CVE-2026-9251

Missing authorization in the entry status management feature in Devolutions Server allows a non-administrator authenticated user to bypass the administrator-enforced Pending Approval flow and gain access to an entry's data via a crafted status change request. This issue affects : Devolutions Serv...

Vulnerabilities are being addressed in the Progress MOVEit Automation system.

Progress has addressed vulnerabilities in MOVEit Automation. The vulnerability with identifier CVE-2026-4670 involves a bypass of authentication in MOVEit Automation. A malicious individual without rights can exploit this vulnerability without any user interaction being required. The second...

CVE-2026-31050

Cross Site Scripting vulnerability in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to execute arbitrary code...

CVE-2026-31051

An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to cause a denial of service via the Client Balance component...

CVE-2026-31052

An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to cause a denial of service via the Checkout Authentication Flow component...

EUVD-2026-25422

Cross Site Scripting vulnerability in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to execute arbitrary code...

EUVD-2026-25424

An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to cause a denial of service via the Checkout Authentication Flow component...

Hostbill 资源管理错误漏洞

Hostbill is an automated management system for server hosting and cloud services provided by the Polish company Hostbill. Versions 2025-11-24 and 2025-12-01 of Hostbill contain resource management vulnerabilities. These vulnerabilities stem from issues with the Checkout Authentication Flow...

CVE-2026-6060

A vulnerability in the SQL Box in the admin interface of OTRS leads to an uncontrolled resource consumption leading to a DoS against the webserver. will be killed by the systemThis issue affects OTRS: 7.0.X 8.0.X 2023.X 2024.X 2025.X 2026.X before 2026.3.X...

Dassault Systèmes DELMIA Factory Resource Manager 安全漏洞

Dassault Systèmes DELMIA Factory Resource Manager is a manufacturing execution software developed by Dassault Systèmes, a French company, used for modeling factory resources and planning production processes. Versions of Dassault Systèmes DELMIA Factory Resource Manager from R2023x to R2025x...

CVE-2026-4562

A security flaw has been discovered in MacCMS 2025.1000.4052. This affects an unknown part of the file application/api/controller/Timming.php of the component Timming API Endpoint. The manipulation results in missing authentication. The attack may be performed from remote. The exploit has been...

EUVD-2026-15402

From Panorama Web HMI, an attacker can gain read access to certain Web HMI server files, if he knows their paths and if these files are accessible to the Servin process execution account. Installations based on Panorama Suite 2022-SP1 22.50.005 are vulnerable unless update PS-2210-02-4079 or high...

Microsoft SQL Server 访问控制错误漏洞

Microsoft SQL Server is a large-scale commercial database system developed by Microsoft Corporation, used under the Microsoft Windows operating system. There is an access control vulnerability in Microsoft SQL Server. Attackers can exploit this vulnerability to gain higher privileges. The followi...

QuickJS 安全漏洞

QuickJS is a small and embeddable JavaScript engine developed by the QuickJS open-source project. The QuickJS 2025-09-13 version contains a security vulnerability. This vulnerability arises from improper memory release when processing specially crafted JavaScript inputs under low memory...

Key INFOREX 跨站脚本漏洞

Key INFOREX is a financial and banking management system developed by the Turkish company Key. The Key INFOREX version 2025 and earlier versions had a cross-site scripting vulnerability. This vulnerability stemmed from improper input during web page generation, which could allow cross-site...

CVE-2026-1283

A Heap-based Buffer Overflow vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file...

APSB26-12 : Security update available for Adobe ColdFusion

Adobe has released security updates for ColdFusion versions 2025 and 2023. These dependency update resolves a critical vulnerability that could lead to arbitrary code execution...

PT-2026-1140

Name of the Vulnerable Software and Affected Versions Nuvation Energy nCloud VPN Service versions prior to 2025-12-01 Description A flaw exists in the Nuvation Energy nCloud VPN Service that permitted Network Boundary Bridging. This allowed for lateral client-to-client pivoting with minimal...

EUVD-2025-204837

CMSimple 5.2 contains a stored cross-site scripting vulnerability in the Filebrowser External input field that allows attackers to inject malicious JavaScript. Attackers can place unfiltered JavaScript code that executes when users click on Page or Files tabs, enabling persistent script injection...

CVE-2025-64463 Out-of-Bounds Read in LVResource::DetachResource() in NI LabVIEW

There is an out of bounds read vulnerability in NI LabVIEW in LVResource::DetachResource when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI...