CVE-2026-46401

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.0 suffer from an improper session termination vulnerability where authentication tokens remain valid after user logout. This allows attackers who obtain valid tokens to maintain persistent access to...

CVE-2025-43289

A logic issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. A malicious app may be able to access sensitive user data...

GHSA-6G4J-38C6-C7FH vulnerabilities

Vulnerabilities for packages: openjdk-17-openj9, openjdk-11-openj9, openjdk-26-openj9, openjdk-21-openj9, openjdk-25-openj9, openjdk-8-openj9...

CVE-2026-46496

HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting XSS vulnerability exists in versions prior to 26.0.0 due to improper sanitization of the component. The component allows javascript: URIs in the source attribute, which are executed when the page is...

CVE-2026-46392

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the saveFile endpoint validates upload extensions case-insensitively and writes the filename to disk verbatim, but the .htaccess rule that forces Content-Disposition: attachment on HTML...

CVE-2026-46398

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 25.0.0 and prior to version 26.0.0, the haxcmsrefreshtoken cookie is set without the Secure flag. This allows it to be transmitted over unencrypted HTTP, making it vulnerable to theft via packet sniffing on t...

CVE-2026-46395 HAX CMS Vulnerable to Private Key Disclosure via Broken HMAC Implementation

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the hmacBase64 function in the HAXcms Node.js backend contains two critical cryptographic implementation errors that together allow any unauthenticated attacker to extract the system’s private signing ke...

PT-2026-47039

Name of the Vulnerable Software and Affected Versions HAX CMS versions 25.0.0 through 25.x Description The haxcms refresh token cookie is configured without the Secure flag. This configuration allows the cookie to be transmitted over unencrypted HTTP connections, which enables an attacker to stea...

BIT-JAVA-MIN-2026-22016

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 a...

PT-2026-38532

These are all security issues fixed in the libtree-sitter0 26-0.26.8-2.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-33039

WWBN AVideo is an open source video platform. In versions 25.0 and below, the plugin/LiveLinks/proxy.php endpoint validates user-supplied URLs against internal/private networks using isSSRFSafeURL, but only checks the initial URL. When the initial URL responds with an HTTP redirect Location heade...

Apple iOS和Apple iPadOS 安全漏洞

Apple iOS and Apple iPadOS are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS prior to version 26 and Apple iPadOS prior to version 26, which stems fr...

EUVD-2025-29291

Malicious code in bioql PyPI...

CVE-2025-43291

A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to modify protected parts of the file system...

CVE-2025-43341

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to gain root privileges...

CVE-2025-31254

This issue was addressed with improved URL validation. This issue is fixed in Safari 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to unexpected URL redirection...

PT-2025-37853

Name of the Vulnerable Software and Affected Versions: macOS versions prior to Sonoma 14.8 macOS versions prior to Tahoe 26 Description: A privacy issue was addressed by relocating sensitive data. An application may be able to access protected user data. Recommendations: Update to macOS Sonoma...

Adobe Photoshop 25.x < 25.12.3 / 26.x < 26.6 Multiple Vulnerabilities (APSB25-40)

The version of Adobe Photoshop installed on the remote Windows host is prior to 25.12.3/26.6. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb25-40 advisory. - Photoshop Desktop versions 26.5, 25.12.2 and earlier are affected by an Access of Uninitialized Pointer...

Keycloak proxy header handling Denial-of-Service (DoS) vulnerability

Keycloak versions 26 and earlier are vulnerable to a denial-of-service DoS attack through improper handling of proxy headers. When Keycloak is configured to accept incoming proxy headers, it may accept non-IP values, such as obfuscated identifiers, without proper validation. This can lead to cost...

Docker AuthZ Plugin Bypass Vulnerability (GHSA-v23v-6jw2-98fq)

Docker is prone to an AuthZ plugin bypass vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:docker:docker";...