CVE-2026-32229

CVE-2026-32229 affects JetBrains Hub prior to version 2026.1, describing a sign-in variant where account mismatch can occur when non-SSO authentication is used and 2FA is disabled. The CVSS 3.1 metrics indicate NETWORK attack vector, HIGH confidentiality and integrity impact, HIGH attack complexi...

CraftCMS has an RCE vulnerability via relational conditionals in the control panel

A Remote Code Execution vulnerability exists in the Craft CMS 5 conditions system. The BaseElementSelectConditionRule::getElementIds method passes user-controlled string input through renderObjectTemplate -- an unsandboxed Twig rendering function with escaping disabled. Any authenticated Control...

CVE-2026-3496 JetBooking <= 4.0.3 - Unauthenticated SQL Injection via 'check_in_date' Parameter

The JetBooking plugin for WordPress is vulnerable to SQL Injection via the 'checkindate' parameter in all versions up to, and including, 4.0.3. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

CVE-2026-3496

CVE-2026-3496 – JetBooking for WordPress is an unauthenticated SQL Injection in the check_in_date parameter affecting all versions up to 4.0.3. The root cause is insufficient escaping of user input and lack of proper SQL query preparation, enabling attackers to append additional SQL to queries an...

CVE-2024-14026

A command injection vulnerability has been reported to affect several QNAP operating system versions. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in th...

CVE-2024-14026

A command injection vulnerability has been reported to affect several QNAP operating system versions. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in th...

CVE-2026-28433

Misskey is an open source, federated social media platform. All Misskey servers running versions 10.93.0 and later, but prior to 2026.3.1, contain a vulnerability that allows importing other users' data due to lack of ownership validation. The impact of this vulnerability is estimated to be...

CVE-2026-30885

WWBN AVideo is an open source video platform. Prior to 25.0, the /objects/playlistsFromUser.json.php endpoint returns all playlists for any user without requiring authentication or authorization. An unauthenticated attacker can enumerate user IDs and retrieve playlist information including playli...

CVE-2026-30913

Flarum is open-source forum software. When the flarum/nicknames extension is enabled, a registered user can set their nickname to a string that email clients interpret as a hyperlink. The nickname is inserted verbatim into plain-text notification emails, and recipients may be misled into visiting...

CVE-2026-24313

SAP Solution Tools Plug-In ST-PI contains a function module that does not perform the necessary authorization checks for authenticated users, allowing system information to be disclosed. This vulnerability has a low impact on confidentiality and does not affect integrity or availability...

CVE-2026-30887

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.18, OneUptime allows project members to run custom Playwright/JavaScript code via Synthetic Monitors to test websites. However, the system executes this untrusted user code inside the insecure Node.js vm module. By...

Moderate: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

kernel: Linux kernel: Use-after-free vulnerability in page_pool_recycle_in_ring can lead to arbitrary code execution

A flaw was found in the Linux kernel. This vulnerability, known as a use-after-free UAF, occurs in the pagepoolrecycleinring function. A local attacker could exploit this by manipulating the system's memory management, causing a freed memory region to be improperly accessed. This can lead to syst...

kernel: Linux kernel: Use-after-free vulnerability in page_pool_recycle_in_ring can lead to arbitrary code execution

A flaw was found in the Linux kernel. This vulnerability, known as a use-after-free UAF, occurs in the pagepoolrecycleinring function. A local attacker could exploit this by manipulating the system's memory management, causing a freed memory region to be improperly accessed. This can lead to syst...

GHSA-MHG6-2Q2V-9H2C sigstore-ruby verifier returns success for DSSE bundles with mismatched in-toto subject digest

Summary Sigstore::Verifierverify does not propagate the VerificationFailure returned by verifyintoto when the artifact digest does not match the digest in the in-toto attestation subject. As a result, verification of DSSE bundles containing in-toto statements returns VerificationSuccess regardles...

Unchecked Return Value

Overview Affected versions of this package are vulnerable to Unchecked Return Value due to improper handling of the return value from the verifyintoto function. An attacker can cause the verification process to incorrectly indicate success for DSSE bundles with mismatched in-toto subject digests ...

EUVD-2026-10932

sigstore-ruby verifier returns success for DSSE bundles with mismatched in-toto subject digest...

sigstore-ruby verifier returns success for DSSE bundles with mismatched in-toto subject digest

Summary Sigstore::Verifierverify does not propagate the VerificationFailure returned by verifyintoto when the artifact digest does not match the digest in the in-toto attestation subject. As a result, verification of DSSE bundles containing in-toto statements returns VerificationSuccess regardles...

EUVD-2026-10933

sigstore-ruby verifier returns success for DSSE bundles with mismatched in-toto subject digest...

SUSE CVE-2026-28687

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a heap use-after-free vulnerability in ImageMagick's MSL decoder allows an attacker to trigger access to freed memory by crafting an MSL file. This vulnerabilit...