CVE-2026-11453

Technical details are not publicly available in the provided documents; no affected versions, vectors, or fixes are specified. Monitor for updates.

[SECURITY] Fedora 44 Update: perl-CryptX-0.089-1.fc44

This Perl library provides a cryptography based on LibTomCrypt library...

CVE-2026-46401

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.0 suffer from an improper session termination vulnerability where authentication tokens remain valid after user logout. This allows attackers who obtain valid tokens to maintain persistent access to...

CVE-2026-11423

A path traversal vulnerability exists in the Altium Enterprise Server Collaboration Service due to improper handling of user-supplied filenames in the MCAD and Simulation file download flows. A regular authenticated user can submit a collaboration message containing a crafted filename, which is...

CVE-2026-46400

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 11.0.6 and prior to version 25.0.0, the file upload functionality in HAXCMS PHP only validates file extensions using a regex pattern without checking the actual file content or MIME type. This allows attacker...

PT-2026-47176

A vulnerability was found in Tiobon Employee Self-Service System up to 7.2. Affected by this vulnerability is an unknown functionality of the file /Blog/BlogSearch.aspx of the component Login Endpoint. The manipulation of the argument Keyword results in sql injection. The attack can be launched...

CVE-2026-11336

A vulnerability has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. Affected is an unknown function of the file dashboardpage/adminpage.php of the component Admin Interface. The manipulation of the argument...

CVE-2026-11337

A vulnerability was found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. Affected by this vulnerability is an unknown functionality of the file /dashboardpage/forms/fetch.php. The manipulation of the argument...

CVE-2026-11338

A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System 1.0. Impacted is an unknown function of the file /admin/?page=user/manageuser. The manipulation of the argument Username leads to cross site scripting. It is possible to initiate the attack remotely...

CVE-2026-11344

A vulnerability was found in code-projects Vehicle Management System 1.0. This impacts an unknown function of the file newdriver.php of the component New Driver Registration Form. Performing a manipulation of the argument photo results in unrestricted upload. The attack may be initiated remotely...

CVE-2026-11333

A security vulnerability has been detected in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. The impacted element is an unknown function of the file dashboardpage/forms/uploadstudentdata.php of the component Student Data...

CVE-2026-11342

A vulnerability has been found in code-projects Hotel and Tourism Reservation System 1.0. This affects an unknown function of the file /details.php. Such manipulation of the argument room leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and...

CVE-2026-46511

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an attack chain utilizing Stored XSS alongside dynamic token exposure in the /system/api/connectionSettings endpoint allows an authenticated attacker to perform a complete cross-tenant account takeover...

CVE-2026-46395

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the hmacBase64 function in the HAXcms Node.js backend contains two critical cryptographic implementation errors that together allow any unauthenticated attacker to extract the system’s private signing ke...

CVE-2026-42790

Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeycert and publickey modules allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification. Two flaws combine to allow a subordinate CA whose DNS nameConstraints are restricted e.g...

Crypto-Funded Chinese Peptide Labs Are Booming

Plus: Hackers use Meta’s AI bots to hack Instagram accounts, Anthropic helps NSA hackers, a decades-long GPS satellite mystery may have been solved, and more...

RLSA-2026:23360 Important: bind9.16 security update

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...

ROOT-OS-DEBIAN-13-CVE-2025-37880 CVE-2025-37880 in rootio-linux - Patched by Root

Root has patched CVE-2025-37880 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

ROOT-OS-DEBIAN-13-CVE-2026-46032 CVE-2026-46032 in rootio-linux - Patched by Root

Root has patched CVE-2026-46032 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

ROOT-OS-DEBIAN-13-CVE-2025-40261 CVE-2025-40261 in rootio-linux - Patched by Root

Root has patched CVE-2025-40261 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...