Linux Distros Unpatched Vulnerability : CVE-2026-3160

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have...

Description of the security update for Microsoft Exchange Server Subscription Edition RTM: December 9, 2025 (KB5071876)

Description of the security update for Microsoft Exchange Server Subscription Edition RTM: December 9, 2025 KB5071876 Original article content This security update resolves vulnerabilities in Microsoft Exchange Server. To learn more about these vulnerabilities, see the following Common...

CVE-2024-7803 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A Discord webhook integration may cause DoS...

CVE-2024-35196

Sentry is a developer-first error tracking and performance monitoring platform. Sentry's Slack integration incorrectly records the incoming request body in logs. This request data can contain sensitive information, including the deprecated Slack verification token. With this verification token, i...

Sylius PayPal Plugin Payment Amount Manipulation Vulnerability

A vulnerability allows users to manipulate the final payment amount processed by PayPal. If a user modifies the item quantity in their shopping cart after initiating the PayPal Checkout process, PayPal will not receive the updated total amount. As a result, PayPal captures only the initially...

CVE-2024-7389

The Forminator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.29.1 via class-forminator-addon-hubspot-wp-api.php. This makes it possible for unauthenticated attackers to extract the HubSpot integration developer API key and make...

PT-2023-12782 · Drupal · Drupal

Name of the Vulnerable Software and Affected Versions: Drupal version 9.3 Description: The issue arises from the incomplete integration of the generic entity access API for entity revisions with existing permissions in Drupal 9.3. This results in possible access bypass for users who have access t...

SAML + LDAP using Nfactor gives error "You are not allowed to login. Please contact your administrator"

After hitting Netscaler for login, you are redirected to SAML and successfully login. Afterwards, you are redirected back to Netscaler and receive the error"You are not allowed to login. Please contact your administrator"...

openSUSE Security Update : tar (openSUSE-2016-1401)

This update for tar fixes the following issues : - Fix the POINTYFEATHER vulnerability - GNU tar archiver can be tricked into extracting files and directories in the given destination, regardless of the path names specified on the command line bsc1007188 CVE-2016-6321 - Fix Amanda integration iss...

SUSE-SU-2016:2896-1 Security update for tar

This update for tar fixes the following issues: - Fix the POINTYFEATHER vulnerability - GNU tar archiver can be tricked into extracting files and directories in the given destination, regardless of the path names specified on the command line bsc1007188 CVE-2016-6321 - Fix Amanda integration issu...

CVE-2014-3050

IBM Rational Team Concert RTC 3.x before 3.0.1.6 IF3 and 4.x before 4.0.7 does not properly integrate with build engines, which allows remote authenticated users to discover credentials via unspecified vectors...

eCardMAX HotEditor 4.0 Keyboard.PHP Local File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/23377/info eCardMAX HotEditor is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local...