CVE-2026-45046

Gryph Agents vulnerability CVE-2026-45046 affects Gryph’s local logging layer prior to version 0.7.0. The project’s security notes and CVE records indicate that the default standard logging level could include sensitive file content (ContentPreview, OldString, NewString) in payloads stored to a l...

WordPress WP Contact Form 7 DB Handler plugin <= 3.0 - Cross-Site Request Forgery to Arbitrary File Deletion vulnerability

Cross-Site Request Forgery to Arbitrary File Deletion vulnerability discovered by ? in WordPress Plugin WP Contact Form 7 DB Handler versions = 3.0...

CVE-2026-46086

A flaw was found in the Linux kernel. Inconsistent handling of local Forwarding Database FDB entries in the bridge networking component's RCU Read-Copy-Update readers can lead to a null-pointer dereference. A local attacker could exploit this by triggering a concurrent update to an FDB entry,...

CVE-2026-44521

elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Prior to 2.1.68, an authenticated SQL injection vulnerability in the elFinder MySQL volume driver elFinderVolumeMySQL allows any logged-in user, including users with read-only access to the affected volume, to...

EUVD-2026-32607

elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Prior to 2.1.68, an authenticated SQL injection vulnerability in the elFinder MySQL volume driver elFinderVolumeMySQL allows any logged-in user, including users with read-only access to the affected volume, to...

CVE-2026-44521 elFinder: SQL Injection MySQL Volume Driver (elFinderVolumeMySQL)

elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Prior to 2.1.68, an authenticated SQL injection vulnerability in the elFinder MySQL volume driver elFinderVolumeMySQL allows any logged-in user, including users with read-only access to the affected volume, to...

EUVD-2026-32597

Budibase is an open-source low-code platform. Prior to 3.38.2, the public API role unassignment endpoint POST /api/public/v1/roles/unassign updates user documents in CouchDB but does not invalidate the corresponding Redis user cache entries. Because the authentication middleware resolves user...

GHSA-36FC-7WJG-MFVJ Pimcore has Unsafe PHP Deserialization in Multiple Locations Without allowed_classes Restriction

GM-374 Summary Multiple locations in Pimcore v11 call PHP's unserialize on data from database columns and filesystem files without the allowedclasses restriction, enabling object injection if an attacker can control the serialized data source. Affected Component - Package: pimcore/pimcore and...

Pimcore has Unsafe PHP Deserialization in Multiple Locations Without allowed_classes Restriction

GM-374 Summary Multiple locations in Pimcore v11 call PHP's unserialize on data from database columns and filesystem files without the allowedclasses restriction, enabling object injection if an attacker can control the serialized data source. Affected Component - Package: pimcore/pimcore and...

[SECURITY] Fedora 42 Update: rrdtool-1.9.0-8.fc42

RRD is the Acronym for Round Robin Database. RRD is a system to store and display time-series data i.e. network bandwidth, machine-room temperature, server load average. It stores the data in a very compact way that will not expand over time, and it presents useful graphs by processing the data t...

EUVD-2026-32280

IBM Cloud APM, Base Private 8.1.4 and IBM Cloud APM, Advanced Private 8.1.4 IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of the Fenced...

CVE-2026-1248

IBM Business Automation Workflow containers and traditional may leak information about its database structure in error messages...

CVE-2026-1248

Technical details (affected components, root cause, remediation) are not publicly available in the provided documents; monitor for updates.

CVE-2026-1248

IBM Business Automation Workflow containers and traditional may leak information about its database structure in error messages...

CVE-2026-1248 IBM Business Automation Workflow information leak

IBM Business Automation Workflow containers and traditional may leak information about its database structure in error messages...

EUVD-2026-32521

IBM Business Automation Workflow containers and traditional may leak information about its database structure in error messages...

CVE-2026-1248 IBM Business Automation Workflow information leak

IBM Business Automation Workflow containers and traditional may leak information about its database structure in error messages...

CVE-2026-6052

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to running out of memory when executing certain queries with MDC tables...

UBUNTU-CVE-2026-45913

In the Linux kernel, the following vulnerability has been resolved: net: bridge: mcast: always update mdbnentries for vlan contexts syzbot triggered a warning1 about the number of mdb entries in a context. It turned out that there are multiple ways to trigger that warning today some got added...

UBUNTU-CVE-2026-46086

In the Linux kernel, the following vulnerability has been resolved: net: bridge: use a stable FDB dst snapshot in RCU readers Local FDB entries can be rewritten in place by fdbdeletelocal, which updates f-dst to another port or to NULL while keeping the entry alive. Several bridge RCU readers...