CVE-2025-13491 IBM App Connect Enterprise Certified Container Information Disclosure

IBM App Connect Enterprise Certified Container CD: 11.2.0 through 11.6.0, 12.1.0 through 12.19.0 and 12.0 LTS: 12.0.0 through 12.0.19 could allow an attacker to access sensitive files or modify configurations due to an untrusted search path...

CVE-2025-13491 IBM App Connect Enterprise Certified Container Information Disclosure

IBM App Connect Enterprise Certified Container CD: 11.2.0 through 11.6.0, 12.1.0 through 12.19.0 and 12.0 LTS: 12.0.0 through 12.0.19 could allow an attacker to access sensitive files or modify configurations due to an untrusted search path...

Important: Red Hat Security Advisory: RHOAI 2.25.2 - Red Hat OpenShift AI

Updated images are now available for Red Hat OpenShift AI. Release of RHOAI 2.25.2 provides these changes:...

CVE-2025-68722

Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery CSRF vulnerability in the WebAdmin interface through improper handling of the s breadcrumb parameter. The application accepts state-changing requests via the GET method and automatically processes...

PT-2026-6556

Name of the Vulnerable Software and Affected Versions IBM App Connect Enterprise Certified Container versions up to 12.19.0 Continuous Delivery IBM App Connect Enterprise Certified Container version 12.0 LTS Long Term Support Description The software may allow an attacker to access sensitive file...

cms-security-poc

CVE-2026-31266 - Craft CMS Missing Authorization CVE Infor...

CVE-2026-24669

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, an insecure password reset mechanism allows local attackers to reuse a valid password reset token after it has already been used, enabling unauthorized password changes and...

CVE-2026-23103

In the Linux kernel, the following vulnerability has been resolved: ipvlan: Make the addrslock be per port Make the addrslock be per port, not per ipvlan dev. Initial code seems to be written in the assumption, that any address change must occur under RTNL. But it is not so for the case of IPv6. ...

EUVD-2026-5439

In the Linux kernel, the following vulnerability has been resolved: ipvlan: Make the addrslock be per port Make the addrslock be per port, not per ipvlan dev. Initial code seems to be written in the assumption, that any address change must occur under RTNL. But it is not so for the case of IPv6. ...

CVE-2026-23100 mm/hugetlb: fix hugetlb_pmd_shared()

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix hugetlbpmdshared Patch series "mm/hugetlb: fixes for PMD table sharing incl. using mmugather", v3. One functional fix, one performance regression fix, and two related comment fixes. I cleaned up my prototype I...

CVE-2026-1633

The Synectix LAN 232 TRIO 3-Port serial to ethernet adapter exposes its web management interface without requiring authentication, allowing unauthenticated users to modify critical device settings or factory reset the device...

WordPress plugin WebPurify Profanity Filter 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress plugin Magic Import Document Extractor 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-1633 Synectix LAN 232 TRIO Missing Authentication for Critical Function

The Synectix LAN 232 TRIO 3-Port serial to ethernet adapter exposes its web management interface without requiring authentication, allowing unauthenticated users to modify critical device settings or factory reset the device...

CVE-2026-1632

MOMA Seismic Station Version v2.4.2520 and prior exposes its web management interface without requiring authentication, which could allow an unauthenticated attacker to modify configuration settings, acquire device data or remotely reset the device...

CVE-2026-1632 RISS SRL MOMA Seismic Station Missing Authentication for Critical Function

MOMA Seismic Station Version v2.4.2520 and prior exposes its web management interface without requiring authentication, which could allow an unauthenticated attacker to modify configuration settings, acquire device data or remotely reset the device...

CVE-2026-1632

The CVE affects MOMA Seismic Station, specifically versions v2.4.2520 and prior, where the web management interface is exposed without authentication. The root cause is missing access control on the web UI, enabling an unauthenticated attacker to modify configuration settings, exfiltrate device d...

CVE-2026-24667 Open eClass's Active Sessions Not Invalidated After Password Change Allow Persistent Account Access

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, failure to invalidate active user sessions after a password change allows existing session tokens to remain valid, potentially enabling unauthorized continued access to user...

EUVD-2026-5229

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a Cross-Site Request Forgery CSRF vulnerability in multiple teacher-restricted endpoints allows attackers to induce authenticated teachers to perform unintended actions, such as...

CVE-2026-24666

Open eClass (formerly GUnet eClass) is affected by a CSRF vulnerability in multiple teacher-restricted endpoints prior to version 4.2. The issue allows authenticated teachers to be induced into performing unintended actions (e.g., modifying assignment grades) via crafted requests. The vulnerabili...