EUVD-2026-24506

nesquena hermes-webui contains a trust-boundary failure vulnerability that allows authenticated attackers to set or change a session workspace to an arbitrary existing directory on disk by manipulating workspace path parameters in endpoints such as /api/session/new, /api/session/update,...

CVE-2026-41126

BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have an Open Redirect through bigbluebutton/api/join via get-parameter "logoutURL." Version 3.0.24 has adjusted the handling of requests with incorrect checksum so that the default logoutURL is used. No known workarounds...

PowerDNS Authoritative Server 输入验证错误漏洞

The PowerDNS Authoritative Server is a DNS server developed by the Dutch company PowerDNS. There is a vulnerability in input validation of the PowerDNS Authoritative Server. This vulnerability arises from operations conducted by administrators who are allowed to use the REST API. Such actions may...

PT-2026-34285

Name of the Vulnerable Software and Affected Versions CalJ versions prior to 1.6 Description The CalJ plugin for WordPress contains a missing authorization flaw. The CalJSettingsPage class constructor processes the 'save-obtained-key' operation from POST data without verifying if the user possess...

TL-RL-FusionNet: An Adaptive and Efficient Reinforcement Learning-Driven Transfer Learning Framework for Detecting Evolving Ransomware Threats

Modern ransomware exhibits polymorphic and evasive behaviors by frequently modifying execution patterns to evade detection. This dynamic nature disrupts feature spaces and limits the effectiveness of static or predefined models. To address this challenge, we propose TL-RL-FusionNet, a reinforceme...

VulnCheck KEV: CVE-2024-32114

In Apache ActiveMQ 6.x, the default configuration doesn't secure the API web context where the Jolokia JMX REST API and the Message REST API are located. It means that anyone can use these layers without any required authentication. Potentially, anyone can interact with the broker using Jolokia J...

PT-2026-34611

Name of the Vulnerable Software and Affected Versions monetr versions prior to 1.12.5 Description A server-side request forgery SSRF issue in the Lunch Flow integration allows authenticated users on self-hosted instances to force the server to send HTTP GET requests to arbitrary URLs. The respons...

PT-2026-34568

WeKan before 8.35 contains a missing authorization vulnerability in the Integration REST API endpoints that allows authenticated board members to perform administrative actions without proper privilege verification. Attackers can enumerate integrations including webhook URLs, create new...

PT-2026-34247

CVE-2026-6834 The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated remote attackers to arbitrarily read database contents through a specif… https://t.co/30wrzM11aW...

PT-2026-34470

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 12.4 through 18.9.5 GitLab CE/EE versions 18.10 through 18.10.3 GitLab CE/EE versions 18.11 through 18.11.0 Description An issue exists where an authenticated user can cause a denial of service by overwhelming system...

PT-2026-34448

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An operator with access to the REST API can cause the Authoritative server to generate invalid HTTPS or SVCB record data. This action can lead to corruption of t...

Jellystat SQL注入漏洞

Jellystat is a free and open-source statistical application developed by Thegan Govender as an individual project. Versions of Jellystat prior to 1.1.10 contained a SQL injection vulnerability. This vulnerability stemmed from multiple API endpoints that constructed queries by directly inserting...

Gitlab -- vulnerabilities

Gitlab reports: Cross-Site Request Forgery issue in GraphQL API impacts GitLab CE/EE GitLab Improper Resolution of Path Equivalence issue in Web IDE asset impacts GitLab CE/EE Cross-site Scripting issue in Storybook impacts GitLab CE/EE Denial of Service issue in discussions endpoint impacts GitL...

WordPress plugin CalJ 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-33747

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for...

Linux Distros Unpatched Vulnerability : CVE-2026-35587

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, a Server-Side Request Forgery SSRF vulnerability exists in the Glances ...

Linux Distros Unpatched Vulnerability : CVE-2026-34839

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Glances web server exposes a REST API /api/4/ that is accessible...

PT-2026-34374

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Use-After-Free UAF issue exists in the virtio net driver when it is configured with napi tx=N and the IFF XMIT DST RELEASE flag is cleared, such as during the configuration of tc route...

CVE-2026-41126

BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have an Open Redirect through bigbluebutton/api/join via get-parameter "logoutURL." Version 3.0.24 has adjusted the handling of requests with incorrect checksum so that the default logoutURL is used. No known workarounds...

CVE-2026-41126 BigBlueButton has Open Redirect through bigbluebutton/api/join via get-parameter "logoutURL"

BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have an Open Redirect through bigbluebutton/api/join via get-parameter "logoutURL." Version 3.0.24 has adjusted the handling of requests with incorrect checksum so that the default logoutURL is used. No known workarounds...