PT-2026-7651

Name of the Vulnerable Software and Affected Versions Statping-ng version 0.91.0 Description An issue allows an attacker to obtain sensitive information via a crafted request to the api parameter of the oauth, amazon sns, and export API endpoints. Recommendations Apply updates to address the issu...

CVE-2025-65128

A missing authentication mechanism in the web management API components of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows unauthenticated attackers on the local network to modify router and network configurations. By invoking operations whose names end with "nocommit" and supplying the...

GitLab Enterprise Edition（EE）和GitLab Community Edition（CE） 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. There were security vulnerabilities in GitLab Enterprise Edition EE and...

CVE-2024-26477

An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the api parameter of the oauth, amazonsns, export endpoints...

PT-2026-7486

The Pix para Woocommerce WordPress plugin through 2.13.3 allows any authenticated user to trigger AJAX actions that reset payment gateway configuration options without capability or nonce checks. This permits any authenticated users, such as subscribers to clear API credentials and webhook status...

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD continuous integration and delivery. There were security vulnerabilities in versions prior to GitLab EE...

CVE-2025-65128

CVE-2025-65128 affects Shenzhen Zhibotong Electronics ZBT WE2001 (version 23.09.27). The web management API lacks authentication, allowing unauthenticated attackers on the local network to modify router and network configurations by calling operations ending with *_nocommit and providing the expe...

FreeBSD : Gitlab -- vulnerabilities (9d9940e7-071c-11f1-93ca-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 9d9940e7-071c-11f1-93ca-2cf05da270f3 advisory. Gitlab reports: Incomplete Validation issue in Web IDE impacts GitLab CE/EE Denial of Service...

RockyLinux 8 : python-urllib3 (RLSA-2026:1254)

The remote RockyLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RLSA-2026:1254 advisory. urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion CVE-2025-66418 urllib3: urllib3 Streaming API improperly handles highly...

RockyLinux 9 : python-urllib3 (RLSA-2026:1087)

The remote RockyLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RLSA-2026:1087 advisory. urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion CVE-2025-66418 urllib3: urllib3 Streaming API improperly handles highly...

RockyLinux 10 : python-urllib3 (RLSA-2026:1086)

The remote RockyLinux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RLSA-2026:1086 advisory. urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion CVE-2025-66418 urllib3: urllib3 Streaming API improperly handles highly...

CVE-2026-1080

GitLab has remediated an issue in GitLab EE affecting all versions from 16.7 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to access iteration data from private descendant groups by querying the iterations API...

GHSA-CP6G-7HQX-QXHP mongo-go-driver has Heap Out-of-Bounds Read in GSSAPI Error Handling

The mongo-go-driver repository contains CGo bindings for GSSAPI Kerberos authentication on Linux and macOS. The C wrapper implementation contains a heap out-of-bounds read vulnerability due to incorrect assumptions about string termination in the GSSAPI standard. Since GSSAPI buffers are not...

Heap Out-of-Bounds Read in Go Driver GSSAPI C Wrappers enables application crash or information leak

The mongo-go-driver repository contains CGo bindings for GSSAPI Kerberos authentication on Linux and macOS. The C wrapper implementation contains a heap out-of-bounds read vulnerability due to incorrect assumptions about string termination in the GSSAPI standard. Since GSSAPI buffers are not...

CVE-2026-25530 Kanboard is missing authorization check in getSwimlane API allows cross-project data access

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, the getSwimlane API method lacks project-level authorization, allowing authenticated users to access swimlane data from projects they cannot access. This vulnerability is fixed in 1.2.50...

CVE-2026-25530 Kanboard is missing authorization check in getSwimlane API allows cross-project data access

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, the getSwimlane API method lacks project-level authorization, allowing authenticated users to access swimlane data from projects they cannot access. This vulnerability is fixed in 1.2.50...

CVE-2025-11004

The Simplicity Device Manager Tool has a Reflected XSS Cross-site-scripting vulnerability in several API endpoints. The attacker needs to be on the same network to execute this attack. These APIs can affect confidentiality, integrity, and availability of the system that has Simplicity Device...

Description of the security update for SharePoint Server 2016: February 10, 2026 (KB5002841)

Description of the security update for SharePoint Server 2016: February 10, 2026 KB5002841 Summary Important: If you're currently running SharePoint Workflow Manager, you must install the SharePoint Workflow Manager KB5002799 to your farm before you install this cumulative update. If you're...

CVE-2025-11004 Reflected XSS vulnerability in Simplicity Device Manager tool

The Simplicity Device Manager Tool has a Reflected XSS Cross-site-scripting vulnerability in several API endpoints. The attacker needs to be on the same network to execute this attack. These APIs can affect confidentiality, integrity, and availability of the system that has Simplicity Device...

CVE-2025-11004

The vulnerability CVE-2025-11004 is a reflected XSS in several API endpoints of the Simplicity Device Manager Tool. An attacker on the same network can exploit the issue, potentially affecting confidentiality, integrity, and availability of the system hosting the tool. The CVSS v4.0 vector indica...