EUVD-2026-38247

Mattermost versions 11.7.x = 11.7.0, 11.6.x = 11.6.2, 11.5.x = 11.5.5, 10.11.x = 10.11.17 fail to invalidate cached authentication state for active WebSocket connections during global session revocation, which allows a user with an existing WebSocket connection to remain authenticated and continu...

EUVD-2026-36145

A memory corruption vulnerability in the processing of tunnel traffic in Palo Alto Networks PAN-OS® software allows an authenticated user to initiate system reboots using a maliciously crafted packet. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode. Panorama,...

CVE-2026-4916

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with custom role permissions to demote or remove higher-privileged group members due to improper authorization...

CVE-2025-43457 vulnerabilities

Vulnerabilities for packages: openjdk-25-openj9, openjdk-26-openj9, openjdk-21-openj9, openjdk-8-openj9, openjdk-11-openj9, openjdk-17-openj9...

@agent-native/core (>=0.26.5 <=0.28.5), @intlayer/backend (=8.7.0-canary.0) +6 more potentially affected by CVE-2026-45337 via better-auth (>=1.6.0 <=1.6.10)

better-auth NPM version =1.6.0, =0.26.5, =0.0.33, =0.2.0, =1.6.0, =0.1.2, =0.2.0 Source cves: CVE-2026-45337 Source advisory: SNYK:JS-BETTERAUTH-17173857...

0xpay-cc-sdk (>=0.0.8 <=0.1.0), 0xtrails (>=0.0.0-20251106131028 <=0.16.0) +7399 more potentially affected by CVE-2026-44487 via axios (>=1.0.0 <=1.15.2)

axios NPM version =1.0.0, =0.0.8, =0.0.0-20251106131028, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =1.0.0, =0.0.2-beta.0, =8.0.5, =6.1.0, =0.0.0-canary-847463221a9a1bee28641d8c0ecfaca98ee142f6, =0.0.1-alpha.3, =0.1.6-alpha.11, =0.1.6-alpha.12 and more Source cves: CVE-2026-44487 Source advisory:...

CVE-2026-BetterSQLCipher-RCE

CVE-2026-XXXXX: better-sqlcipher loadExtension Remote Code E...

gov.nasa.pds:registry-mgr-legacy (>=2.3.9 <=2.4.0), io.github.pl-buiquang:spark-solr (=4.1.0) +24 more potentially affected by CVE-2026-44825 via org.apache.solr:solr-core (>=9.4.0 <=9.9.0)

org.apache.solr:solr-core MAVEN version =9.4.0, =2.3.9, =3.0.0, =2.0.0-M1, =2.0.0-M1, =9.4.0, =9.4.0, =9.4.0, =9.8.0, =9.8.0, =9.4.0, =9.4.0, =9.4.0, =9.4.0, =9.4.0, =9.9.0 and more Source cves: CVE-2026-44825 Source advisory: SNYK:JAVA-ORGAPACHESOLR-17139337...

acryl-datahub-airflow-plugin (>=0.8.35.6 <=1.6.0rc1), acryl-datahub-airflow-plugin-hcc-patched (>=1.4.0.3.post1 <=1.4.0.3.post2) +446 more potentially affected by CVE-2026-45192 via apache-airflow-core (>=3.0.0 <=3.2.2)

apache-airflow-core PYPI version =3.0.0, =0.8.35.6, =1.4.0.3.post1, =1.0.0, =0.0.9.2, =0.1.0rc0, =0.1.0, =0.1.2, =1.0.1, =0.1.0, =1.0.0, =0.0.1, =0.0.5 and more Source cves: CVE-2026-45192 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-17132595...

@redhat-cloud-services/access-requests-frontend (>=1.2.0 <=1.2.11), @redhat-cloud-services/frontend-components (>=0.0.1 <=7.7.1) +19 more potentially affected by unknown CVE via @redhat-cloud-services/frontend-components-utilities (=7.4.0)

@redhat-cloud-services/frontend-components-utilities NPM version =7.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on @redhat-cloud-services/frontend-components-utilities and may be impacted: - @redhat-cloud-services/access-requests-frontend =1.2.0,...

0xpay-cc-sdk (>=0.0.8 <=0.1.0), 0xtrails (>=0.0.0-20251106131028 <=0.16.0) +7208 more potentially affected by CVE-2026-44495 via axios (>=1.0.0 <=1.15.1)

axios NPM version =1.0.0, =0.0.8, =0.0.0-20251106131028, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =1.0.0, =0.0.2-beta.0, =8.0.5, =6.1.0, =0.0.0-canary-847463221a9a1bee28641d8c0ecfaca98ee142f6, =0.0.1-alpha.3, =0.1.6-alpha.11, =0.1.6-alpha.12 and more Source cves: CVE-2026-44495 Source advisory:...

