EUVD-2026-8744

A vulnerability was identified in z-9527 admin 1.0/2.0. The affected element is the function checkName/register/login/getUser/getUsers of the file /server/controller/user.js. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might...

CVE-2026-3200

CVE-2026-3200 affects the z-9527 admin 1.0/2.0 product. The vulnerability is in the server-side code, specifically the functions checkName, register, login, getUser, and getUsers in /server/controller/user.js, where improper handling leads to SQL injection. The issue can be triggered remotely and...

EUVD-2026-8716

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the document controller’s patientpicture context serves the patient’s photo by document ID or patient ID without verifying that the current user is authorized to access...

CVE-2026-25929 OpenEMR Patient Picture Context Allows Arbitrary Patient Photo Retrieval

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the document controller’s patientpicture context serves the patient’s photo by document ID or patient ID without verifying that the current user is authorized to access...

EUVD-2026-8675

A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected syste...

EUVD-2026-8672

A vulnerability in the Object Model CLI component of Cisco Application Policy Infrastructure Controller APIC could allow an authenticated, local attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. To exploit this vulnerability, the attacker...

CVE-2026-20127

A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected syste...

CVE-2026-20127

A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected syste...

CVE-2026-27736

BigBlueButton Open Redirect CVE-2026-27736 affects the 3.x branch before version 3.0.20. The vulnerability arises because the errorRedirectUrl string is not validated and is used directly in respondWithRedirect, enabling an open redirect. The issue is fixed in BigBlueButton 3.0.20. No exploitatio...

CVE-2026-27736 BigBlueButton has Open Redirect vulnerability in ApiController

BigBlueButton is an open-source virtual classroom. In versions on the 3.x branch prior to 3.0.20, the string received with errorRedirectUrl lacks validation, using it directly in the respondWithRedirect function leads to an Open Redirect vulnerability. BigBlueButton 3.0.20 patches the issue. No...

CVE-2026-20107

The CVE concerns Cisco Application Policy Infrastructure Controller (APIC) in the Object Model CLI. A vulnerability in the CLI input validation could allow an authenticated, local attacker with any role granting CLI access to issue crafted commands and trigger a device reload, causing a DoS. Affe...

CVE-2026-20107 Cisco Application Policy Infrastructure Controller Denial of Service Vulnerability

A vulnerability in the Object Model CLI component of Cisco Application Policy Infrastructure Controller APIC could allow an authenticated, local attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. To exploit this vulnerability, the attacker...

CVE-2026-20127 Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability

A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected syste...

CVE-2026-20127

A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected syste...

CVE-2026-20127 Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability

A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected syste...

Cisco Application Policy Infrastructure Controller Denial of Service Vulnerability

A vulnerability in the Object Model CLI component of Cisco Application Policy Infrastructure Controller APIC could allow an authenticated, local attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. To exploit this vulnerability, the attacker...

kernel: Linux kernel: xHCI driver isochronous event handling race condition leading to data loss or UAF

A flaw was found in the Linux kernel's xHCI eXtensible Host Controller Interface driver. This vulnerability allows data loss or buffer Use-After-Free UAF due to a race condition during isochronous Ring Underrun/Overrun event handling...

Moderate: Red Hat Security Advisory: kernel-rt security update

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

CVE-2025-67860

A vulnerability has been identified in the NeuVector scanner where the scanner process accepts registry and controller credentials as command-line arguments, potentially exposing sensitive credentials to local users...

CVE-2025-67860

A vulnerability has been identified in the NeuVector scanner where the scanner process accepts registry and controller credentials as command-line arguments, potentially exposing sensitive credentials to local users...