Update 26.12 for Microsoft Dynamics 365 Business Central 2025 Release Wave 1 (Application Build 26.12.48244, Platform Build 26.0.48120)

Update 26.12 for Microsoft Dynamics 365 Business Central 2025 Release Wave 1 Application Build 26.12.48244, Platform Build 26.0.48120 Overview This update replaces previously released updates. You should always install the latest update.After you install this hotfix, you might have to update your...

GHSA-RM98-82FR-MCFX phpMyFAQ's Missing CONFIGURATION_EDIT Permission Check on 12 Admin API Configuration Tab Endpoints Allows Information Disclosure by Any Authenticated User

Summary 12 endpoints in ConfigurationTabController.php use userIsAuthenticated login-only check instead of userHasPermissionPermissionType::CONFIGURATIONEDIT. This allows any authenticated user — including ones with zero admin permissions — to enumerate system configuration metadata including the...

GHSA-38M8-XRFJ-V38X phpMyFAQ: Path Traversal - Arbitrary File Deletion in MediaBrowserController

Summary The MediaBrowserController::index method handles file deletion for the media browser. When the fileRemove action is triggered, the user-supplied name parameter is concatenated with the base upload directory path without any path traversal validation. The FILTERSANITIZESPECIALCHARS filter...

phpMyFAQ: Path Traversal - Arbitrary File Deletion in MediaBrowserController

Summary The MediaBrowserController::index method handles file deletion for the media browser. When the fileRemove action is triggered, the user-supplied name parameter is concatenated with the base upload directory path without any path traversal validation. The FILTERSANITIZESPECIALCHARS filter...

CVE-2026-2366 Keycloak: keycloak: information disclosure via authorization bypass in admin api

A flaw was found in Keycloak. An authorization bypass vulnerability in the Keycloak Admin API allows any authenticated user, even those without administrative privileges, to enumerate the organization memberships of other users. This information disclosure occurs if the attacker knows the victim'...

CVE-2020-36968

M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to retrieve user password hashes through an administrative API endpoint. Attackers can send requests to the /api/1/admin/users/list and /api/1/admin/users/get endpoints to extract MD5 password hashes for al...

CVE-2025-14083

CVE-2025-14083 concerns the Keycloak Admin REST API, where an improper access-control flaw allows exposure of backend schema and rules. Affected component: Keycloak Admin REST API; consequence: potential information disclosure and targeted privilege-escalation paths via exposed internal configura...

CVE-2011-0287

Unspecified vulnerability in the BlackBerry Administration API in Research In Motion RIM BlackBerry Enterprise Server BES software 5.0.1 through 5.0.3, and BlackBerry Enterprise Server Express software 5.0.1 through 5.0.3, allows remote attackers to read text files or cause a denial of service vi...

CVE-2025-12519

Missing Authorization vulnerability in Centreon Infra Monitoring Administration parameters API endpoint modules allows Accessing Functionality Not Properly Constrained by ACLs, resulting in Information Disclosure like downtime or acknowledgement configurations. This issue affects Infra Monitoring...

EUVD-2011-0313

Malware in sbrugna...

SUSE CVE-2025-27507

The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. ZITADEL's Admin API contains Insecure Direct Object Reference IDOR vulnerabilities that allow authenticated users, without specific IAM roles, to modify sensitive settings. While...

CVE-2024-1259

A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/controllers/admin/app/AppController.php of the component API. The manipulation of the argument apppicurl leads to unrestricted upload. The...

Security Bulletin: IBM App Connect Enterprise is vulnerable to an information disclosure and a denial of service. (CVE-2024-22317)

Summary The remote administration API in IBM App Connect Enterprise is vulnerable to an information disclosure and denial of service vulnerability due to improper Brute Force protection. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details...

CVE-2011-0287

Unspecified vulnerability in the BlackBerry Administration API in Research In Motion RIM BlackBerry Enterprise Server BES software 5.0.1 through 5.0.3, and BlackBerry Enterprise Server Express software 5.0.1 through 5.0.3, allows remote attackers to read text files or cause a denial of service vi...

CVE-2011-0287

Unspecified vulnerability in the BlackBerry Administration API in Research In Motion RIM BlackBerry Enterprise Server BES software 5.0.1 through 5.0.3, and BlackBerry Enterprise Server Express software 5.0.1 through 5.0.3, allows remote attackers to read text files or cause a denial of service vi...