VulnCheck KEV: CVE-2026-0257

Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted by these issues...

CVE-2026-46818

Vulnerability in the Oracle Payments product of Oracle E-Business Suite component: File Transmission. Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Payments. Successful...

org.yamcs:distribution (>=4.7.1 <=5.12.6), org.yamcs:packet-viewer (>=4.10.3 <=5.12.6) +14 more potentially affected by CVE-2026-42568 via org.yamcs:yamcs-core (>=0.29.3 <=5.12.6)

org.yamcs:yamcs-core MAVEN version =0.29.3, =4.7.1, =4.10.3, =4.10.3, =5.10.0, =5.10.0, =3.4.0, =4.5.0, =0.1.0, =0.1, =4.5.0, =0.29.3, =1.0.0, =4.7, =4.10.3, =5.12.6 and more Source cves: CVE-2026-42568 Source advisory: OSV:GHSA-CQH3-JG8P-336J...

CVE-2026-9303 calcom cal.diy cross-site request forgery

A vulnerability was identified in calcom cal.diy up to 4.9.4. Impacted is an unknown function. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this...

org.apache.cxf.systests:cxf-systests-jaxrs (>=4.0.0 <=4.1.5), org.apache.cxf.systests:cxf-systests-transport-jms (>=4.0.0 <=4.1.5) +18 more potentially affected by CVE-2025-48913 +1 more via org.apache.cxf:cxf-rt-transports-jms (>=4.0.0 <=4.1.5)

org.apache.cxf:cxf-rt-transports-jms MAVEN version =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =6.2.0.Final, =7.3.7.Final, =7.0.0.Final, =7.0.0.Final, =6.2.0.Final, =6.2.0.Final, =7.0.0.Final, =7.0.0.Final, =6.2.0.Final, =7.4.0.Beta3 and more Source cves: CVE-2025-48913, CVE-2026-4441...

-tompan-reacttemplate (>=1.0.1 <=1.1.0), 0726react (=0.1.1) +28795 more potentially affected by CVE-2026-9277 via shell-quote (>=1.3.3 <=1.8.3)

shell-quote NPM version =1.3.3, =1.0.1, =1.1.0 - 0726react =0.1.1 - 0x0.icu.anima =0.1.0 - 0xcorde-pac =1.0.0 - 0xgank-tea-advice-pull =1.0.0 - 0xgank-tea-balance-pencil =1.0.0 - 0xgank-tea-brick-bell =1.0.0 - 0xgank-tea-cake-victory =1.0.0 - 0xgank-tea-central-compound =1.0.0 -...

@0xsequence/checkout (>=0.0.0-20250314205219 <=5.2.4), @0xsequence/kit-checkout (>=0.0.0-20250305153405 <=4.6.6-beta.0) +212 more potentially affected by unknown CVE via timeago-react (>=3.0.2 <=3.0.7)

timeago-react NPM version =3.0.2, =0.0.0-20250314205219, =0.0.0-20250305153405, =1.0.0, =1.0.0, =0.5.4, =1.0.1, =2.0.10, =0.25.0, =0.23.0, =0.0.1, =1.0.7, =1.1.6 and more Source cves: unknown CVE Source advisory: SNYK:JS-TIMEAGOREACT-16755037...

@antv/xflow (>=2.0.1 <=2.2.4), @antv/xflow-diff (=1.0.0) +64 more potentially affected by unknown CVE via @antv/x6-plugin-transform (>=2.1.7 <=2.1.8)

@antv/x6-plugin-transform NPM version =2.1.7, =2.0.1, =0.0.1, =0.0.2, =0.0.4, =0.0.3, =2.0.4, =0.0.27, =0.0.3, =0.0.2, =0.0.64 - @rxdrag/uml-editor =0.6.0 and more Source cves: unknown CVE Source advisory: SNYK:JS-ANTVX6PLUGINTRANSFORM-16754401...

@baloise/design-system-components (>=0.0.0 <=15.2.4), @baloise/design-system-components-angular (>=0.0.0 <=15.2.4) +33 more potentially affected by unknown CVE via filesize.js (=2.0.0)

filesize.js NPM version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on filesize.js and may be impacted: - @baloise/design-system-components =0.0.0, =0.0.0, =0.0.0, =0.0.0-nightly-20230817143308, =0.0.0, =0.0.0, =0.0.0, =0.0.0, =0.0.0, =0.0.0,...