The specific flaw exists within handling...

SUSE SLES15 Security Update : libsoup2 (SUSE-SU-2026:0834-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0834-1 advisory. - CVE-2025-32049: denial of service attack to websocket server bsc1240751. - CVE-2026-1467: lack of input sanitization can lead to...

CVE-2024-43766

In multiple functions of btmblesec.cc, there is a possible unencrypted communication due to Invalid error handling. This could lead to remote proximal/adjacent information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-43766

In multiple functions of btmblesec.cc, there is a possible unencrypted communication due to Invalid error handling. This could lead to remote proximal/adjacent information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-43766

CVE-2024-43766 describes an information-disclosure vulnerability in the Android Bluetooth stack caused by invalid error handling in multiple functions of a file named btm_ble_sec.cc . The issue could enable remote information disclosure to a proximal/adjacent attacker with no additional execution...

CVE-2026-2975

A security flaw has been discovered in FastApiAdmin up to 2.2.0. Affected by this vulnerability is the function resetapidocs of the file /backend/app/plugin/initapp.py of the component Custom Documentation Endpoint. The manipulation results in information disclosure. The attack may be performed...

Improper Check for Unusual or Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions in the NudmUECM DELETE process. An attacker can obtain detailed internal error messages and implementation details by submitting invalid pduSessionId inputs remotely. Remediation...

CVE-2026-2975

A security flaw has been discovered in FastApiAdmin up to 2.2.0. Affected by this vulnerability is the function resetapidocs of the file /backend/app/plugin/initapp.py of the component Custom Documentation Endpoint. The manipulation results in information disclosure. The attack may be performed...

CVE-2026-2894

A vulnerability was identified in funadmin up to 7.1.0-rc4. Affected by this vulnerability is the function getMember of the file app/frontend/view/login/forget.html. Such manipulation leads to information disclosure. The attack may be launched remotely. The exploit is publicly available and might...

CVE-2026-2894

A vulnerability was identified in funadmin up to 7.1.0-rc4. Affected by this vulnerability is the function getMember of the file app/frontend/view/login/forget.html. Such manipulation leads to information disclosure. The attack may be launched remotely. The exploit is publicly available and might...

CVE-2025-57713 File Station 5

A weak authentication vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to gain sensitive information. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5166 and later...

CVE-2026-1603

An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data...

CVE-2026-2207

A weakness has been identified in WeKan up to 8.20. This issue affects some unknown processing of the file server/publications/activities.js of the component Activity Publication Handler. Executing a manipulation can lead to information disclosure. It is possible to launch the attack remotely...