[SECURITY] Fedora 43 Update: roundcubemail-1.6.14-1.fc43

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

[SECURITY] Fedora 44 Update: roundcubemail-1.7~rc5-1.fc44

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

vulnx 2.0.1

vulnx is a command-line interface CLI tool designed to provide a structured and easily navigable interface to various vulnerability databases...

CVE-2026-1497

Incorrect resolving of namespaces in composite databases in Neo4j Enterprise edition prior to versions 2026.02 and 5.26.22 can lead to the following scenario: an admin that intends to give a user an access to a remote database constituent "namespace.name" will inadvertently grant access to any...

An AI gateway designed to steal your data

A significant proportion of cyberincidents are linked to supply chain attacks, and this proportion is constantly growing. Over the past year, we have seen a wide variety of methods used in such attacks, ranging from creation of malicious but seemingly legitimate open-source libraries or delayed...

vulnx 2.0.0

vulnx is a command-line interface CLI tool designed to provide a structured and easily navigable interface to various vulnerability databases...

LeakBase Admin Arrested in Russia Over Massive Stolen Credential Marketplace

The alleged administrator of the LeakBase cybercrime forum has been arrested by Russian law enforcement authorities, state media reported Thursday. According to TASS and MVD Media, a news website linked to the Russian Interior Ministry, the suspect is a resident of the city of Taganrog. The suspe...

MantisBT < 2.28.1 SOAP API Authentication Bypass (GHSA-phrq-pc6r-f6gh)

The version of MantisBT installed on the remote host is prior to 2.28.1. It is, therefore, affected by a vulnerability: - An authentication bypass vulnerability exists in the SOAP API due to improper type checking on the password parameter when running on MySQL family databases. Using a crafted...

CVE-2026-30849 MantisBT SOAP API has an authentication bypass vulnerability on MySQL

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions prior to 2.28.1 running on MySQL family databases are affected by an authentication bypass vulnerability in the SOAP API, as a result of an improper type checking on the password parameter. Other database backends are not...

EUVD-2025-208933

SQL Injection in Cuantis. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'search' parameter in the '/search.php' endpoint...

PT-2026-27113

SQL Injection in Cuantis. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'search' parameter in the '/search.php' endpoint...

CVE-2026-33226

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In versions from 3.30.6 and prior, the REST datasource query preview endpoint POST /api/queries/preview makes server-side HTTP requests to any URL supplied by the user in fields.path with no validation. An...

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy, a popular open-source vulnerability scanner maintained by Aqua Security, was compromised a second time within the span of a month to deliver malware capable of stealing sensitive CI/CD secrets. The latest incident impacted GitHub Actions "aquasecurity/trivy-action" and...

CVE-2026-32628

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, a SQL injection vulnerability in the built-in SQL Agent plugin allows any user who can invoke the agent to execute arbitrary SQL commands on connected...

EUVD-2025-208665

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.72, 6.2.0.0 through 6.2.0.51, and 6.2.1.0 through 6.2.1.11 are vulnerable to SQL injection. An administrative user could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or...

CVE-2026-32628 AnythingLLM has SQL Injection in Built-in SQL Agent Plugin via Unsanitized table_name Parameter

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, a SQL injection vulnerability in the built-in SQL Agent plugin allows any user who can invoke the agent to execute arbitrary SQL commands on connected...

PT-2026-25382

Name of the Vulnerable Software and Affected Versions AnythingLLM versions 1.11.1 and earlier Description AnythingLLM is an application that turns content into context for use with Large Language Models LLMs. A SQL injection issue exists in the built-in SQL Agent plugin, allowing users who can...

EUVD-2026-11184

Incorrect resolving of namespaces in composite databases in Neo4j Enterprise edition prior to versions 2026.02 and 5.26.22 can lead to the following scenario: an admin that intends to give a user an access to a remote database constituent "namespace.name" will inadvertently grant access to any...

CVE-2026-1497

Incorrect resolving of namespaces in composite databases in Neo4j Enterprise edition prior to versions 2026.02 and 5.26.22 can lead to the following scenario: an admin that intends to give a user an access to a remote database constituent "namespace.name" will inadvertently grant access to any...

CVE-2026-1497 Incorrect privilege assignment in composite databases

Incorrect resolving of namespaces in composite databases in Neo4j Enterprise edition prior to versions 2026.02 and 5.26.22 can lead to the following scenario: an admin that intends to give a user an access to a remote database constituent "namespace.name" will inadvertently grant access to any...