CVE-2026-26377

Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via the News function...

CVE-2026-26377

Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via the News function...

PT-2026-23454

Name of the Vulnerable Software and Affected Versions Koha versions 25.11 and earlier Description A Cross Site Scripting issue exists in Koha. A remote attacker may be able to execute arbitrary code through the News function. The issue allows for the injection of malicious scripts into web pages...

CVE-2026-25740

captive browser, a dedicated Chrome instance to log into captive portals without messing with DNS settings. In 25.05 and earlier, when programs.captive-browser is enabled, any user of the system can run arbitrary commands with the CAPNETRAW capability binding to privileged ports, spoofing localho...

CVE-2026-25137 NixOs Odoo database and filestore publicly accessible with default odoo configuration

The NixOs Odoo package is an open source ERP and CRM system. From 21.11 to before 25.11 and 26.05, every NixOS based Odoo setup publicly exposes the database manager without any authentication. This allows unauthorized actors to delete and download the entire database, including Odoos file store...

PT-2026-5726

Name of the Vulnerable Software and Affected Versions Odoo versions 21.11 through 25.10 Odoo versions 26.05 Description The NixOS Odoo package, an open source ERP and CRM system, exposes the database manager without authentication. This allows unauthorized actors to delete and download the entire...

CVE-2025-46266

A vulnerability in TeamViewer DEX Client former 1E Client - Content Distribution Service NomadBranch.exe prior version 25.11 for Windows allows malicious actors to coerce the service into transmitting data to an arbitrary internal IP address, potentially leaking sensitive information...

CVE-2025-12687

A vulnerability in TeamViewer DEX Client former 1E Client - Content Distribution Service NomadBranch.exe prior version 25.11 for Windows allows malicious actors to cause a denial of service application crash via a crafted command, resulting in service termination...

CVE-2025-44016 File Hash Validation Bypass in NomadBranch.exe

A vulnerability in TeamViewer DEX Client former 1E client - Content Distribution Service NomadBranch.exe prior version 25.11 for Windows allows malicious actors to bypass file integrity validation via a crafted request. By providing a valid hash for a malicious file, an attacker can cause the...

PT-2025-50589

Name of the Vulnerable Software and Affected Versions TeamViewer DEX Client versions prior to 25.11 Description A flaw exists in the Content Distribution Service NomadBranch.exe of TeamViewer DEX Client, potentially leading to a denial of service. Specifically, a crafted command can cause the...

CVE-2025-64766 NixOS has hardcoded credentials in Onlyoffice module

NixOS's Onlyoffice is a software suite that offers online and offline tools for document editing, collaboration, and management. In versions from 22.11 to before 25.05 and versions before Unstable 25.11, a hard-coded secret was used in the NixOS module for the OnlyOffice document server to protec...

EUVD-2025-38234

Manager-io/Manager is accounting software. In Manager Desktop and Server versions 25.11.1.3085 and below, a critical vulnerability permits unauthorized access to internal network resources. The flaw lies in the fundamental design of the DNS validation mechanism. A Time-of-Check Time-of-Use TOCTOU...

GHSA-GRJP-54V3-C442 OpenUSD File Parsing Use-After-Free Remote Code Execution Vulnerability

Patch This is fixed with commit b953092, with the fix available in OpenUSD 25.11 and onwards. Summary We have been advised by Zero Day Initiative that our usage of the USD framework may constitute a Use-After-Free Remote Code Execution Vulnerability. They have sent us the attached file illustrati...

PT-2024-8728 · Adobe · Photoshop

Name of the Vulnerable Software and Affected Versions: Adobe Photoshop Desktop versions 24.7.3, 25.11 and earlier Description: The issue is related to an Integer Underflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue...

CVE-2024-43756

Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

PT-2024-6346 · Adobe · Photoshop

Name of the Vulnerable Software and Affected Versions: Adobe Photoshop versions 24.7.4, 25.11 and earlier Description: The issue is related to an out-of-bounds write vulnerability in the memory, which can be exploited by opening a specially crafted malicious file. This could allow an attacker to...

Adobe Photoshop 24.x < 24.7.4 / 25.x < 25.11 Vulnerability (APSB24-49)

The version of Adobe Photoshop installed on the remote Windows host is prior to 24.7.4/25.11. It is, therefore, affected by a vulnerability as referenced in the apsb24-49 advisory. - Photoshop Desktop versions 24.7.3, 25.9.1 and earlier are affected by a Use After Free vulnerability that could...