SUSE CVE-2026-30926

SiYuan is a personal knowledge management system. Prior to 3.5.10, a privilege escalation vulnerability exists in the publish service of SiYuan Note that allows low-privilege publish accounts RoleReader to modify notebook content via the /api/block/appendHeadingChildren API endpoint. The endpoint...

SUSE CVE-2026-30943

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An insufficient authorization check in the file replace API allows a user with only list visibility permission UserPermListOtherUploads to delete another user's file by abusing the...

SUSE CVE-2026-32596

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.2, Glances web server runs without authentication by default when started with glances -w, exposing REST API with sensitive system information including process command-lines containing credentials passwords, API keys,...

CVE-2024-51348

A stack-based buffer overflow vulnerability in the P2P API service in BS Producten Petcam with firmware 33.1.0.0818 allows unauthenticated attackers within network range to overwrite the instruction pointer and achieve Remote Code Execution RCE by sending a specially crafted HTTP request...

CVE-2024-51348

A stack-based buffer overflow vulnerability in the P2P API service in BS Producten Petcam with firmware 33.1.0.0818 allows unauthenticated attackers within network range to overwrite the instruction pointer and achieve Remote Code Execution RCE by sending a specially crafted HTTP request...

CVE-2025-59706

In N2W before 4.3.2 and 4.4.0 before 4.4.1, improper validation of API request parameters enables remote code execution...

CVE-2025-32991

In N2WS Backup & Recovery before 4.4.0, a two-step attack against the RESTful API results in remote code execution...

PT-2026-27809

Name of the Vulnerable Software and Affected Versions GitLab EE versions 18.5 through 18.8.6 GitLab EE versions 18.9 through 18.9.2 GitLab EE versions 18.10 through 18.10.0 Description An improper access control issue existed in GitLab EE that allowed an unauthenticated user to access API tokens ...

Cisco IOS XE Software 安全漏洞

Cisco IOS XE Software is a network operating system developed by the American company Cisco. There is a security vulnerability in Cisco IOS XE Software, which stems from insufficient validation of API endpoint parameters. This vulnerability could allow authenticated remote attackers to gain...

CVE-2024-51348

CVE-2024-51348 affects BS Producten Petcam firmware 33.1.0.0818, where the P2P API service is vulnerable to a stack-based buffer overflow in URI handling. An unauthenticated attacker within network range can craft an HTTP request to port 8001 to overflow a 260-byte stack buffer, overwrite the ins...

Support Statement — Exchange Web Services (EWS) Deprecation

Challenge Microsoft has announced the deprecation of Exchange Web Services EWS in Exchange Online, with the initial phase-out target of October 1, 2026. Veeam Backup for Microsoft 365 and Veeam Data Cloud for Microsoft 365 currently leverage EWS for Exchange Online backup functionality. Note: Thi...

Nats-Server 授权问题漏洞

Nats-Server is a high-performance server developed by Nats for use in Nats.io, cloud, and edge native messaging systems. Versions of NATS-Server prior to 2.11.15 and 2.12.6 contained an authorization vulnerability. This vulnerability stemmed from improper access control in the JetStream managemen...

PT-2026-27769

A stack-based buffer overflow vulnerability in the P2P API service in BS Producten Petcam with firmware 33.1.0.0818 allows unauthenticated attackers within network range to overwrite the instruction pointer and achieve Remote Code Execution RCE by sending a specially crafted HTTP request...

PT-2026-28163

Name of the Vulnerable Software and Affected Versions LiquidJS versions prior to 10.25.1 Description LiquidJS is susceptible to a denial of service condition due to insufficient memory limit enforcement within the replace first filter. The filter utilizes JavaScript's String.prototype.replace,...

PT-2026-28167

Name of the Vulnerable Software and Affected Versions yaml versions prior to 1.10.3 yaml versions prior to 2.8.3 Description The yaml library is susceptible to a stack overflow when parsing YAML documents. The issue occurs during the node resolution/composition phase, which uses recursive functio...

Vikunja Allows Disabled/Locked User Accounts to Authenticate via API Tokens, CalDAV, and OpenID Connect

When a user account is disabled or locked, the status check is only enforced on the local login and JWT token refresh paths. Three other authentication paths — API tokens, CalDAV basic auth, and OpenID Connect — do not verify user status, allowing disabled or locked users to continue accessing th...

Missing Protected-field Authorization in Provisioning Contact Points API

A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify protected webhook URLs without the required alert.notifications.receivers.protected:write permission...

UBUNTU-CVE-2026-3608

Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA listener can cause the receiving daemon to exit with a stack overflow error. This issue affects Kea versions 2.6.0 through 2.6.4 and 3.0.0 through 3.0.2...

Gitlab -- vulnerabilities

Gitlab reports: Improper Handling of Parameters issue in Jira Connect installations impacts GitLab CE/EE Cross-Site Request Forgery issue in GLQL API impacts GitLab CE/EE HTML Injection in vulnerability report impacts GitLab EE Denial of Service issue in GraphQL API impacts GitLab CE/EE Improper...

CVE-2026-33314

pyLoad is a free and open-source download manager written in Python. Prior to version 0.5.0b3.dev97, a Host Header Spoofing vulnerability in the @localcheck decorator allows unauthenticated external attackers to bypass local-only restrictions. This grants access to the Click'N'Load API endpoints,...