PT-2026-45880

Name of the Vulnerable Software and Affected Versions GLPI versions 11.0.0 through 11.0.6 Description An issue exists where a technician can store a Cross-Site Scripting XSS payload within ITIL costs. XSS is a type of security flaw that allows an attacker to inject malicious scripts into web page...

CVE-2026-37711

An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-al...

UBUNTU-CVE-2026-46640

Unknown description...

Astra Linux - уязвимость в tar

In GNU tar before version 1.35, mishandling of extension attributes in a PAX archive can cause the application to crash in xheader.c...

SUSE CVE-2026-43862

In mutt before 2.3.2, the imapauthgss security level is mishandled...

CVE-2026-35240

CVE-2026-35240 describes a vulnerability in Oracle MySQL Server (component: Server: Optimizer) affecting 8.0.0–8.0.45, 8.4.0–8.4.8, and 9.0.0–9.6.0. The flaw allows a highly privileged attacker who can access the server over multiple network protocols to cause a hang or a repeatedly crashing stat...

CVE-2026-34292

...

CVE-2026-21998

...

CVE-2021-47960

A flaw was found in Synology SSL VPN Client. This vulnerability allows remote attackers to access sensitive files within the installation directory. By leveraging user interaction with a specially crafted web page, attackers can exploit a local HTTP server bound to the loopback interface to...

CVE-2026-3994

A vulnerability was detected in rui314 mold up to 2.40.4. This issue affects the function mold::ObjectFilemold::X8664::initializesections of the file src/input-files.cc of the component Object File Handler. Performing a manipulation results in heap-based buffer overflow. Attacking locally is a...

CVE-2026-4515 Foundation Agents MetaGPT operator.py code_generate code injection

A vulnerability has been found in Foundation Agents MetaGPT up to 0.8.1. This affects the function codegenerate of the file metagpt/ext/aflow/scripts/operator.py. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public...

WordPress Client Invoicing by Sprout Invoices plugin <= 20.8.10 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin Client Invoicing by Sprout Invoices versions = 20.8.10...

CVE-2025-14456

IBM MQ Appliance 9.4 CD through 9.4.4.0 to 9.4.4.1...

CVE-2026-21986

CVE-2026-21986 (Oracle VM VirtualBox) affects the Core component in Oracle VM VirtualBox, with affected releases 7.1.14 and 7.2.4. The issue can be exploited by a user who has logon to the infrastructure where VirtualBox runs, yielding an unauthenticated-like access path via a local attack vector...

CVE-2026-21966

...

CVE-2026-21938

...

CVE-2025-15032

Dia for macOS before 1.9.0 is vulnerable to spoofing of the window title due to a missing about:blank indicator in custom-sized new windows. The root cause is the absence of a visual cue (about:blank indicator) that can mislead users about the current site. Affected product: Dia (macOS). Impact: ...

kea: Invalid characters cause assert

A flaw was found in Kea. A remote attacker can send specific option content to the kea-dhcp4 server. When the server is configured with specific parameters, an assertion failure can be triggered and cause the kea-dhcp4 process to exit unexpectedly, resulting in a denial of service...

EUVD-2025-81794

Malicious code in glamorousladybug0xrequest npm...

PT-2025-46438

Name of the Vulnerable Software and Affected Versions IntelR PROSet/Wireless WiFi Software for Windows versions prior to 23.160 Description An out-of-bounds write issue exists in IntelR PROSet/Wireless WiFi Software for Windows. This flaw, located within Ring 2: Device Drivers, could allow for a...