CVE-2026-42176

Scoold is a Q&A and a knowledge sharing platform for teams. Prior to version 1.67.0, Scoold allows the admins configuration value to be modified through /api/config/set/admins with a forged Bearer token that is accepted as an admin API token. Once that setting is changed, the target email address...

CVE-2026-42185

CVE-2026-42185 - People (La Suite): Prior to version 1.25.0, an authenticated user with Administrator on a mail domain could send a crafted invitation to elevate any user to Owner, yielding full domain ownership without the target’s acceptance. This is a privilege-escalation in the invitation flo...

CVE-2026-44127 Local File Inclusion (LFI) and Arbitrary File Deletion

SEPPmail Secure Email Gateway before version 15.0.4 contains an unauthenticated path traversal vulnerability in the identifier parameter of /api.app/attachment/preview that allows remote attackers to read arbitrary local files and trigger deletion of files in the targeted directory with the...

CVE-2026-7475

The Sky Addons (WordPress) plugin, specifically Sky Elementor Addons with Widgets & Templates versions

Improper Authorization

github.com/mattermost/mattermost-server is vulnerable to improper authorization. The vulnerability is due to insufficient validation of team membership permissions in the Add Channel Member API, which allows an attacker to exploit the API endpoint to access user metadata and channel membership...

Cross-site Scripting (XSS)

Overview org.opencms:opencms-core is a Java open source content management system by Alkacon Software. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the cmis-online/type process. An attacker can execute arbitrary scripts in the context of a user's browser by...

BIT-JRE-2026-34268

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0....

BIT-JRE-2025-10911 Libxslt: use-after-free with key data stored cross-rvt

A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash...

BIT-JRE-2020-2590

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Security. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

Security Bulletin: Due to the use of IBM WebSphere Application Server, IBM DevOps Code ClearCase is affected by multiple vulnerabilities.

Summary IBM WebSphere Application Server WAS is shipped as a component of IBM DevOps Code ClearCase. Information about security vulnerabilities affecting WAS have been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

Security Bulletin: Multiple security vulnerabilities has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI - April 2026 Java CPU

Summary Websphere Application Server WAS is shipped as a component of Tivoli Netcool/OMNIbus WebGUI. Information about security vulnerabilities affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

CVE-2026-8129

SourceCodester SUP Online Shopping 1.0 is affected. The vulnerability targets wishlist.php via manipulation of the delwlistid parameter, causing SQL injection. This can be exploited remotely, and public exploits have been disclosed. CVSS data across versions indicates a high-severity impact (AV:N...

People 安全漏洞

People is an open-source user and team permission management application developed by La Suite numérique. Versions of People prior to 1.25.0 contained a security vulnerability. This vulnerability allowed users with the role of email domain administrators to elevate any existing user to the owner...

SmarterTools SmarterMail 路径遍历漏洞

SmarterTools SmarterMail is a set of email server software developed by SmarterTools Corporation. This software supports features such as spam filtering, data statistics, and Simple Mail Transfer Protocol SMTP authentication. Previous versions of SmarterTools SmarterMail version 9560 contained a...

PT-2026-39247

Name of the Vulnerable Software and Affected Versions free5GC versions prior to 4.2.2 Description The PCF handler for the endpoint "/npcf-policyauthorization/v1/app-sessions" contains a flaw that causes a runtime panic when processing a specific authenticated request. This occurs when the...

PT-2026-38688

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to...

PT-2026-38808

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM...

PT-2026-38846

A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash...

PT-2026-38826

Vulnerability in Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 and 23. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java...

EUVD-2026-28419

When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash...