CVE-2026-20694

This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.4, macOS Sonoma 14.8.5, macOS Tahoe 26.3, macOS Tahoe 26.4. An app may be able to access user-sensitive data...

CVE-2026-20699

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.3, macOS Tahoe 26.4. An app may be able to access user-sensitive data...

CVE-2026-20633

This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access user-sensitive data...

CVE-2026-20651

A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to access sensitive user data...

CVE-2026-28837

A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data...

CVE-2026-28831

An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access sensitive user data...

CVE-2026-3024

Stored Cross-Site Scripting XSS vulnerability in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/configuracion/agenda/modelo-formulario-evento'. A user with permission to create personalized accounts could exploit this vulnerability simply by creating a malicious survey...

CVE-2026-1267

IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an unauthorized access to sensitive application data and administrative functionalities due to lack of proper access controls...

CVE-2026-0231

An information disclosure vulnerability in Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to obtain and modify sensitive information by triggering live terminal session via Cortex UI and modifying any configuration setting. The attacker must have network access to the Broke...

CVE-2017-20223

Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access resources by manipulating user-supplied input parameters. Attackers can directly reference objects in the system to retrie...

CVE-2026-32131

ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a vulnerability in Zitadel's Management API has been reported, which allowed authenticated users holding a valid low-privilege token e.g., project.read, project.grant.read, or project.app.read to retrieve...

Security Bulletin: IBM SPSS Modeler is affected by multiple vulnerabilities disclosed in IBM Semeru Runtime.

Summary IBM SPSS Modeler is affected by multiple vulnerabilities disclosed in IBM Semeru Runtime CVE-2026-21945, CVE-2026-21933, CVE-2026-21932, CVE-2026-21925, CVE-2026-1188. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is...

OpenEMR 安全漏洞

OpenEMR is an open-source medical management system developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0.3 contained security...

etcd 安全漏洞

Etcd is an open-source system developed in Go language, used as a key-value storage system for distributed systems. There are security vulnerabilities in versions prior to 3.4.42, 3.5.28, and 3.6.9 of etcd. These vulnerabilities stem from nested transactions that can bypass key range authorizatio...

CVE-2026-34051 OpenEMR has Improper ACL On Import/Export Popup

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 have an improper access control on the Import/Export functionality, allowing unauthorized users to perform import and export actions through direct request manipulati...

CVE-2026-34051 OpenEMR has Improper ACL On Import/Export Popup

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 have an improper access control on the Import/Export functionality, allowing unauthorized users to perform import and export actions through direct request manipulati...

CVE-2026-25377

CVE-2026-25377 concerns the WordPress plugin Addon Jobsearch Chat (component: addon-jobsearch-chat) with versions n/a through 3.0. The vulnerability stems from improper neutralization of special elements in SQL commands, resulting in an SQL injection flaw. Impact details are limited in the provid...

CVE-2024-51346

An issue in Eufy Homebase 2 version 3.3.4.1h allows a local attacker to obtain sensitive information via the cryptographic scheme...

EUVD-2026-15145

This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access sensitive user data...

EUVD-2026-15137

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access user-sensitive data...