CVE-2026-29189

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the SuiteCRM REST API V8 has missing ACL Access Control List checks on several endpoints, allowing authenticated users to access and manipulate data they...

CVE-2026-29189 SuiteCRM has a REST API V8 IDOR: Missing ACL Checks on User Preferences and Relationship Endpoints

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the SuiteCRM REST API V8 has missing ACL Access Control List checks on several endpoints, allowing authenticated users to access and manipulate data they...

EUVD-2026-13227

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, an authorization bypass in the optional FaxSMS module oe-module-faxsms allows any authenticated OpenEMR user to invoke controller methods — including getNotificationLog, whic...

Security update for libvirt

This update for libvirt fixes the following issues: CVE-2025-13193: Fixed umask for 'qemu-img' when creating external inactive snapshots bsc1253703 CVE-2025-12748: Fixed check ACLs before parsing the whole domain XML bsc1253278 Patch Instructions: To install this SUSE update use the SUSE...

SUSE-SU-2026:0079-1 Security update for libvirt

This update for libvirt fixes the following issues: Security fixes: - CVE-2025-13193: Fixed umask for 'qemu-img' when creating external inactive snapshots bsc1253703 - CVE-2025-12748: Fixed check ACLs before parsing the whole domain XML bsc1253278 Other fixes: - libvirt-supportconfig: Add support...

Security update for libvirt

This update for libvirt fixes the following issues: CVE-2025-13193: Fixed umask for 'qemu-img' when creating external inactive snapshots bsc1253703 CVE-2025-12748: Fixed Check ACLs before parsing the whole domain XML bsc1253278 Patch Instructions: To install this SUSE update use the SUSE...

PT-2026-29244

Name of the Vulnerable Software and Affected Versions versions prior to the fix for CVE-2026-24029 Description When the early acl drop or earlyACLDrop in Lua option is disabled, and a DNS over HTTPs frontend is utilizing the nghttp2 provider, the Access Control List ACL check is bypassed. This...

OESA-2025-2814 libvirt security update

Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes. The main package includes the libvirtd server exporting the virtualization support. Security Fixes: A flaw was discovered in libvirt in the XML file processing. More specifically, t...

SUSE CVE-2025-12748

A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvirt to allocate too...

CVE-2025-12748

CVE-2025-12748 is a libvirt vulnerability arising from XML file processing where parsing occurs before ACL checks, allowing a malicious XML payload with limited permissions to trigger excessive host memory allocation and a denial-of-service in the libvirt process. Connected advisories confirm aff...

EUVD-2021-12861

Malware in sbrugna...

EUVD-2021-12851

Malware in sbrugna...

EUVD-2021-10241

Malware in sbrugna...

EUVD-2020-2693

Malware in sbrugna...

EUVD-2023-32055

Malicious code in bioql PyPI...

BIT-JOOMLA-2021-23123 [20210101] - Core - com_modules exposes module names

An issue was discovered in Joomla! 3.0.0 through 3.9.23. The lack of ACL checks in the orderPosition endpoint of commodules leak names of unpublished and/or inaccessible modules...

BIT-JOOMLA-2020-10238

An issue was discovered in Joomla! before 3.9.16. Various actions in comtemplates lack the required ACL checks, leading to various potential attack vectors...

RHEL 7 : cyrus-imapd (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - cyrus-imapd: Out of bounds heap read in indexurlfetch CVE-2015-8076 - cyrus-imapd: lmtpd component create...

Sensitive Information Disclosure

Apache ZooKeeper is vulnerable to Sensitive Information Disclosure. The vulnerability is due to missing ACL checks in the persistent watcher feature. An attackers can monitor child znodes by attaching a persistent watcher to a parent node they already have access to. When the persistent watcher i...

CVE-2023-28357

A vulnerability has been identified in Rocket.Chat, where the ACL checks in the Slash Command /mute occur after checking whether a user is a member of a given channel, leaking private channel members to unauthorized users. This allows authenticated users to enumerate whether a username is a membe...