SUSE CVE-2026-32632

Glances is an open-source system cross-platform monitoring tool. Glances recently added DNS rebinding protection for the MCP endpoint, but prior to version 4.5.2, the main REST/WebUI FastAPI application still accepts arbitrary Host headers and does not apply TrustedHostMiddleware or an equivalent...

SyncFusion 安全漏洞

SyncFusion is a set of enterprise-level UI component development tools provided by the American company SyncFusion. Version 30.1.37 of SyncFusion contains a security vulnerability. This vulnerability stems from the Document-Editor’s reply comment field and Chat-UI chat messages, and could lead to...

CVE-2025-63260

SyncFusion 30.1.37 is vulnerable to Cross Site Scripting XSS via the Document-Editor reply to comment field and Chat-UI Chat message...

CVE-2026-29099 SuiteCRM has Authenticated Blind SQL Injection in OutboundEmail Legacy Functionality.

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the retrieve function in include/OutboundEmail/OutboundEmail.php fails to properly neutralize the user controlled $id parameter. It is assumed that the...

EUVD-2026-13316

OpenClaw versions prior to 2026.2.21 contain an authentication bypass vulnerability in the Control UI when allowInsecureAuth is explicitly enabled and the gateway is exposed over plaintext HTTP, allowing attackers to bypass device identity and pairing verification. An attacker with leaked or...

EUVD-2026-13288

OpenClaw versions prior to 2026.2.22 contain a path traversal vulnerability in the static file handler that follows symbolic links, allowing out-of-root file reads. Attackers can place symlinks under the Control UI root directory to bypass directory confinement checks and read arbitrary files...

EUVD-2025-208852

IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality...

CVE-2025-15051

IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 is vulnerable to cross-site scripting in the Web UI, allowing embedded JavaScript to alter functionality. The connected IBM security bulletin specifies CVE-2025-15051, with CWE-79, CVSS 3.1 base score 5.4 (UI: REQUIRED, AV:N, AC:L, PR:L; C/L/I...

CVE-2026-1276

IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

CVE-2026-1276 IBM QRadar SIEM Cross-Site Scripting

IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

CVE-2026-1276

IBM QRadar SIEM is vulnerable to cross-site scripting (CVE-2026-1276). The issue affects QRadar SIEM versions 7.5.0 up to 7.5.0 UP14, where an authenticated user can embed arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. The linked connec...

PT-2026-26244

IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

KLA90959 Multiple vulnerabilities in Microsoft Apps

Multiple vulnerabilities were found in Microsoft Apps. Malicious users can exploit these vulnerabilities to spoof user interface, obtain sensitive information, bypass security restrictions. Below is a complete list of vulnerabilities: 1. A tampering vulnerability in Microsoft Bing can be exploite...

Apache Airflow Information Disclosure Vulnerability (CNVD-2026-15158)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is scalable and dynamic monitoring and other features. Apache Airflow has an information disclosure vulnerability that stems...

CVE-2025-67112

The CVE-2025-67112 entry concerns the Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware prior to DG3934v3@2308041842, where a hard-coded AES-256-CBC key in the configuration backup/restore flow allows remote authenticated users to decrypt, modify, and re-encrypt device configurations. Th...

CVE-2026-32632

Glances is an open-source system cross-platform monitoring tool. Glances recently added DNS rebinding protection for the MCP endpoint, but prior to version 4.5.2, the main REST/WebUI FastAPI application still accepts arbitrary Host headers and does not apply TrustedHostMiddleware or an equivalent...

MAL-2026-1590 Malicious code in @cbreone/core-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b7e204888ba2b9573e474d804f28f51173684bb25f640615a9eaae217c5e1a45 The package @cbreone/core-ui was found to contain malicious code...

EUVD-2026-12785

A remote attacker with user privileges for the webUI can use the setting of the TFTP Filename with a POST Request to trigger a stack-based Buffer Overflow, resulting in a DoS attack...

CVE-2026-22316

A remote attacker with user privileges for the webUI can use the setting of the TFTP Filename with a POST Request to trigger a stack-based Buffer Overflow, resulting in a DoS attack...

CVE-2026-22316

The CVE-2026-22316 entry describes a remote-authenticated (webUI user) vulnerability where sending a POST request that sets the TFTP Filename triggers a stack-based buffer overflow, resulting in a DoS condition. According to sources, this is a network-accessible issue with low privileges required...