CVE-2026-44547

CVE-2026-44547 affects ChurchCRM 7.2.0–7.2.2, where an incomplete fix for CVE-2026-4058 left the public login path exploitable. The hardening commit was merged but silently stripped from src/api/routes/public/public-user.php before any 7.2.x tag was cut, so all 7.2.x releases remain vulnerable. T...

BIT-JAVA-2020-2659

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols...

CVE-2026-23479

Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an error return from processCommandAndResetClient when re-executing a blocked command. If a blocked client is evicted during this flow, an authenticated attacker can trigger...

CVE-2026-2311

CVE-2026-2311 affects IBM i releases 7.6, 7.5, 7.4, 7.3, and 7.2. The root cause is an invalid authorization check in the IBM i Web Administration GUI, enabling privilege escalation where a malicious actor could cause user‑controlled code to execute with administrator privileges. Impact is high (...

CVE-2026-2311 IBM i is affected by a privilege escalation vulnerability in Web Administration GUI []

IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI authorization check. A malicious actor could cause user-controlled code to run with administrator privilege...

PT-2026-36207

Name of the Vulnerable Software and Affected Versions IBM i versions 7.2 through 7.6 Description An invalid authorization check in the IBM i Web Administration GUI allows for privilege escalation. This flaw enables a malicious actor to execute user-controlled code with administrator privileges...

CVE-2026-21988

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...

CVE-2026-21988

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...

CVE-2026-21963

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...

AIX is vulnerable to potential code execution (CVE-2025-61984 CVE-2025-61985) due to OpenSSH

IBM SECURITY ADVISORY First Issued: Tue Jan 6 13:47:51 CST 2026 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/opensshadvisory20.asc Security Bulletin: AIX is vulnerable to potential code execution CVE-2025-61984, CVE-2025-61985 due to...

PT-2026-3710

Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox versions 7.1.14 and 7.2.4 Description An easily exploitable issue exists in the Oracle VM VirtualBox Core component, potentially allowing a high-privileged attacker with access to the system where Oracle VM VirtualBox runs...

EUVD-2025-202280

Multiple Improper Limitations of a Pathname to a Restricted Directory 'Path Traversal' vulnerabilities CWE-22 vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 may allow a privileged authenticated attacker to write arbitrary files via specifically HTTP or...

PT-2025-50123

Name of the Vulnerable Software and Affected Versions Fortinet FortiVoice versions 7.0.0 through 7.0.7 Fortinet FortiVoice versions 7.2.0 through 7.2.2 Description The software contains multiple improper limitations of a pathname to a restricted directory, also known as 'Path Traversal' issues. A...

WordPress Stylish Price List plugin <= 7.2.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Stylish Price List versions = 7.2.2...

Linux Distros Unpatched Vulnerability : CVE-2025-62587

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.12 and 7.2.2. Easily...

CVE-2025-36371

IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 are impacted by obtaining an information vulnerability in the database plan cache implementation. A user with access to the database plan cache could see information they do not have authority to view...

CVE-2025-36371

Summary: CVE-2025-36371 affects IBM i versions 7.2–7.6. The vulnerability is an information disclosure in the database plan cache implementation that could allow a user with database plan cache access to see information they are not authorized to view. Affected products/versions: IBM i 7.2, 7.3, ...

IBM i 安全漏洞

IBM i is a suite of operating systems from International Business Machines IBM running in IBM Power Systems and IBM PureSystems. A security vulnerability exists in IBM i versions 7.2, 7.3, 7.4, 7.5, and 7.6, which stems from a problem with the implementation of the database plan cache and could...

Fortinet FortiVoice SQL注入漏洞

Fortinet FortiVoice is a Unified Communications and Collaboration-as-a-Service from Fortinet, Inc. A SQL injection vulnerability exists in Fortinet FortiVoice versions 7.2.0 through 7.2.2 and 7.0.0 through 7.0.7, which stems from improperly neutralized SQL commands and could lead to the execution...

PT-2025-44724

Name of the Vulnerable Software and Affected Versions IBM i versions 7.2 through 7.6 Description IBM i is susceptible to a privilege escalation issue stemming from an incorrect IBM i SQL services authorization check. An attacker can exploit this to leverage the privileges of another user profile...