CVE-2026-41250

Taiga is a project management platform for startups and agile developers. Prior 6.9.1, Taiga front is vulnerable to stored XSS. This vulnerability is fixed in 6.9.1...

CVE-2026-35472

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and nomeClasse=EstoqueControle...

SUSE CVE-2026-33536

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 and 6.9.13-43, due to an incorrect return value on certain platforms a pointer is incremented past the end of a buffer that is on the stack and that could result in an out of bounds...

UBUNTU-CVE-2026-33535

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 and 6.9.13-43, an out-of-bounds write of a zero byte exists in the X11 display interaction path that could lead to a crash. Versions 7.1.2-18 and 6.9.13-43 patch the issue...

CVE-2026-32523

Unrestricted Upload of File with Dangerous Type vulnerability in denishua WPJAM Basic wpjam-basic allows Using Malicious Files.This issue affects WPJAM Basic: from n/a through = 6.9.2...

pypdf: Possible infinite loop during recovery attempts in DictionaryObject.read_from_stream

Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading a file in non-strict mode. Patches This has been fixed in pypdf==6.9.2. Workarounds If users cannot upgrade yet, consider applying the changes from PR 3693...

CVE-2026-33180 HAPI FHIR HTTP authentication leak in redirects

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.0, when setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP...

CVE-2026-33180 HAPI FHIR HTTP authentication leak in redirects

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.0, when setting headers in HTTP requests, the internal HTTP client sends headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP...

WordPress 6.9-6.9.3 - Broken Access Control in Notes vulnerability

Broken Access Control in Notes vulnerability discovered by kaminuma in WordPress core versions 6.9-6.9.3...

EUVD-2026-10388

ImageMagick has a heap buffer over-read via 32-bit integer overflow in MAT decoder...

CVE-2026-28687

ImageMagick (MSL decoder) is affected by a heap use-after-free in the MSL decoding path prior to 7.1.2-16 and 6.9.13-41. A freed memory access is triggered by crafting an MSL file, leading to potential memory corruption. The issue is fixed in 7.1.2-16 and 6.9.13-41. Remediation: upgrade to those ...

CVE-2018-25193

Mongoose Web Server 6.9 contains a denial of service vulnerability that allows remote attackers to crash the service by establishing multiple socket connections. Attackers can repeatedly create connections to the default port and send malformed data to exhaust server resources and cause service...

CVE-2018-25193 Mongoose Web Server 6.9 Denial of Service via Socket Connection

Mongoose Web Server 6.9 contains a denial of service vulnerability that allows remote attackers to crash the service by establishing multiple socket connections. Attackers can repeatedly create connections to the default port and send malformed data to exhaust server resources and cause service...

CVE-2025-70849

Arbitrary File Upload in podinfo thru 6.9.0 allows unauthenticated attackers to upload arbitrary files via crafted POST request to the /store endpoint. The application renders uploaded content without a restrictive Content-Security-Policy CSP or adequate Content-Type validation, leading to Stored...

CVE-2025-70849

Summary (Podinfo CVE-2025-70849) Podinfo (

Johnson Controls iSTAR Configuration Utility security vulnerability

Johnson Controls iSTAR Configuration Utility is a software tool developed by Johnson Controls for configuring and managing iSTAR Controllers. Versions of the ICU 6.9.7 and earlier contain security vulnerabilities; these vulnerabilities stem from stack buffer overflows, which may lead to operating...

CVE-2025-67931

Insertion of Sensitive Information Into Sent Data vulnerability in AITpro BulletProof Security bulletproof-security allows Retrieve Embedded Sensitive Data.This issue affects BulletProof Security: from n/a through = 6.9...

CVE-2025-67931 WordPress BulletProof Security plugin <= 6.9 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in AITpro BulletProof Security bulletproof-security allows Retrieve Embedded Sensitive Data.This issue affects BulletProof Security: from n/a through = 6.9...

CVE-2025-67931 WordPress BulletProof Security plugin <= 6.9 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in AITpro BulletProof Security bulletproof-security allows Retrieve Embedded Sensitive Data.This issue affects BulletProof Security: from n/a through = 6.9...

EUVD-2025-28096

Malicious code in bioql PyPI...