EUVD-2026-38428

Capgo before 12.128.2 contains an authorization bypass vulnerability in its public API key management handlers get/put/delete/post. API keys created with mode=all but restricted to a single app via limitedtoapps are only checked for limitedtoorgs and not for limitedtoapps, so an app-scoped key ca...

Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect

The Oracle Applications Framework component of Oracle E-Business Suite subcomponent: Popup windows lists of values, datepicker, etc. is impacted by open redirect issues in versions 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. These easily exploitable vulnerabilities allow unauthenticated attackers...

Twisted - Open Redirect & XSS

Twisted is an event-based framework for internet applications, supporting Python 3.6+. The Twisted web framework's redirectTo function is vulnerable to reflected XSS if an attacker can control the redirect URL. This template tests for an open redirect and XSS vulnerability in the URL parameter...

EUVD-2026-38373

Capgo before 12.128.2 contains an information disclosure vulnerability in the /functions/v1/channelself endpoint that allows unauthenticated attackers to enumerate non-public channel names and determine app existence and subscription status. Remote attackers can send GET requests with arbitrary...

CVE-2026-10845

CVE-2026-10845 affects IBM WebSphere Application Server 8.5 and 9.0, where an authentication bypass could allow a remote attacker to gain unauthorized access to JAX-WS applications. The root cause is an authentication bypass vulnerability in these WAS components, exposing potential impact on conf...

Nodejs Squirrelly - Remote Code Execution

Nodejs Squirrelly is susceptible to remote code execution. Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuratio...

Kyocera TASKalfa printer - Path Traversal

CCRX has a Path Traversal vulnerability. Path Traversal is an attack on web applications. By manipulating the value of the file path, an attacker can gain access to the file system, including source code and critical system settings. id: CVE-2023-34259 info: name: Kyocera TASKalfa printer - Path...

Astra Linux – Vulnerability in Ruby-Rack

A denial-of-service vulnerability in the multipart parsing component of Rack was fixed in versions 2.0.9.2, 2.1.4.2, 2.2.4.1, and 3.0.0.1. This vulnerability could allow attackers to craft input that causes the RFC2183 multipart boundary parsing in Rack to take an unexpectedly long time,...

Astra Linux – Vulnerability in Firefox and Thunderbird

Using XMLHttpRequest, an attacker could identify installed applications by probing error messages related to loading external protocols. This vulnerability affects Thunderbird version 91.4.0, Firefox ESR version 91.4.0, and Firefox version 95...

Security Bulletin: Aspera Applications are affected by an OpenSSL vulnerability (CVE-2016-8610)

Question Security Bulletin: Aspera Applications are affected by an OpenSSL vulnerability CVE-2016-8610 "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM Aspera","Component":"","Platform":"code":"PF025","label":"Platform Independent","Version":"Al...

CVE-2026-46933

Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applicatio...

CVE-2026-46926

Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM component: Siebel Cloud Manager. Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Siebel CRM Cloud Applications...

CVE-2026-46925

Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM component: Siebel Cloud Manager. Supported versions that are affected are 17.0-26.5. Difficult to exploit vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the...

CVE-2026-46919

Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM component: Siebel Cloud Manager. Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Cloud...

CVE-2026-46920

Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM component: Siebel Cloud Manager. Supported versions that are affected are 17.0-26.5. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Cloud...

CVE-2026-12225

syracom AG Secure Login 2FA for Atlassian Jira, Confluence, and Bitbucket 3.4.0.x contains an authentication bypass vulnerability. An attacker with valid credentials for a user account can bypass the two-factor authentication flow by sending HTTP requests with a crafted User-Agent header containi...

EUVD-2026-37066

syracom AG Secure Login 2FA for Atlassian Jira, Confluence, and Bitbucket 3.4.0.x contains an authentication bypass vulnerability. An attacker with valid credentials for a user account can bypass the two-factor authentication flow by sending HTTP requests with a crafted User-Agent header containi...

Chromium: CVE-2026-11642 Use after free in Web Apps

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

PT-2026-50029

🚨 CVE-2026-46925 Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM component: Siebel Cloud Manager. Supported versions that are affected are 17.0-26.5. Difficult to exploit vulnerability allows unauthenticated attacker with access to the physical communication segmen...

PT-2026-50026

Name of the Vulnerable Software and Affected Versions Oracle Siebel CRM Siebel Cloud Manager versions 17.0 through 26.5 Description An issue in the Siebel Cloud Manager component of Oracle Siebel CRM allows an unauthenticated attacker with network access via HTTP to compromise the system...