CVE-2026-3822

Taipower APP for Andorid developed by Taipower has an Improper Certificate Validation vulnerability. When establishing an HTTPS connection with the server, the application fails to verify the server-side TLS/SSL certificate. This flaw allows an unauthenticated remote attackers to exploit the...

PT-2026-24120

Name of the Vulnerable Software and Affected Versions Misskey versions 8.45.0 through 2026.3.0 Description Misskey, an open source, federated social media platform, has an issue where insufficient permission checks and proper input validation can allow unauthorized access to data. This can occur...

PT-2026-24121

Name of the Vulnerable Software and Affected Versions Misskey versions prior to 2026.3.1 Description Misskey is a federated social media platform. All servers prior to version 2026.3.1 are susceptible to an issue that allows bypassing HTTP signature verification. This affects all servers, even...

PT-2026-24011

Name of the Vulnerable Software and Affected Versions Taipower APP affected versions not specified Description The Taipower APP developed by Taipower exhibits an Improper Certificate Validation issue. The application does not properly validate server-side TLS/SSL certificates when establishing an...

PT-2026-24146

Name of the Vulnerable Software and Affected Versions Flarum affected versions not specified Description The Flarum forum software, when used with the flarum/nicknames extension, allows a registered user to set a nickname that email clients may interpret as a hyperlink. This nickname is directly...

PT-2026-24465

Name of the Vulnerable Software and Affected Versions Quinn versions prior to 0.11.14 Description A remote, unauthenticated attacker can cause a denial of service in applications using vulnerable Quinn versions by sending a specially crafted QUIC Initial packet containing malformed quic transport...

SmartGraphical: A Human-In-The-Loop Framework for Detecting Smart Contract Logical Vulnerabilities Via Pattern-Driven Static Analysis and Visual Abstraction

Smart contracts are fundamental components of blockchain ecosystems; however, their security remains a critical concern due to inherent vulnerabilities. While existing detection methodologies are predominantly syntax-oriented, targeting reentrancy and arithmetic errors, they often overlook logica...

Lockbox -- a Zero Trust Architecture for Secure Processing of Sensitive Cloud Workloads

Enterprises increasingly rely on cloud-based applications to process highly sensitive data artifacts. Although cloud adoption improves agility and scalability, it also introduces new security challenges such as expanded attack surfaces, a wider radius of attack from credential compromise, and...

WordPress Podlove Podcast Publisher plugin <= 4.3.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin Podlove Podcast Publisher versions = 4.3.3...

CVE-2026-30848 Parse Server: `PagesRouter` path traversal allows reading files outside configured pages directory

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.8 and 9.5.0-alpha.8, the PagesRouter static file serving route is vulnerable to a path traversal attack that allows unauthenticated reading of files outside the configured...

CVE-2026-30838

CVE-2026-30838 affects league/commonmark, a PHP Markdown parser. Prior to version 2.8.1, the DisallowedRawHtml extension can be bypassed by inserting ASCII whitespace between a disallowed HTML tag name and the closing &gt;, e.g., , enabling a cross-site scripting (XSS) vector for applications tha...

CVE-2026-30838 league/commonmark: DisallowedRawHtml extension bypass via whitespace in HTML tag names

league/commonmark is a PHP Markdown parser. Prior to version 2.8.1, the DisallowedRawHtml extension can be bypassed by inserting a newline, tab, or other ASCII whitespace character between a disallowed HTML tag name and the closing . For example, would pass through unfiltered and be rendered as a...

CVE-2026-29193

ZITADEL is an open source identity management platform. From version 4.0.0 to 4.12.0, a vulnerability in Zitadel's login V2 UI allowed users to bypass login behavior and security policies and self-register new accounts or sign in using password even if corresponding options were disabled in their...

CVE-2026-29771

Netmaker makes networks with WireGuard. Prior to version 1.2.0, the /api/server/shutdown endpoint allows termination of the Netmaker server process via syscall.SIGINT. This allows any user to repeatedly shut down the server, causing cyclic denial of service with approximately 3-second restart...

CVE-2026-29193 ZITADEL: Bypassing Zitadel Login Behavior and Security Policy in Login V2

ZITADEL is an open source identity management platform. From version 4.0.0 to 4.12.0, a vulnerability in Zitadel's login V2 UI allowed users to bypass login behavior and security policies and self-register new accounts or sign in using password even if corresponding options were disabled in their...

CVE-2026-29193 ZITADEL: Bypassing Zitadel Login Behavior and Security Policy in Login V2

ZITADEL is an open source identity management platform. From version 4.0.0 to 4.12.0, a vulnerability in Zitadel's login V2 UI allowed users to bypass login behavior and security policies and self-register new accounts or sign in using password even if corresponding options were disabled in their...

CVE-2026-29193 ZITADEL: Bypassing Zitadel Login Behavior and Security Policy in Login V2

ZITADEL is an open source identity management platform. From version 4.0.0 to 4.12.0, a vulnerability in Zitadel's login V2 UI allowed users to bypass login behavior and security policies and self-register new accounts or sign in using password even if corresponding options were disabled in their...

MINI-W349-8Q8X-C8HW

Bulletin has no description...

CVE-2026-1128

The WP eCommerce WordPress plugin through 3.15.1 does not have CSRF check in place when deleting coupons, which could allow attackers to make a logged in admin remove them via a CSRF attack...

[SECURITY] Fedora 44 Update: valkey-9.0.3-1.fc44

Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing s...