CVE-2026-27747 SPIP interface_traduction_objets < 2.2.2 Authenticated SQL Injection

The SPIP interfacetraductionobjets plugin versions prior to 2.2.2 contain an authenticated SQL injection vulnerability in interfacetraductionobjetspipelines.php. When handling translation requests, the plugin reads the idparent parameter from user-supplied input and concatenates it directly into ...

CVE-2026-27747

The SPIP interfacetraductionobjets plugin versions prior to 2.2.2 contain an authenticated SQL injection vulnerability in interfacetraductionobjetspipelines.php. When handling translation requests, the plugin reads the idparent parameter from user-supplied input and concatenates it directly into ...

CVE-2026-25131

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, a Broken Access Control vulnerability exists in the OpenEMR order types management system, allowing low-privilege users such as Receptionist to add and modify procedure...

PT-2026-21860

Name of the Vulnerable Software and Affected Versions SPIP interface traduction objets plugin versions prior to 2.2.2 SPIP interface traduction objets plugin versions 2.2.2 through 4.3.3 Description The SPIP interface traduction objets plugin contains an authenticated remote code execution issue ...

PT-2026-22050

Name of the Vulnerable Software and Affected Versions Zed versions prior to 0.224.4 Description The extension installer in Zed allows tar/gzip downloads. Prior to version 0.224.4, the tar extractor uses async tar::Archive::unpack which creates symlinks from the archive without validation. The pat...

PT-2026-22049

Name of the Vulnerable Software and Affected Versions Zed versions prior to 0.225.9 Description A symlink escape issue exists in Zed, a code editor, within the Agent file tools read file, edit file. This allows reading and writing files outside the project directory when the project contains...

PT-2026-21862

The SPIP interface traduction objets plugin versions prior to 4.3.3 contain an authenticated SQL injection vulnerability in interface traduction objets pipelines.php. When handling translation requests, the plugin reads the id parent parameter from user-supplied input and concatenates it directly...

Material Icons - Moderately critical - Access bypass - SA-CONTRIB-2026-011

This module enables you to add icons to CKEditor. The module doesn't sufficiently add custom permissions to the dialog and autocomplete routes, allowing full access to the routes in most scenarios...

CVE-2026-3027

A vulnerability was found in erzhongxmu JEEWMS up to 3.7. This affects an unknown part of the file src/main/webapp/plug-in/ueditor/jsp/getContent.jsp of the component UEditor. The manipulation of the argument myEditor results in cross site scripting. The attack can be launched remotely. The explo...

Cross-site Scripting (XSS)

Overview nicegui is a Create web-based user interfaces with Python. The nice way. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the runmethod function. An attacker can execute arbitrary JavaScript in the victim's browser by supplying crafted input as a method...

CLSA-2026-1771956020 gimp: Fix of CVE-2025-15059

CVE-2025-15059: fix PSP file loader to validate channel types for grayscale images, preventing invalid memory access from incorrect offset computation...

ROS-20260224-73-0004

Vulnerability in gimp related to buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

Linux Distros Unpatched Vulnerability : CVE-2026-26047

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A denial-of-service vulnerability was identified in Moodle's TeX formula editor. When rendering TeX content using mimetex, insufficient execution time limits...

ROS-20260224-73-0006

Vulnerability in gimp related to memory usage after memory has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

CVE-2026-3027

A vulnerability was found in erzhongxmu JEEWMS up to 3.7. This affects an unknown part of the file src/main/webapp/plug-in/ueditor/jsp/getContent.jsp of the component UEditor. The manipulation of the argument myEditor results in cross site scripting. The attack can be launched remotely. The explo...

CVE-2026-3026

A vulnerability has been found in erzhongxmu JEEWMS 3.7. Affected by this issue is some unknown functionality of the file /plug-in/ueditor/jsp/getRemoteImage.jsp of the component UEditor. The manipulation of the argument upfile leads to server-side request forgery. The attack can be initiated...

CVE-2026-27198

Formwork is a flat file-based Content Management System CMS. In versions 2.0.0 through 2.3.3, the application fails to properly enforce role-based authorization during account creation. Although the system validates that the specified role exists, it does not verify whether the current user has...

CVE-2026-2040

PDF-XChange Editor TrackerUpdate Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of PDF-XChange Editor. An attacker must first obtain the ability to execute low-privileged code on...

CVE-2025-69381

Missing Authorization vulnerability in vanquish WooCommerce Bulk Product Editor woocommerce-quick-product-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Bulk Product Editor: from n/a through = 3.0...

Moodle TeX formula editor is vulnerable to DoS through lack of execution time limits

A Denial of Service vulnerability was identified in Moodle’s TeX formula editor. When rendering TeX content using mimetex, insufficient execution time limits could allow specially crafted formulas to consume excessive server resources. An authenticated user could abuse this behavior to degrade...