CVE-2026-42998

A flaw was found in OpenStack Keystone. The application credential authentication plugin fails to verify if the user provided in an authentication request matches the owner of the application credential. This allows a remote attacker to authenticate with their own credentials while impersonating...

CVE-2026-43000

A flaw was found in OpenStack Keystone. An attacker with a member role on a project can escalate their privileges to an administrator role. This is achieved by combining an application credential impersonation vulnerability with the misuse of Keystone trusts. The system incorrectly validates...

CVE-2026-26824

A flaw was found in libxls. This vulnerability, a use of uninitialized memory, occurs in the OLE container parser when processing a specially crafted XLS file. An attacker could exploit this by providing a malicious XLS file, which may lead to application crashes or the potential disclosure of...

PT-2026-46231

Name of the Vulnerable Software and Affected Versions Progress ADC affected versions not specified Description An OS Command Injection flaw in the API of Progress ADC products allows an unauthenticated attacker to execute arbitrary commands on the LoadMaster appliance. This issue is caused by...

Octopus Server 安全漏洞

Octopus Server is a deployment automation and release management tool provided by the Australian company Octopus, used for continuous delivery. The affected versions of Octopus Server have a security vulnerability. This vulnerability stems from incorrect permission checks, allowing any...

PT-2026-46843

Summary app.mount strips the mount prefix from the incoming request path using the raw URL pathname, while route matching is performed against the percent-decoded path. This inconsistency causes the prefix to be stripped at the wrong position when the path contains percent-encoded multi-byte...

Acer M6E 安全漏洞

The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability. This vulnerability stems from the lack of authorization verification for the key management API endpoints involved in cellular eSIM allocation. As a result,...

Acer M6E 安全漏洞

The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability. This vulnerability stems from the fact that the /v1/Plan service relies entirely on a shared global API token for complete management, which may lead to the...

PT-2026-46217

HCL Hive Telco Observability is affected by a Required directives missing from the CSP issue is detected in keycloak component of the web application. Missing essential directives can leave a site vulnerable...

PT-2026-46299

Impact The DynamicClientRegistrationControllerregister action hard-codes confidential: false when creating applications dynamic client registration controller.rb:18-25, yet the response includes a client secret and advertises token endpoint auth methods supported: "client secret basic", "client...

MISP 安全漏洞

MISP is a set of open-source software solutions developed by MISP. This product is used for collecting, storing, distributing, and sharing network security metrics. It also includes features for analyzing threats to network security and malware analysis. MISP has a security vulnerability, which...

Strawberry GraphQL 安全漏洞

Strawberry GraphQL is an open-source Python GraphQL library that utilizes type annotations. Versions 0.71.0 to 0.315.6 of Strawberry GraphQL contain security vulnerabilities. These vulnerabilities stem from the QueryDepthLimiter extension’s lack of loop detection in fragment extensions, which cou...

CVE-2026-10295

A vulnerability was found in SourceCodester Customer Review App 1.0. Affected by this vulnerability is the function addreview/savereview/getallreviews of the file reviewapp.py. Performing a manipulation of the argument name/comment results in denial of service. The attack requires a local approac...

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow

Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business...

ROOT-APP-PYPI-CVE-2026-41140 CVE-2026-41140 in rootio-poetry - Patched by Root

Root has patched CVE-2026-41140 in the rootio-poetry package for Root:PyPI. Multiple fixed versions available...

Exploit for CVE-2026-26897

EcoOnline EHS Android — Deep Link Validation Bypass → WebVie...

CVE-2026-10227

A vulnerability has been found in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. The affected element is an unknown function of the file addusercheck.php of the component User Creation Handler. The manipulation of the argument role leads to sql injectio...

CVE-2026-44546

daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processing. Twisted does not treat \x0b, \x0c, \x1c, \x1d, \x1e, or \x85 as header line separators, but autobahn decodes header values to str and calls splitlines. An...

CVE-2026-44546 Header injection via WebSocket upgrade parser differential allows ASGI scope header spoofing

daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processing. Twisted does not treat \x0b, \x0c, \x1c, \x1d, \x1e, or \x85 as header line separators, but autobahn decodes header values to str and calls splitlines. An...

CVE-2026-9516

A flaw was found in Cpanel::JSON::XS, a Perl module used for processing JSON data. This vulnerability allows a remote attacker to cause a denial of service DoS by providing specially crafted input that begins with a UTF-8 Byte Order Mark BOM. When a decode filter callback encounters an error with...