CVE-2026-45267 Nextcloud: Missing permission check for from submissions

Nextcloud is an open source content collaboration platform. Prior to version 5.2.6, a missing permissions check allowed users to request reading form submissions of other users. This issue has been patched in version 5.2.6...

PT-2026-45477

Nextcloud is an open source content collaboration platform. Prior to version 5.2.6, a missing permissions check allowed users to request reading form submissions of other users. This issue has been patched in version 5.2.6...

CVE-2026-41401

CVE-2026-41401 affects libyang prior to 5.2.6, where a heap-use-after-free occurs in lyd_parser_set_data_flags due to incorrect updates to metadata list pointers when freeing non-head default metadata entries. This can be triggered by submitting crafted YANG XML documents with specific metadata a...

CVE-2026-41401 libyang - Heap Use-After-Free Write in XML Metadata Parsing

libyang before 5.2.6 contains a heap use-after-free write vulnerability in lydparsersetdataflags that incorrectly updates metadata list pointers when freeing non-head default metadata entries. Attackers can trigger this vulnerability by submitting crafted YANG XML documents with specific metadata...

WordPress Ninja Tables – Easy Data Table Builder plugin <= 5.2.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Table Creation vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Table Creation vulnerability discovered by nquangit - Techlab Corporation in WordPress Plugin Ninja Tables versions = 5.2.6...

CVE-2026-1537

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the loadstep function in all versions up to, and including, 5.2.6. This makes it possible for unauthenticated attackers to vie...

CVE-2026-1537 LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.6 - Missing Authorization to Booking Details Exposure

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the loadstep function in all versions up to, and including, 5.2.6. This makes it possible for unauthenticated attackers to vie...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004061)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004061 advisory. An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in shownumastats because NUMA fault statisti...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004088)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004088 advisory. An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2usb.c driver...

CVE-2025-52635

creationtimestamp| type| source ---|---|--- 2025-10-10 11:11:48+00:00| seen| Telegram/U6-OpfEB8PA8JmfNuGIjjqscc7fjmIVPnKg9RJrQefpg5Q...

CVE-2025-47213

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

EUVD-2025-32331

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

EUVD-2025-32370

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

PT-2025-40568

Name of the Vulnerable Software and Affected Versions QNAP versions prior to 5.2.6.3195 build 20250715 Description A flaw exists where a remote attacker with administrator privileges can trigger a denial-of-service DoS condition due to a NULL pointer dereference. Recommendations Update to QTS...

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect through the returnUrl parameter. An attacker can redirect users to malicious websites by crafting a URL that, when clicked, leads to an arbitrary external site. Remediation Upgrade mautic/core-lib to version 5.2.6, 6.0.2 o...

GHSA-MVWQ-HCRJ-F5X9 Apereo CAS has inefficient regular expression complexity

A vulnerability was found in Apereo CAS 5.2.6. It has been declared as problematic. This vulnerability affects unknown code of the file cas-5.2.6\core\cas-server-core-configuration-metadata-repository\src\main\java\org\apereo\cas\metadata\rest\CasConfigurationMetadataServerController.java. The...

Apereo CAS 注入漏洞

Apereo CAS is a web-based enterprise multilingual single sign-on solution from Apereo open source. An injection vulnerability exists in Apereo CAS version 5.2.6, which originates from the file cas-5.2.6webapp-mgmtcas-management-webapp-...

PT-2024-17672 · WordPress · Calculated Fields Form

Name of the Vulnerable Software and Affected Versions: Calculated Fields Form plugin for WordPress versions up to, and including, 5.2.63 Description: The issue is related to unlimited height and width parameters for CAPTCHA images, allowing unauthenticated attackers to send multiple requests with...

PT-2024-16428 · Fluent Forms · Contact Form Plugin By Fluent Forms

Name of the Vulnerable Software and Affected Versions: Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder versions prior to 5.2.6 Description: The issue is related to Stored Cross-Site Scripting via the form's subject parameter due to insufficient input...

PYSEC-2024-86

Wagtail is an open source content management system built on Django. A bug in Wagtail's parsequerystring would result in it taking a long time to process suitably crafted inputs. When used to parse sufficiently long strings of characters without a space, parsequerystring would take an unexpectedl...