CVE-2026-56014

Unauthenticated Cross Site Scripting XSS in Master Slider = 3.11.2 versions...

Palo Alto Networks PAN-OS 10.2.x / 11.1.x / 11.2.x / 12.1.x Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is a vulnerable version of 10.2.x, 11.1.x, 11.2.x, or 12.1.x. It is, therefore, affected by a vulnerability. A memory corruption vulnerability in the processing of tunnel traffic in Palo Alto Networks PAN-OS software allows an...

EUVD-2026-31913

Chatwoot is a customer engagement suite. From 2.2.0 to before 4.11.2, a SQL injection vulnerability exists in the conversation and contact filter APIs. When filtering by a custom attribute of type date or number using the isgreaterthan or islessthan operators, user-supplied values in the values...

Astra Linux - уязвимость в webkit2gtk

A logic issue has been addressed through improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4, and iPadOS 14.4. A remote attacker may be able to execute arbitrary code. Apple is aware of a report indicating...

Drupal to Release Urgent Core Security Updates on May 20, Sites Told to Prepare

Drupal has issued an alert stating that it intends to release a "core security release" for all supported branches on May 20, 2026, from 5-9 p.m. UTC. "The Drupal Security Team urges you to reserve time for core updates at that time because exploits might be developed within hours or days," the...

NPM: vm2 Has a Sandbox Breakout Using Async Generator

NPM: vm2 Has a Sandbox Breakout Using Async Generator vulnerability discovered by ? in WordPress Npm vm2 versions = 3.11.2...

CVE-2026-44009 vm2: Sandbox Breakout Through Null Proto Exception

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.2, This vulnerability is fixed in 3.11.2...

vm2 安全漏洞

vm2 is a high-level virtual machine/sandbox developed by Czech developer Patrik Simek. It runs untrusted code using Node’s built-in modules listed in the allowlist. Versions of vm2 prior to 3.11.2 had a security vulnerability. This vulnerability stemmed from the neutralizeArraySpeciesBatch method...

Security Bulletin: Vulnerabilities exists in IBM Netezza Analytics for NPS

Summary Vulnerabilities exists in IBM Netezza Analytics for NPS addressed in 11.2.30. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, an...

PT-2026-34472

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 11.2 through 18.9.5 GitLab CE/EE versions 18.10 through 18.10.3 GitLab CE/EE versions 18.11 through 18.11.0 Description An improper authorization check allows an authenticated user with project owner permissions to bypass...

CVE-2026-39526

WpStream WordPress plugin < 4.11.2 contains an Insecure Direct Object References (IDOR) vulnerability leading to an Authorization Bypass via a user-controlled key. Root cause: misconfigured access control allowing unauthorized access to resources. Affected product/version: WPStream plugin for ...

CVE-2026-4248

The CVE-2026-4248 entry concerns the Ultimate Member WordPress plugin with a vulnerability in versions up to 2.11.2. The issue arises because the '{usermeta:password_reset_link}' template tag is processed inside post content via the [um_loggedin] shortcode, generating a valid password reset token...

PT-2026-28639

Name of the Vulnerable Software and Affected Versions Ultimate Member plugin for WordPress versions through 2.11.2 Description The Ultimate Member plugin for WordPress is susceptible to Sensitive Information Exposure. The issue stems from the 'usermeta:password reset link' template tag being...

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. There is a security vulnerability in Mattermost, which stems from the lack of verification of the size of extracted files during decompression. This vulnerability could allow authenticated users to b...

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Vulnerabilities exist in Mattermost versions 11.2.2 and earlier of the 11.2.x series, as well as versions 10.11.10 and earlier of the 10.11.x series, 11.4.0 and earlier of the 11.4.x series, and 11.3...

CVE-2026-26304

Mattermost vulnerability CVE-2026-26304 affects Mattermost server versions 11.3.x (up to 11.3.0) and 11.2.x (up to 11.2.2). The issue is a permission check bypass in the playbook run creation path: run_create permission for an empty playbookId is not verified, enabling team members to create unau...

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.3.0 and earlier 11.3.x series, as well as 11.2.2 and earlier versions 11.2.x series, have security vulnerabilities. These vulnerabilities stem from the unauthorized...

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.3.0 and earlier 11.3.x series, 11.2.2 and earlier 11.2.x series, as well as 10.11.10 and earlier 10.11.x series, have security vulnerabilities. These vulnerabilities...

Adobe Substance3D Painter 代码问题漏洞

Adobe Substance3D Painter is a 3D scene-building software developed by Adobe, a company based in America. Versions of Adobe Substance3D Painter 11.1.2 and earlier contained a code vulnerability caused by a null pointer dereferencing, which could lead to a denial-of-service attack...

Linux Distros Unpatched Vulnerability : CVE-2026-30851

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Caddy is an extensible server platform that uses TLS by default. From version 2.10.0 to before version 2.11.2, forwardauth copyheaders does not strip...