PT-2026-20788

Name of the Vulnerable Software and Affected Versions LibreNMS versions 26.1.1 and below Description LibreNMS, an auto-discovering PHP/MySQL/SNMP based network monitoring tool, contains a Stored Cross-Site Scripting XSS issue. The device group name is not sanitized, allowing attackers with admin...

PT-2026-23521

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.14 Description The Slack slash-command handler incorrectly authorizes any direct message sender when the dmPolicy is set to open. This allows attackers to execute privileged slash commands via direct message,...

📄 FortiGate Advanced Symlink Bypass Exploit

This Python script is an advanced exploitation tool targeting vulnerable FortiGate devices manufactured by Fortinet. It attempts to exploit a symlink/path bypass vulnerability via the /lang//custom/ endpoint in order to access sensitive internal files that should not be publicly accessible...

CVE-2026-1080

GitLab has remediated an issue in GitLab EE affecting all versions from 16.7 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to access iteration data from private descendant groups by querying the iterations API...

GitLab 16.7 < 18.6.6 / 18.7 < 18.7.4 / 18.8 < 18.8.4 (CVE-2026-1080)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab EE affecting all versions from 16.7 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticate...

Linux Distros Unpatched Vulnerability : CVE-2026-1080

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab EE affecting all versions from 16.7 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain...

CVE-2026-1080

GitLab has remediated an issue in GitLab EE affecting all versions from 16.7 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to access iteration data from private descendant groups by querying the iterations API...

UBUNTU-CVE-2026-1080

GitLab has remediated an issue in GitLab EE affecting all versions from 16.7 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to access iteration data from private descendant groups by querying the iterations API...

CVE-2026-1080 Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 16.7 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to access iteration data from private descendant groups by querying the iterations API...

CVE-2026-1080

GitLab has remediated an issue in GitLab EE affecting all versions from 16.7 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to access iteration data from private descendant groups by querying the iterations API...

CVE-2026-1080 Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 16.7 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to access iteration data from private descendant groups by querying the iterations API...

CVE-2026-1080 Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 16.7 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to access iteration data from private descendant groups by querying the iterations API...

CVE-2026-1080

GitLab EE multiple versions affected (16.7 before 18.6.6, 18.7 before 18.7.4, 18.8 before 18.8.4). Under certain conditions, an authenticated user could access iteration data for private descendant groups by querying the iterations API endpoint. The issue has been remediated in a patch release: 1...

CVE-2026-1080

Removed by vendor...

CVE-2026-1080

GitLab has remediated an issue in GitLab EE affecting all versions from 16.7 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to access iteration data from private descendant groups by querying the iterations API...

PT-2026-7526

Name of the Vulnerable Software and Affected Versions GitLab EE versions 16.7 through 18.6.5 GitLab EE versions 18.7 through 18.7.3 GitLab EE versions 18.8 through 18.8.3 Description An authenticated user could potentially access iteration data from private descendant groups. This access was...

CVE-2026-25885 PolarLearn allows Unauthenticated WebSocket access allows subscribing to and posting in arbitrary group chats

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-16 and earlier, the group chat WebSocket at wss://polarlearn.nl/api/v1/ws can be used without logging in. An unauthenticated client can subscribe to any group chat by providing a group UUID, and can also send messages to any...

PolarLearn 访问控制错误漏洞

PolarLearn is an online learning platform developed by PolarNL. Versions of PolarLearn prior to 0-PRERELEASE-16 contain access control vulnerability issues. This vulnerability stems from the use of WebSocket in group chats without the need for login, which may allow unverified clients to subscrib...

Fedora 42 : xorgxrdp / xrdp (2026-b409dad73e)

The remote Fedora 42 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-b409dad73e advisory. Release notes for xrdp v0.10.5 2026/01/27 Security fixes - CVE-2025-68670: Improper bounds checking of domain string length leads to Stack-based...

CVE-2025-13416

The CVE-2025-13416 relates to the ProfileGrid – User Profiles, Groups and Communities WordPress plugin. Affected versions are all up to and including 5.9.7.2. Root cause: missing capability check in the pm_deactivate_user_from_group() function, enabling authenticated users with Subscriber-level a...