PT-2026-48892

OpenTelemetry-cpp is the C++ implementation of OpenTelemetry. Prior to release 1.27.0, the OTLP HTTP exporters traces/metrics/logs read the full HTTP response into an in-memory vector of bytes without a size cap. This is exploitable for memory exhaustion when the configured collector endpoint is...

CVE-2026-39833 affecting package docker-compose for versions less than 2.27.0-13

CVE-2026-39833 affecting package docker-compose for versions less than 2.27.0-13. A patched version of the package is available...

CVE-2026-41850 Spring Framework Algorithmic Denial of Service via SpEL Expressions

Applications that evaluate user-supplied Spring Expression Language SpEL expressions are vulnerable to an Algorithmic Denial of Service DoS. By providing a specially crafted expression, an attacker can trigger excessive resource consumption during evaluation, leading to application degradation or...

MINI-GP4V-27VP-M8R8

Bulletin has no description...

erlang27-27.1.3-2.1 on GA media (moderate)

erlang27-27.1.3-2.1 on GA media Announcement ID: openSUSE-SU-2026:10947-1 Rating: moderate Cross-References: CVE-2025-4748 CVE-2025-48038 CVE-2025-48039 CVE-2026-21620 CVE-2026-23941 CVE-2026-23942 CVE-2026-23943 CVE-2026-28808 CVE-2026-28810 CVE-2026-32144 CVE-2026-32147 CVE-2026-42789...

MINI-6Q27-3PQQ-VVP2

Bulletin has no description...

SUSE SLES15 Security Update : rmt-server (SUSE-SU-2026:1964-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1964-1 advisory. This update for rmt-server fixes the following issues - CVE-2026-26961: rack: mismatch in header handling can allow to smuggle...

MINI-H5CG-27MG-25MH

Bulletin has no description...

Threatswarm

27 scope-enforced AI agents that run the full pentest kill-cha...

SUSE-SU-2026:1242-1 Security update for the Linux Kernel (Live Patch 27 for SUSE Linux Enterprise 15 SP5)

This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.110 fixes various security issues The following security issues were fixed: - CVE-2025-39973: i40e: add validation for ringlen param bsc1252036. - CVE-2025-40018: ipvs: Defer ipvsftp unregister during netns cleanup bsc1252689. -...

WordPress Online Scheduling and Appointment Booking System - Bookly plugin <= 27.0 - Unauthenticated Price Manipulation via 'tips' vulnerability

WordPress Online Scheduling and Appointment Booking System - Bookly plugin = 27.0 - Unauthenticated Price Manipulation via 'tips' vulnerability discovered by Youssef Elouaer in WordPress Plugin Bookly versions = 27.0...

CVE-2026-2519 Online Scheduling and Appointment Booking System – Bookly <= 27.0 - Unauthenticated Price Manipulation via 'tips'

The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to price manipulation via the 'tips' parameter in all versions up to, and including, 27.0. This is due to the plugin trusting a user-supplied input without server-side validation against the configure...

CVE-2026-35165

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 21.0.0 to before 27.0.3 and 28.0.1, while the documentrepository frontend was restricting file access, the backend endpoint was not...

EUVD-2026-20557

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 20.0.0 to before 27.0.3 and 28.0.1, a bug in the static file router can allow an attacker to traverse outside of the intended directory...

CVE-2026-34606 Stored XSS in Frappe LMS

Frappe Learning Management System LMS is a learning system that helps users structure their content. From version 2.27.0 to before version 2.48.0, Frappe LMS was vulnerable to stored XSS. This issue has been patched in version 2.48.0...

EUVD-2026-18462

Frappe Learning Management System LMS is a learning system that helps users structure their content. From version 2.27.0 to before version 2.48.0, Frappe LMS was vulnerable to stored XSS. This issue has been patched in version 2.48.0...

CVE-2025-66215 OpenSC: Stack-buffer-overflow WRITE in card-oberthur

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow WRITE in card-oberthur. The attack requires crafted USB device or smart card that...

CVE-2026-33701

creationtimestamp| type| source ---|---|--- 2026-03-27 02:50:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhz4bjog5422 2026-03-27 03:00:30+00:00| seen| https://infosec.exchange/users/offseq/statuses/116298903055981699 2026-03-27 03:00:32+00:00| seen|...

CVE-2026-28809

XML External Entity XXE vulnerability in esaml and its forks allows an attacker to cause the system to read local files and incorporate their contents into processed SAML documents, and potentially perform SSRF via crafted SAML messages. esaml parses attacker-controlled SAML messages using...

SUSE SLES15 Security Update : kernel (Live Patch 27 for SUSE Linux Enterprise 15 SP5) (SUSE-SU-2026:1002-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1002-1 advisory. This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.110 fixes various security issues The following security issues were fixed: ...