MINI-74V2-MQC3-8RFX

Bulletin has no description...

MINI-Q889-Q9H6-RWJ5

Bulletin has no description...

MINI-453M-W45Q-X66X

Bulletin has no description...

OESA-2026-1845 qemu security update

QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: A flaw was found in QEMU. When reading input audio in the virtio-snd device input callback, the virtiosndpcmincb function did not check whether the iov could fit the data buffer,...

CVE-2026-32281 vulnerabilities

Vulnerabilities for packages: kyverno-policy-reporter-kyverno-plugin, kustomize, docker-credential-gcr, dbmate, yunikorn-k8shim, terraform, direnv, aws-signer-notation-plugin, falco-no-driver, external-secrets-operator, karpenter, openbao, helm-set-status, smokescreen, pgpool2exporter,...

CVE-2026-34020

Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings. The REST login endpoint uses HTTP GET method with username and password passed as query parameters. Please check references regarding possible impact This issue affects Apache OpenMeetings: from 3.1.3...

CVE-2026-34723

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, unauthenticated remote attackers were able to access the getting started endpoint to get access to sensitive internal entity data, even after the system setup was completed. This vulnerability is fixed i...

GHSA-68QG-G8MG-6PR7 paperclip Vulnerable to Unauthenticated Remote Code Execution via Import Authorization Bypass

Summary An unauthenticated attacker can achieve full remote code execution on any network-accessible Paperclip instance running in authenticated mode with default configuration. No user interaction, no credentials, just the target's address. The entire chain is six API calls. I verified every ste...

GHSA-93VF-569F-22CQ rhukster/dom-sanitizer: SVG <style> tag allows CSS injection via unfiltered url() and @import directives

Summary DOMSanitizer::sanitize allows elements in SVG content but never inspects their text content. CSS url references and @import rules pass through unfiltered, causing the browser to issue HTTP requests to attacker-controlled hosts when the sanitized SVG is rendered. Details In...

Juju: In-Memory Token Store for Discharge Tokens Lacks Concurrency Safety and Persistence

Summary The localLoginHandlers struct in the Juju API server maintains an in-memory map to store discharge tokens following successful local authentication. This map is accessed concurrently from multiple HTTP handler goroutines without any synchronization primitive protecting it. The absence of ...

GHSA-7M55-2HR4-PW78 Juju: In-Memory Token Store for Discharge Tokens Lacks Concurrency Safety and Persistence

Summary The localLoginHandlers struct in the Juju API server maintains an in-memory map to store discharge tokens following successful local authentication. This map is accessed concurrently from multiple HTTP handler goroutines without any synchronization primitive protecting it. The absence of ...

EUVD-2026-21599

Arcane has Unauthenticated SSRF with Conditional Response Reflection in Template Fetch Endpoint...

CVE-2026-40184

TREK is a collaborative travel planner. Prior to 2.7.2, TREK served uploaded photos without requiring authentication. This vulnerability is fixed in 2.7.2...

CVE-2026-40184

CVE-2026-40184 affects the TREK travel planner. Prior to version 2.7.2, TREK served uploaded photos without requiring authentication, exposing private assets. The issue is fixed in TREK 2.7.2. Connected sources consistently describe unauthenticated access to uploaded files as the root cause and c...

EUVD-2026-21164

PraisonAIAgents: Arbitrary File Read via readskillfile Missing Workspace Boundary and Approval Gate...

CVE-2026-33707

Chamilo LMS (affected: prior to 1.11.38 and 2.0.0-RC.3) uses a weak password reset token by generating tokens as sha1(email) with no randomness, no expiration, and no rate limiting. An attacker who knows a user’s email can compute the reset token and change the password without authentication. Th...

Apache Log4j Core: `verifyHostName` attribute silently ignored in TLS configuration

The fix for CVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName system property, but not when configured through the verifyHostName attribute of the element. Although the verifyHostName configuration attribute was introduced in Log4...

Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters

Apache Log4j Core's XmlLayout, in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 specification, producing invalid XML output whenever a log message or MDC value contains such characters. The impact depends on the StAX implementation in use: JRE built-in...

GHSA-6HG6-V5C8-FPHQ Apache Log4j Core: `verifyHostName` attribute silently ignored in TLS configuration

The fix for CVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName system property, but not when configured through the verifyHostName attribute of the element. Although the verifyHostName configuration attribute was introduced in Log4...

CVE-2026-33618 Chamilo LMS Affected by Remote Code Execution via eval() in Platform Settings

Chamilo LMS is a learning management system. Prior to .0.0-RC.3, the PlatformConfigurationController::decodeSettingArray method uses PHP's eval to parse platform settings from the database. An attacker with admin access obtainable via Advisory 1 can inject arbitrary PHP code into the settings,...