CVE-2026-4916

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with custom role permissions to demote or remove higher-privileged group members due to improper authorization...

CVE-2026-46818

Vulnerability in the Oracle Payments product of Oracle E-Business Suite component: File Transmission. Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Payments. Successful...

CVE-2026-9303 calcom cal.diy cross-site request forgery

A vulnerability was identified in calcom cal.diy up to 4.9.4. Impacted is an unknown function. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this...

PT-2026-38777

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Sound. Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploi...

PT-2026-37803

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0....

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses tar-7.5.9.tgz which is vulnerable to CVE-2026-31802

Summary IBM Maximo Application Suite - Visual Inspection component uses tar-7.5.9.tgz which is vulnerable to CVE-2026-31802, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-31802 DESCRIPTION: node-tar is a full-featured Tar...

AWS SDK for Java 2.0: Improper Handling of Special Characters in CloudFront Signing Utilities

Summary This notification is related to the CloudFront signing utilities in the AWS SDK for Java v2, which are used to generate Amazon CloudFront signed URLs and signed cookies. A defense-in-depth enhancement has been implemented to improve handling of special characters, such as double quotes an...

AZL-70340 CVE-2025-47913 affecting package packer for versions less than 1.9.5-11

SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process...

EUVD-2014-6158

Malware in sbrugna...

EUVD-2020-22687

Malware in sbrugna...

EUVD-2020-28746

Malware in sbrugna...

EUVD-2020-22056

Malware in sbrugna...

EUVD-2017-1737

Malware in sbrugna...

EUVD-2025-11082

Malicious code in bioql PyPI...

EUVD-2023-29507

Malicious code in bioql PyPI...

EUVD-2022-26598

Malicious code in bioql PyPI...

EUVD-2024-3603

Malicious code in bioql PyPI...

EUVD-2023-32462

Malicious code in bioql PyPI...

CVE-2025-10389 CRMEB Administrator Password SystemAdminServices.php save improper authorization

A security flaw has been discovered in CRMEB up to 5.6.1. Impacted is the function Save of the file app/services/system/admin/SystemAdminServices.php of the component Administrator Password Handler. Performing manipulation of the argument ID results in improper authorization. The attack may be...

Linux Distros Unpatched Vulnerability : CVE-2020-2678

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 5.2.36, prior to...