CVE-2026-12515

A flaw was found in Katello's of Red Hat Satellite. A content upload functionality where insufficient authorization checks in the ContentUploadsController allowed users with the editproducts permission to query content information for repositories outside the products they were authorized to...

PT-2026-50457

Name of the Vulnerable Software and Affected Versions Katello of Red Hat Satellite affected versions not specified Description Insufficient authorization checks in the ContentUploadsController within the content upload functionality allow authenticated users with the edit products permission to...

CVE-2026-23847 SiYuan Vulnerable to Reflected Cross-Site Scripting (XSS) via /api/icon/getDynamicIcon

SiYuan is a personal knowledge management system. Versions prior to 3.5.4 are vulnerable to reflected cross-site scripting in /api/icon/getDynamicIcon due to unsanitized SVG input. The endpoint generates SVG images for text icons type=8. The content query parameter is inserted directly into the S...

Nextcloud: Combination of content provider allows private data disclosure

Good afternoon. Sorry, its me again .. I use NC on a daily basis so I often makes some checks .. As per 489105, document thumbnail shall not be disclosed. The exposure on thumbnailCache/ is an already know issue. However, malicious apps are still able to extract at least pictures and text files b...