PT-2026-6253

Name of the Vulnerable Software and Affected Versions Iqonic Design KiviCare versions through 3.6.16 Description The software contains an Improper Neutralization of Special Elements used in an SQL Command issue, specifically a Blind SQL Injection. This allows for potential unauthorized access or...

PT-2026-6233

Name of the Vulnerable Software and Affected Versions approveme WP Forms Signature Contract Add-On versions through 1.8.2 Description The WP Forms Signature Contract Add-On contains a flaw related to incorrectly configured access control security levels, potentially allowing unauthorized access...

Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2026-1226)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Advisory ROSA-SA-2026-3126

software: suricata 7.0.12 AXIS: ROSA-CHROME unaffected versions = suricata-7.0.12-1 affected versions suricata-7.0.12-1 CVE-ID: CVE-2025-59147 BDU-ID: 2025-12460 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Suricata Intrusion Detection and Prevention System is related to incorrect security...

PT-2026-3937

Name of the Vulnerable Software and Affected Versions Atomberg Atomberg Erica Smart Fan Firmware version V1.0.36 Description A flaw exists in Atomberg Atomberg Erica Smart Fan Firmware that could allow an attacker to gain sensitive information and increase their access level. This is achieved by...

MiracleLinux 8 : python-urllib3-1.24.2-5.el8 (AXSA:2021-1947:01)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2021-1947:01 advisory. python-urllib3: CRLF injection via HTTP request method CVE-2020-26137 Tenable has extracted the preceding description block directly from the MiracleLinux...

MiracleLinux 9 : cloud-init-23.1.1-11.el9.ML.1 (AXSA:2023-7004:08)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-7004:08 advisory. cloud-init: sensitive data could be exposed in logs CVE-2023-1786 Tenable has extracted the preceding description block directly from the MiracleLinux securi...

MiracleLinux 9 : krb5-1.21.1-4.el9 (AXSA:2024-9084:07)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-9084:07 advisory. freeradius: forgery attack CVE-2024-3596 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory. Note that...

PT-2026-2306

Name of the Vulnerable Software and Affected Versions Sagemcom F@st 3686 versions prior to 4.121.0 Description A buffer overflow exists in the ippprint Internet Printing Protocol service. A remote attacker can potentially execute arbitrary code by sending a crafted HTTP request. Recommendations...

PT-2026-2285

Name of the Vulnerable Software and Affected Versions Espressif ESP-IDF versions prior to 1.1.0 Description The USB Host HID Human Interface Device Driver in ESP-IDF allows access to HID devices. Prior to version 1.1.0, the hid host device close function can free the same usb transfer t twice. Th...

PT-2026-2267

Name of the Vulnerable Software and Affected Versions Viafirma Documents version 3.7.129 Description Weaknesses in the authorization mechanisms allow an authenticated user without privileges to list and access other user data, use user creation, modification, and deletion features, and escalate...

PT-2026-2240

Name of the Vulnerable Software and Affected Versions DevToys versions 2.0.0.0 through 2.0.8.0 Description DevToys, a desktop application for developers, contains a path traversal flaw in its extension installation process. When handling extension packages NUPKG archives, the application...

PT-2026-1806

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.4.0.0 Dell PowerProtect Data Domain LTS2025 release version 8.3.1.10 Dell PowerProtect Data Domain LTS2024 release versions 7.13.1.0 through 7.13.1.40 Dell PowerProtect Data Domain LTS...

PT-2026-2189

Name of the Vulnerable Software and Affected Versions baqend Speed Kit versions through 2.0.2 Description A missing authorization issue exists in baqend Speed Kit due to incorrectly configured access control security levels. The issue allows exploitation of these levels. Recommendations Update to...

PT-2026-1739

Name of the Vulnerable Software and Affected Versions ThemeMove AeroLand versions through 1.6.6 Description The software contains an Improper Control of Filename for Include/Require Statement issue, specifically a PHP Local File Inclusion. This allows for the inclusion of local files within the...

PT-2026-1818

Name of the Vulnerable Software and Affected Versions Insiders Technologies GmbH e-invoice pro versions prior to release 1 Service Pack 2 Description A flaw exists in Insiders Technologies GmbH e-invoice pro that could allow a remote attacker to cause a denial of service by using a specially...

CVE-2019-7194

This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions...

PT-2026-2146

Name of the Vulnerable Software and Affected Versions iccDEV versions prior to 2.3.1.2 Description iccDEV is a set of libraries and tools for interacting with International Color Consortium ICC color management profiles. A heap-buffer-overflow vulnerability exists in the SIccCalcOp::Describe...

PT-2026-1629

Name of the Vulnerable Software and Affected Versions Post Like Dislike plugin for WordPress versions prior to 1.0 Description The Post Like Dislike plugin for WordPress is susceptible to Reflected Cross-Site Scripting. This is due to insufficient input sanitization and output escaping related to...

PT-2026-1820

Name of the Vulnerable Software and Affected Versions Knowage versions prior to 8.1.37 Description Knowage is an analytics and business intelligence suite. Versions prior to 8.1.37 contain a blind server-side request forgery issue. This allows attackers to send requests to arbitrary hosts and...