CVE-2026-45677

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's SAML integration does not verify the signature on inbound LogoutRequest messages. An unauthenticated remote attacker who knows a...

CVE-2026-56270

Flowise (FlowiseAI) before 3.1.0, including 3.0.13 and earlier, exposes a missing authentication vulnerability at /api/v1/loginmethod that allows unauthenticated retrieval of an organization’s complete SSO configuration, including OAuth client secrets in cleartext, by passing an organizationId. T...

UBUNTU-CVE-2026-56376

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a heap use-after-fr...

CVE-2026-46072 affecting package kernel for versions less than 6.6.141.1-1

CVE-2026-46072 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-12602

Incorrect default permissions in ArubaSign, affecting versions prior to v4.6.6. The vulnerability is caused by the assignment of inappropriate permissions during the software’s default installation, whereby the main executable and other programme files located in C:\Program Files have excessive...

Astra Linux – Vulnerability in Firefox

One phishing tactic on the internet involves providing a link with HTTP Auth. For example, it might look like “https://[email protected]”. To mitigate this type of attack, Firefox will display a warning dialog box. However, this warning dialog would not be shown if evil.com used a...

Astra Linux – Vulnerability in Firefox

Mozilla developers Christian Holler and Jason Kratzer reported memory safety bugs in Firefox 95. Some of these bugs exhibited signs of memory corruption, and we believe that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects...

Astra Linux – Vulnerability in Python-Django

In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with appropriately crafted file names...

PT-2026-51060

Name of the Vulnerable Software and Affected Versions Faraday versions prior to 2.14.2-2-g59334e0 Description Faraday::NestedParamsEncoder, the default nested query parameter encoder/decoder, decodes nested query strings without enforcing a maximum nesting depth. An attacker can provide a crafted...

EUVD-2025-210251

Unauthenticated Cross Site Scripting XSS in Avante 3.0.5 versions...

CVE-2026-49113

Subscriber Arbitrary Code Execution in Cornerstone 7.8.8 versions...

CVE-2026-39582

Unauthenticated Local File Inclusion in Hitek 1.8.3 versions...

CVE-2026-34894

Unauthenticated Local File Inclusion in Integrio Core 1.2.8 versions...

DEBIAN-CVE-2026-12446

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

CVE-2025-69161

Unauthenticated Local File Inclusion in Snowy = 1.13 versions...

CVE-2025-69140 WordPress SweetDate Core plugin < 1.1.5 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in SweetDate Core 1.1.5 versions...

CVE-2026-49107

CVE-2026-49107 concerns unauthenticated PHP Object Injection in the WordPress Thrive Apprentice plugin for versions below 10.8.10.2. The vulnerability is described as an unauthenticated PHP Object Injection, affecting Thrive Apprentice, with a CVSS v3.1 base score of 9.8 (CRITICAL) and an attack ...

CVE-2026-49084

JetEngine (WordPress plugin) versions earlier than 3.8.9.1 are affected by unauthenticated SQL Injection. The vulnerability is described as a high-severity (CVSS 3.1: 9.3) issue with network access and no required privileges, impacting confidentiality. A fix is available in 3.8.9.1 and later; upg...

CVE-2026-34895

The CVE covers WordPress Softlab Core plugin, versions prior to 1.2.11, affected by an unauthenticated Local File Inclusion. The root cause is an LFI flaw in Softlab Core

CVE-2026-27395 WordPress Support Board plugin < 3.8.9 - Privilege Escalation vulnerability

Unauthenticated Privilege Escalation in Support Board 3.8.9 versions...