CVE-2026-48190 Incorrect handling of permissions in External Interface Config Item List module

An incorrect handling of permissions in OTRS External Interface and the ConfigItem List module allows an authenticated customer to query the system for CI information. Please note that CMDB has to be anabled and CustomerGroupSupport has to be used to be affected. This issue affects OTRS: 7.0.X...

PT-2026-45262

An incorrect handling of permissions in OTRS External Interface and the ConfigItem List module allows an authenticated customer to query the system for CI information. Please note that CMDB has to be anabled and CustomerGroupSupport has to be used to be affected. This issue affects OTRS: 7.0.X...

CVE-2026-7459 Simple History – Track, Log, and Audit WordPress Changes <= 5.26.0 - Authenticated (Subscriber+) Account Takeover via Missing Authorization on Event Reaction Endpoint

The Simple History – Track, Log, and Audit WordPress Changes plugin for WordPress is vulnerable to authenticated Subscriber+ account takeover in all versions up to, and including, 5.26.0 via the event reaction endpoints reacttoevent / unreacttoevent. The endpoints register getitemspermissionschec...

CVE-2026-44421

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs. The bug is in gdiCacheToSurface: it validates a destination rectangle that is clamped to UINT16MA...

CVE-2026-46527

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has called Server::settrustedproxies with a non-empty trusted-proxy list, an attacker can send an HTTP request that includes an X-Forwarded-For header whose value parses to no valid ...

CVE-2026-45668 Trilium Notes : Note Import to RCE via #docName Path Traversal (Safe Import Enabled)

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Prior to 0.102.2, a malicious ZIP archive imported with safe import enabled achieves RCE via docName path traversal and XSS by combining a payload note type: code, mime:...

CVE-2025-41280

CVE-2025-41280 affects Waterfall WF-500 RX Host (version 7.9.1.0 R2502171040). The vulnerability is a CWE-23 Relative Path Traversal (Zip Slip) in the MySQL connector scenario when file compression is enabled, allowing a user with access to the TX Host to execute code on the RX Host. Documented i...

CVE-2025-41280

Nozomi Networks Labs identified a CWE-23: Relative Path Traversal Zip Slip in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers with access to the TX Host to execute code on the RX Host when a MySQL connector is configured and file compression is enabled...

CVE-2026-46154

In the Linux kernel, the following vulnerability has been resolved: schedext: Read scxroot under scxcgroupopsrwsem in cgroup setters scxgroupsetweight,idle,bandwidth cache scxroot before acquiring scxcgroupopsrwsem, so the pointer can be stale by the time the op runs. If the loaded scheduler is...

SUSE CVE-2026-46066

In the Linux kernel, the following vulnerability has been resolved: ceph: fix numops off-by-one when crypto allocation fails movedirtyfolioinpagearray may fail if the file is encrypted, the dirty folio is not the first in the batch, and it fails to allocate a bounce buffer to hold the ciphertext...

kernel: mm: thp: deny THP for files on anonymous inodes

A flaw was found in the Linux kernel's Transparent Huge Pages THP mechanism. This vulnerability occurs because the filethpenabled function incorrectly allows THP for files on anonymous inodes, which are not designed for this feature. An attacker could potentially exploit this by manipulating...

GHSA-Q3W6-Q3HC-C5X6 FUXA's Unauthenticated Project Data Disclosure Exposes Server-Side Scripts and Device Configurations

Summary The GET /api/project endpoint exposes sensitive project configuration data to guest-context requests even when secureEnabled is enabled. Details File: server/api/projects/index.js javascript prjApp.get"/api/project", secureFnc, functionreq, res const permission = checkGroupsFncreq;...

CVE-2026-46014

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Add missing save/restore handling of LBR MSRs MSRIA32DEBUGCTLMSR and LBR MSRs are currently not enumerated by KVMGETMSRINDEXLIST, and LBR MSRs cannot be set with KVMSETMSRS. So save/restore is completely broken. Fix it ...

EUVD-2026-32395

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Add missing save/restore handling of LBR MSRs MSRIA32DEBUGCTLMSR and LBR MSRs are currently not enumerated by KVMGETMSRINDEXLIST, and LBR MSRs cannot be set with KVMSETMSRS. So save/restore is completely broken. Fix it ...

PT-2026-44163

Name of the Vulnerable Software and Affected Versions FUXA version 1.3.0 Description The '/api/project' endpoint exposes sensitive SCADA/HMI project configuration data to unauthenticated requests. This occurs because the secureFnc middleware utilizes a function that automatically generates a vali...

CVE-2026-48126

Algernon is a small self-contained pure-Go web server. Prior to 1.17.8, when algernon is started with --domain or --letsencrypt, which silently turns on --domain at engine/flags.go:372, the request handler resolves the served directory by joining the configured --dir with the value of the...

CVE-2026-7251 Eppendorf BioFlo 320 Use of hard-coded password

Eppendorf BioFlo 320 is vulnerable due to VNC server using a hard-coded password. If a remote attacker knows the network address of any BioFlo 320 model with remote access enabled, they can gain full control of the user interface by using this password. Once connected, the attacker would have ful...

CVE-2026-45728

Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, when Algernon is invoked with a single file path instead of a directory, singleFileMode is set to true and debugMode is forcibly enabled. debugMode activates the PrettyError renderer, which on any Lua or template error respon...

CVE-2026-48136 Authenticated Administrator Role-Based Access Control Bypass in Compliance

When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain CMA can modify stored metadata associated with Compliance Best Practices in another Management Domain, where the administrator has no access permission...

EUVD-2026-31823

When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain CMA can modify stored metadata associated with Compliance Best Practices in another Management Domain, where the administrator has no access permission...