CVE-2026-6745

A vulnerability was determined in Bagisto up to 2.3.15. Affected by this vulnerability is an unknown functionality of the component Custom Scripts Handler. This manipulation causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may...

CVE-2026-6744

A vulnerability was found in Bagisto up to 2.3.15. Affected is the function copy of the component Downloadable Link Handler. The manipulation results in server-side request forgery. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted...

CVE-2026-6745 Bagisto Custom Scripts cross site scripting

A vulnerability was determined in Bagisto up to 2.3.15. Affected by this vulnerability is an unknown functionality of the component Custom Scripts Handler. This manipulation causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may...

CVE-2026-6744

Bagisto (up to 2.3.15) contains a vulnerability in the Copy function of the Downloadable Link Handler that enables server-side request forgery (SSRF). The issue is exploitable remotely and has publicly available exploits; vendor notes that issues are addressed via a security advisory and plans fi...

CVE-2026-6744 Bagisto Downloadable Link copy server-side request forgery

A vulnerability was found in Bagisto up to 2.3.15. Affected is the function copy of the component Downloadable Link Handler. The manipulation results in server-side request forgery. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted...

CVE-2026-6744 Bagisto Downloadable Link copy server-side request forgery

A vulnerability was found in Bagisto up to 2.3.15. Affected is the function copy of the component Downloadable Link Handler. The manipulation results in server-side request forgery. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted...

CVE-2026-40568

Summary (CVE-2026-40568) : FreeScout prior to version 1.8.213 contains a stored XSS in the mailbox signature due to incomplete HTML sanitization in Helper::stripDangerousTags(). The sanitizer blocks only four tags (script, form, iframe, object) and misses event-handler attributes, allowing HTML e...

Security Bulletin: There is a vulnerability in vertx-core-4.1.0.jar used by IBM Maximo Asset Management application (CVE-2026-1002)

Summary There is a vulnerability in vertx-core-4.1.0.jar used by IBM Maximo Asset Management application CVE-2026-1002 Vulnerability Details CVEID:CVE-2026-1002 DESCRIPTION: The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler...

PublicCMS 安全漏洞

PublicCMS is an open-source content management system CMS developed by PublicCMS Company in China using the Java language. Versions of PublicCMS 6.202506.d and earlier have security vulnerabilities. These vulnerabilities stem from incorrect handling of the parameter ‘errorPassword’ in the ‘Failed...

goshs 访问控制错误漏洞

Goshs is a simple HTTP server developed by Patrick Hener using Go language. Versions of Goshs prior to 2.0.0-beta.6 contained an access control vulnerability. This vulnerability occurred when using the basic authentication syntax with an empty username recorded in the documentation, without...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013168)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013168 advisory. In the Linux kernel, the following vulnerability has been resolved: dccp: Fix out of bounds access in DCCP error handler There was a previous attempt to fix an...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-012996)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-012996 advisory. In the Linux kernel, the following vulnerability has been resolved: dccp: Fix out of bounds access in DCCP error handler There was a previous attempt to fix an...

PT-2026-34181

A vulnerability was determined in Sanluan PublicCMS up to 6.202506.d. Affected is the function log login of the file core/src/main/java/com/publiccms/controller/admin/LoginAdminController.java of the component Failed Login Handler. This manipulation of the argument errorPassword causes cleartext...

PT-2026-34047

Name of the Vulnerable Software and Affected Versions Bagisto versions prior to 2.3.16 Description An issue exists in the Custom Scripts Handler component that allows for cross site scripting. This flaw enables remote exploitation through the manipulation of an unknown functionality within the...

PT-2026-34046

Name of the Vulnerable Software and Affected Versions Bagisto versions prior to 2.3.16 Description An issue exists in the Downloadable Link Handler component within the copy function. Remote manipulation of this function can lead to server-side request forgery, a flaw where an attacker can induce...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010931)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010931 advisory. In the Linux kernel, the following vulnerability has been resolved: misc: ocxl: fix possible refcount leak in afuioctl eventfdctxput need to be called to put the...

Bagisto 代码问题漏洞

Bagisto is an open-source e-commerce framework developed by Webkul Software in India. Versions of Bagisto 2.3.15 and earlier contained code vulnerabilities. These vulnerabilities stemmed from improper handling of the copy function in the Downloadable Link Handler component, which could lead to...

Bagisto 跨站脚本漏洞

Bagisto is an open-source e-commerce framework developed by Webkul Software in India. Versions of Bagisto 2.3.15 and earlier had a cross-site scripting vulnerability. This vulnerability stemmed from improper operation of the Custom Scripts Handler component, which could lead to cross-site scripti...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013086)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013086 advisory. In the Linux kernel, the following vulnerability has been resolved: vfio/fsl-mc: Block calling interrupt handler without trigger The eventfdctx trigger pointer of th...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-010730)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010730 advisory. A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is an unknown function of the file mm/memory.c of the component Driver...