CVE-2026-40878

mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the mailcow web interface passes the raw $SERVER'REQUESTURI' to Twig as a global template variable and renders it inside a JavaScript string literal in the setLang helper of base.twig,...

The vulnerability in the web interfaces of microprogramming software for network storage devices such as Seagate GoFlex Home, Medion LifeCloud NAS, and Netgear Stora allows a hacker to exploit their privileges.

The vulnerability of the web interfaces of microprogramming software for network storage devices such as Seagate GoFlex Home, Medion LifeCloud NAS, and Netgear Stora is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability can allow a malicious actor to...

The vulnerability of the SAP NetWeaver software integration platform allows a perpetrator to trigger a service failure or induce the system to access external resources.

The vulnerability of the SAP NetWeaver software integration platform exists due to the lack of access restrictions on external objects contained in the links within the processed XML files. Exploiting this vulnerability can allow a malicious actor to cause service failures or induce the system to...