PT-2026-49229

Insertion of Sensitive Information Into Sent Data vulnerability in Stiofan GetPaid allows Retrieve Embedded Sensitive Data. This issue affects GetPaid: from n/a through 2.8.49...

PT-2026-49438

Unauthenticated Sensitive Data Exposure in Simply Schedule Appointments 1.6.11.2 versions...

PT-2026-49503

Unauthenticated Sensitive Data Exposure in Conekta Payment Gateway = 6.0.0 versions...

PT-2026-49335

An out-of-bounds read vulnerability was found in the VA JPEG decoder in GStreamer's gst-plugins-bad. The JPEG parser reads a segment length value from the bitstream without validating it against available data. A remote attacker could trick a user into opening a specially crafted JPEG file, causi...

PT-2026-49428

Subscriber Sensitive Data Exposure in WP SMS = 7.2.1 versions...

CVE-2026-38812

CVE-2026-38812 affects RuoYi v4.8.2. The vulnerability is a SQL Injection in the code generation module triggered via the /tool/gen/createTable endpoint. It can be exploited by an authenticated attacker with administrative privileges to access sensitive database information. The recorded CVSS3.1 ...

PT-2026-49331

Name of the Vulnerable Software and Affected Versions grocy version 4.6.0 Description SQL injection occurs at the '/stockreports/spendings' endpoint through the product-group parameter. This allows attackers to access sensitive database information by using a crafted SQL statement. SQL injection ...

PT-2026-49470

Name of the Vulnerable Software and Affected Versions MultiJuicer versions 8.0.0 through 10.0.0 Description The team join endpoint 'POST /multi-juicer/api/teams/team/join' accepts requests with any Content-Type, including text/plain. Since this content type does not trigger a Cross-Origin Resourc...

PT-2026-49298

Name of the Vulnerable Software and Affected Versions RuoYi version 4.8.2 Description An issue in the code generation module allows an authenticated attacker with administrative privileges to access sensitive database information. This is possible through a SQL Injection in the...

PT-2026-49458

Unauthenticated Sensitive Data Exposure in Bookly = 27.4 versions...

ROS-20260615-73-0020

The vulnerability of the freerdpimagecopyfromicondata function libfreerdp/codec/color.c in the RDP client FreeRDP arises due to an operation being executed outside the buffer boundaries. Exploiting this vulnerability could allow a malicious actor to cause service failure...

ROS-20260615-73-0019

The vulnerability of the freerdpimagecopyfromicondata function libfreerdp/codec/color.c in the RDP client FreeRDP arises due to an operation being executed outside the buffer boundaries. Exploiting this vulnerability could allow a malicious actor to cause service failure...

ROS-20260615-73-0017

The vulnerability of the xfAppUpdateWindowFromSurface function in the RDP client FreeRDP relates to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

ROS-20260615-73-0028

The vulnerability of the xfclipboardformatequal function in the RDP client FreeRDP relates to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

ROS-20260615-73-0032

The vulnerability of the RDP client FreeRDP relates to reading beyond the memory boundaries. Exploiting this vulnerability can allow a remote attacker to disclose sensitive information that is protected by the system...

Linux Distros Unpatched Vulnerability : CVE-2026-52719

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds read vulnerability was found in the VA JPEG decoder in GStreamer's gst-plugins-bad. The JPEG parser reads a segment length value from the...

ROS-20260615-73-0011

The vulnerability of the planardecompressplanerle function in the FreeRDP RDP client is related to data writing beyond the specified buffer. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...

ROS-20260615-73-0021

The vulnerability of the xfAppUpdateWindowFromSurface function in the RDP client FreeRDP relates to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

ROS-20260615-73-0022

The vulnerability of the xfAppUpdateWindowFromSurface function in the RDP client FreeRDP relates to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

RHEL 8 : webkit2gtk3 (RHSA-2026:25918)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25918 advisory. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Processing maliciously...