CVE-2026-27316

A insufficiently protected credentials vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4 all versions, FortiSandbox PaaS 5.0.1 through 5.0.5 may allow an authenticathed administrator to read LDAP server credentials via client-side inspection...

CVE-2026-42607

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, an authenticated user with administrative privileges can achieve Remote Code Execution RCE by uploading a specially crafted ZIP file through the "Direct Install" tool. While the system attempts to block direct .php file uploads, it fails t...

[SECURITY] Fedora 43 Update: cockpit-362-1.fc43

The Cockpit Web Console enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more...

Updated tar packages fix security vulnerability

A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files...

MGASA-2026-0168 Updated tar packages fix security vulnerability

A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses pygments-2.19.2-py3-none-any.whl which is vulnerable to CVE-2026-4539

Summary IBM Maximo Application Suite - Visual Inspection component uses pygments-2.19.2-py3-none-any.whl which is vulnerable to CVE-2026-4539 , This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-4539 DESCRIPTION: A security fla...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses uuid-9.0.1.tgz which is vulnerable to CVE-2026-41988, CVE-2026-41907

Summary IBM Maximo Application Suite - Visual Inspection component uses uuid-9.0.1.tgz which is vulnerable to CVE-2026-41988, CVE-2026-41907 , This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-41988 DESCRIPTION: uuid before...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses follow-redirects-1.15.11.tgz which is vulnerable to CVE-2026-40895

Summary IBM Maximo Application Suite - Visual Inspection component uses follow-redirects-1.15.11.tgz which is vulnerable to CVE-2026-40895, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-40895 DESCRIPTION: follow-redirects ...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses brace-expansion-1.1.12.tgz, brace-expansion-5.0.4.tgz which is vulnerable to CVE-2026-33750

Summary IBM Maximo Application Suite - Visual Inspection component uses brace-expansion-1.1.12.tgz, brace-expansion-5.0.4.tgz which is vulnerable to CVE-2026-33750, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-33750...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses uuid-9.0.1.tgz which is vulnerable to CVE-2026-41988, CVE-2026-41907

Summary IBM Maximo Application Suite - Visual Inspection component uses uuid-9.0.1.tgz which is vulnerable to CVE-2026-41988, CVE-2026-41907 , This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-41988 DESCRIPTION: uuid before...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses dompurify-3.3.2.tgz which is vulnerable to CVE-2026-41238, CVE-2026-41239, CVE-2026-41240

Summary IBM Maximo Application Suite - Visual Inspection component uses dompurify-3.3.2.tgz which is vulnerable to CVE-2026-41238, CVE-2026-41239, CVE-2026-41240 , This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-41238...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses postcss-8.4.49.tgz which is vulnerable to CVE-2026-41305

Summary IBM Maximo Application Suite - Visual Inspection component uses postcss-8.4.49.tgz which is vulnerable to CVE-2026-41305, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-41305 DESCRIPTION: PostCSS takes a CSS file an...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses lxml-6.0.0-cp311-cp311-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl which is vulnerable to CVE-2026-41066

Summary IBM Maximo Application Suite - Visual Inspection component uses lxml-6.0.0-cp311-cp311-manylinux227x8664.manylinux228x8664.whl which is vulnerable to CVE-2026-41066, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses axios-1.15.0.tgz which is vulnerable to multiple CVEs.

Summary IBM Maximo Application Suite - Visual Inspection component uses axios-1.15.0.tgz which is vulnerable to multiple CVEs CVE-2026-42033, CVE-2026-42034, CVE-2026-42035, CVE-2026-42036, CVE-2026-42037, CVE-2026-42038, CVE-2026-42039, CVE-2026-42040, CVE-2026-42041, CVE-2026-42042,...

PT-2026-44380

Name of the Vulnerable Software and Affected Versions Debug Log Manager – Conveniently Monitor and Inspect Errors versions prior to 2.5.1 Description The plugin is subject to improper output neutralization for logs. The log js errors AJAX handler is registered for unauthenticated users via wp aja...

CrowdSec AppSec silently drops request body for chunked / HTTP-2 requests

Summary The CrowdSec AppSec component fails to read the HTTP request body for any request whose Content-Length is not positive — most notably HTTP/1.1 requests using Transfer-Encoding: chunked and HTTP/2 requests sent without a content-length header. Coraza is then evaluated against an empty body...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses picomatch-2.3.1.tgz, picomatch-4.0.3.tgz which is vulnerable to CVE-2026-33671, CVE-2026-33672

Summary IBM Maximo Application Suite - Visual Inspection component uses picomatch-2.3.1.tgz, picomatch-4.0.3.tgz which is vulnerable to CVE-2026-33671, CVE-2026-33672 , This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-33671...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses pillow-11.3.0 which is vulnerable to CVE-2026-25990

Summary IBM Maximo Application Suite - Visual Inspection component uses pillow-11.3.0 which is vulnerable to CVE-2026-25990, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-25990 DESCRIPTION: Pillow is a Python imaging...

PT-2026-44131

Summary The CrowdSec AppSec component fails to read the HTTP request body for any request whose Content-Length is not positive — most notably HTTP/1.1 requests using Transfer-Encoding: chunked and HTTP/2 requests sent without a content-length header. Coraza is then evaluated against an empty body...

EUVD-2026-31981

Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the Spindle extension build pipeline calls bun install without the --ignore-scripts flag before running the static backend safety scan assertSafeBackendBundle. A malicious extension that ships a package.json with a preinstall,...