EUVD-2026-37854

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to Cross-Site Request Forgery in the administration rights handler. In system/admin/admin.rights.php, the rights update action 'a=update' modifies group access rights including via cotauthaddgroup without calling cotcheckxg to validate th...

CVE-2026-55742 Cotonti CSRF in admin.rights.php allows privilege escalation

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to Cross-Site Request Forgery in the administration rights handler. In system/admin/admin.rights.php, the rights update action 'a=update' modifies group access rights including via cotauthaddgroup without calling cotcheckxg to validate th...

CVE-2026-55742

Cotonti 1.0.0 (master, commit f43f1fc3) is vulnerable to CSRF in system/admin/admin.rights.php while performing the update action (a=update). The code path updates group access rights (including via cot_auth_add_group) without calling cot_check_xg() to validate an anti-CSRF token. A remote attack...

CVE-2026-55741

Cotonti 1.0.0 (master, commit f43f1fc3) is vulnerable to Cross-Site Request Forgery in the admin configuration handler. The vulnerability occurs in system/admin/admin.config.php where the update action (a=update) processes POST data via cot_config_update_options() without calling cot_check_xg() t...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: dotnet8.0: aspnetcore-runtime-8.0-8.0.28-1.hum1 aarch64, x8664 aspnetcore-runtime-dbg-8.0-8.0.28-1.hum1 aarch64, x8664 aspnetcore-targeting-pack-8.0-8.0.28-1.hum1 aarch64, x8664...

ROOT-APP-PYPI-CVE-2024-3772 CVE-2024-3772 in rootio-pydantic - Patched by Root

Root has patched CVE-2024-3772 in the rootio-pydantic package for Root:PyPI. Multiple fixed versions available...

EUVD-2026-37836

The E2Pdf – Export Pdf Tool for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.32.26. This is due to the screenaction function lacking a dedicated capability check and nonce verification — when invoked via the ?action=screen routing path...

CVE-2026-12407 E2Pdf <= 1.32.26 - Missing Authorization to Authenticated (Custom+) Arbitrary Option Update / Privilege Escalation via 'screen_action' Parameter

The E2Pdf – Export Pdf Tool for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.32.26. This is due to the screenaction function lacking a dedicated capability check and nonce verification — when invoked via the ?action=screen routing path...

PT-2026-50791

Name of the Vulnerable Software and Affected Versions Guzzle versions prior to 7.12.1 Description In certain configurations, traffic intended to be protected by TLS on the hop to the proxy is transmitted in cleartext. This occurs when an application uses the built-in cURL handlers...

PT-2026-50783

Name of the Vulnerable Software and Affected Versions pam usb versions prior to 0.9.2 Description This software provides hardware authentication for Linux using removable media. A race condition exists when updating a one-time pad file because a temporary file is created using the open function...

Debian dsa-6350 : firefox-esr - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6350 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6350-1 [email protected] https://www.debian.org/securit...

Critical Photon OS Security Update - PHSA-2026-5.0-0886

Updates of 'samba-client', 'nano', 'libsolv' packages of Photon OS have been released...

Important Photon OS Security Update - PHSA-2026-5.0-0885

Updates of 'rsync', 'util-linux', 'jq' packages of Photon OS have been released...

Important Photon OS Security Update - PHSA-2026-5.0-0884

Updates of 'frr', 'dotnet-runtime', 'freetype2' packages of Photon OS have been released...

Malicious code in disksweep (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a6449a8f35de848928e7f17d88c87db80e5aee40e8b53c375e07fc7d43cc05e On every import disksweep, the package's top-level src/disksweep/init.py lines 18-24 calls ctypes.CDLL on a 2.9 MB Windows binary parser.pyd shipped...

Important: Red Hat Security Advisory: Red Hat build of Quarkus 3.20.6.SP2 security update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more informatio...

CVE-2026-48821

Shaarli versions ≤ 0.16.1 are affected by a DOM-based XSS in the Thumbnail Synchronizer. The ThumbnailsController::ajaxUpdate backend returns unescaped bookmark titles in JSON via an AJAX response, which are injected into the DOM by thumbnails-update.js using innerHTML. This requires an administr...

EUVD-2026-37781

Use of an incorrectly resolved name or reference in the pinget backend in Devolutions UniGetUI 2026.2.0 and earlier allows a WinGet community catalog contributor to cause an installed application to be correlated to an unrelated, attacker-controlled catalog package and to execute an...

CVE-2026-10696

CVE-2026-10696 affects Devolutions UniGetUI 2026.2.0 and earlier. The root cause is an incorrectly resolved name/reference in the pinget backend, which can allow a WinGet community catalog contributor to cause an installed application to be correlated to an unrelated, attacker-controlled catalog ...

Important: Red Hat Security Advisory: xorg-x11-server security, bug fix, and enhancement update

An update for xorg-x11-server is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...