libXpm vulnerable to out-of-bounds read

Overview libXpm provided by X.Org Foundation incorrectly handles malformed XPM files, leading to an out-of-bounds read vulnerability. Out-of-bounds read CWE-125 - CVE-2026-4367 Naoki Wakamatsu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

CVE-2026-8256

CVE-2026-8256 affects Devs Palace ERP Online up to version 4.0.0. The vulnerability occurs in unknown code within the file /accounts/mr-save and enables cross-site scripting (XSS) when the application is processed remotely. Public exploit information is present in the description, and the vendor ...

CVE-2026-8255 Devs Palace ERP Online add_new_customer cross site scripting

A weakness has been identified in Devs Palace ERP Online up to 4.0.0. This affects an unknown part of the file /inventory/addnewcustomer. This manipulation causes cross site scripting. The attack can be initiated remotely. The exploit has been made available to the public and could be used for...

Support Statement — Nutanix Mine with Veeam End of Life

Details Nutanix Mine with Veeam reached End-of-Life on 2026-04-30. As of this date, technical support cases may no longer be opened, and no further software or security updates will be provided. For more information, see the Nutanix EOL Announcement Bulletin - Nutanix Mine, released 2025-04-30...

Grav 代码注入漏洞

Grav is a scalable content management system CMS developed by the Grav open-source community, suitable for use in personal blogs, small content publishing platforms, and single-page product displays. Versions of Grav prior to 2.0.0-beta.2 contained a code injection vulnerability. This vulnerabili...

Unity Linux 20.1060e / 20.1070e Security Update: curl (UTSA-2026-017504)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017504 advisory. curl 7.1.1 to and including 7.75.0 is vulnerable to an Exposure of Private Personal Information to an Unauthorized Actor by leaking credentials in the HTTP Referer:...

Debian dla-4578 : rails - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4578 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4578-1 [email protected] https://www.debian.org/lts/security/...

CVE-2022-50966 uBidAuction 2.0.1 news manage Reflected XSS

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the news/manage module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests...

CVE-2022-50965 uBidAuction 2.0.1 posts manage Reflected XSS

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the posts/manage module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests...

CVE-2026-8244

A vulnerability was identified in Industrial Application Software IAS Canias ERP 8.03. This impacts an unknown function of the component Login RMI Interface. The manipulation of the argument clientVersion leads to improper authentication. It is possible to initiate the attack remotely. The exploi...

EUVD-2026-28991

A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. The impacted element is the function doAction of the component Login RMI Interface. Performing a manipulation results in observable response discrepancy. The attack is possible to be carried out remotely. A high...

CVE-2026-8242

A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. The impacted element is the function doAction of the component Login RMI Interface. Performing a manipulation results in observable response discrepancy. The attack is possible to be carried out remotely. A high...

CVE-2026-8243

A vulnerability was determined in Industrial Application Software IAS Canias ERP 8.03. This affects an unknown function of the component JNLP Deployment Endpoint. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack may be performed from remote. The vendor was...

CVE-2026-8241

A vulnerability has been found in Industrial Application Software IAS Canias ERP 8.03. The affected element is the function iasGetServerInfoEvent of the component RMI Interface. Such manipulation leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed ...

CVE-2026-8244 Industrial Application Software IAS Canias ERP Login RMI improper authentication

A vulnerability was identified in Industrial Application Software IAS Canias ERP 8.03. This impacts an unknown function of the component Login RMI Interface. The manipulation of the argument clientVersion leads to improper authentication. It is possible to initiate the attack remotely. The exploi...

CVE-2026-8244 Industrial Application Software IAS Canias ERP Login RMI improper authentication

A vulnerability was identified in Industrial Application Software IAS Canias ERP 8.03. This impacts an unknown function of the component Login RMI Interface. The manipulation of the argument clientVersion leads to improper authentication. It is possible to initiate the attack remotely. The exploi...

CVE-2026-8244

CVE-2026-8244 affects Industrial Application Software IAS Canias ERP 8.03, specifically the Login RMI Interface. The vulnerability arises from manipulation of the clientVersion argument, leading to improper authentication. Attacks can be initiated remotely, and exploits are publicly available. Th...

Malicious code in web3-py-checksum (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4b2052172f5c854b2e91f6bdc9336a97469cd161372621a1880d9cd1e3ad426a The code silently exfiltrates the private key of a crypto account. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...

CVE-2026-8243 Industrial Application Software IAS Canias ERP JNLP Deployment Endpoint hard-coded key

A vulnerability was determined in Industrial Application Software IAS Canias ERP 8.03. This affects an unknown function of the component JNLP Deployment Endpoint. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack may be performed from remote. The vendor was...

CVE-2026-8243

The CVE-2026-8243 entry concerns Industrial Application Software IAS Canias ERP 8.03, affecting the JNLP Deployment Endpoint. The description indicates that manipulating this endpoint can lead to use of a hard-coded cryptographic key, with the attack potentially executable from a remote location....