CVE-2025-33128

IBM Engineering Workflow Management 7.0.3 through 7.0.3 Interim Fix 020, and 7.1 through 7.1 Interim Fix 007 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially...

Astra Linux – Vulnerability in Qemu

In QEMU, the softmmu/physmem.c file, versions up to 7.0.0, can perform an uninitialized read on the translatefail path, resulting in an ioreadx or iowritex crash. NOTE: A third-party report states that the “Non-virtualization Use Case” described in the qemu.org reference applies here. In other...

Astra Linux – Vulnerability in ffmpeg

FFmpeg n7.0 is affected by a double-free issue through the rkmppretrieveframe function in libavcodec/rkmppdec.c...

CVE-2026-53406

Insufficient Verification of Data Authenticity in Remote Control for Zoom Contact Center for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access...

CVE-2026-53406

Insufficient Verification of Data Authenticity in Remote Control for Zoom Contact Center for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access...

CVE-2026-53406

Insufficient Verification of Data Authenticity in Remote Control for Zoom Contact Center for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access...

CVE-2026-49938

Fortinet FortiPortal is affected by an improper access control vulnerability (CVE-2026-49938) impacting FortiPortal versions 7.4.0–7.4.7, 7.2.0–7.2.8, and all 7.0 versions. The issue is described as improper access control with an attack vector placeholder, indicating a possible exposure where an...

CVE-2026-39809

A improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5, FortiClientEMS 7.2.0 through 7.2.12, FortiClientEMS 7.0 all versions may allow attacker to execute unauthorized code or commands via sending crafted...

CVE-2026-8431

An administrative user with access to configure webhooks can execute arbitrary commands by configuring and then triggering webhooks containing specific FreeMarker template syntax. This issue affects all MongoDB Ops Manager 7.0 versions and MongoDB Ops Manager versions 8.0.22 and prior...

CVE-2026-48209 Reflected XSS in authenticated agent context

An improper neutralization of user-controllable input in OTRS or OTRS Community Edition ticket handling allows authenticated attackers to perform reflected cross-site scripting XSS attacks via crafted request parameters associated with ticket actions. By injecting malicious JavaScript into...

CVE-2026-48209 Reflected XSS in authenticated agent context

An improper neutralization of user-controllable input in OTRS or OTRS Community Edition ticket handling allows authenticated attackers to perform reflected cross-site scripting XSS attacks via crafted request parameters associated with ticket actions. By injecting malicious JavaScript into...

PT-2026-45265

An improper neutralization of user-controllable input in OTRS or OTRS Community Edition ticket handling allows authenticated attackers to perform reflected cross-site scripting XSS attacks via crafted request parameters associated with ticket actions. By injecting malicious JavaScript into...

Canonical Ubuntu Linux 安全漏洞

Canonical Ubuntu Linux is a Linux operating system developed by the British company Canonical. The Canonical Ubuntu Linux versions 6.8, 6.17, and 7.0 have security vulnerabilities. These vulnerabilities stem from potential null pointer dereferencing when handling AFINET/AFINET6 socket mediation,...

CVE-2026-47327

Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointer dereference in the handling of AppArmor notifications. The bug can be triggered by an unprivileged local user. This can lead to a kernel oops...

UBUNTU-CVE-2026-47330

Ubuntu Linux 6.8, 7.17 and 7.0 contain AppArmor SAUCE patches which can, under certain circumstances, use an uninitialized variable in notification handling code. The bug can be triggered by an unprivileged local user and can result in the incorrect caching of AppArmor notification responses...

oinone-pamirs 命令注入漏洞

Oinone-Pamirs is an open-source AI-driven low-code development framework developed by Oinone. Version 7.0.0 of Oinone-Pamirs contains a command injection vulnerability. This vulnerability stems from the CommandHelper.executeCommands method, which initiates shell processes and directly writes the...

EUVD-2026-30112

Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access...

CVE-2026-30906

Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access...

CVE-2026-30906

Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access...

CVE-2026-8199 Post-auth memory exhaustion via bitwise match expressions

An authenticated user can cause excess memory usage via bitwise match expression AST processing of $bitsAllSet, $bitsAnySet, $bitsAllClear, and $bitsAnyClear. This contributes to memory pressure and may lead to availability loss by OOM. This issue impacts MongoDB Server v7.0 versions prior to...