CVE-2026-2254

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notfications...

CVE-2026-2254

CVE-2026-2254 affects Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x. The issue is that ACLs are not applied on certain API endpoints related to platform mail notifications, allowing potential improper access. The documented C...

CVE-2026-2254

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notfications...

PT-2026-43484

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notfications...

EUVD-2007-3201

Malware in sbrugna...

Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird ESR 128.6 MFSA 2025-05, bsc1234991 Security fixes: CVE-2025-0237 bmo1915257 WebChannel APIs susceptible to confused deputy attack CVE-2025-0238 bmo1915535 Use-after-free when breaking lines in text...

SUSE-SU-2025:0080-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird ESR 128.6 MFSA 2025-05, bsc1234991 Security fixes: - CVE-2025-0237 bmo1915257 WebChannel APIs susceptible to confused deputy attack - CVE-2025-0238 bmo1915535 Use-after-free when breaking lines in text -...

GHSA-CW6G-QMJQ-6W2W Craft CMS Arbitrary System File Read

Summary By abusing the mail notification template it is possible to read arbitrary operating system files. Details The dataUrl function can be exploited if an attacker has write permissions on system notification templates. This function accepts an absolute file path, reads the file's content, an...

Veeam Explorer for Oracle restore fails with: "You have new mail in /var/spool/mail/root"

Challenge Restoring an Oracle Database to a Linux server using Veeam Explorer for Oracle fails with: Error: Wrong SCP response: 1.scp: /root You have new mail in /var/spool/mail/root/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx: No such file or directory Copy Log Example Uploading file Unix mask: 0766,...

Tutor LMS < 1.9.9 - Multiple Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload in the Plugin's Settings General "Error message for...

CVE-2021-2404

Vulnerability in the PeopleSoft Enterprise HCM Candidate Gateway product of Oracle PeopleSoft component: e-mail notification. The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...

[SECURITY] Fedora 32 Update: glpi-9.4.6-1.fc32

GLPI is the Information Resource-Manager with an additional Administration- Interface. You can use it to build up a database with an inventory for your company computer, software, printers.... It has enhanced functions to make the daily life for the administrators easier, like a job-tracking-syst...

Denial Of Service (DoS)

cups is vulnerable to denial of service DoS. The vulnerability exists as a null pointer dereference flaw was found in the way CUPS handled subscriptions for printing job completion notifications. A local user could use this flaw to crash the CUPS daemon by submitting a large number of printing jo...

gitea -- information disclosure

The Gitea Team reports: When a comment in an issue or PR mentions a user using @username, the mentioned user receives a mail notification even if they don't have permission to see the originating repository...

[SECURITY] Fedora 29 Update: glpi-9.3.4-2.fc29

GLPI is the Information Resource-Manager with an additional Administration- Interface. You can use it to build up a database with an inventory for your company computer, software, printers.... It has enhanced functions to make the daily life for the administrators easier, like a job-tracking-syst...

[SECURITY] Fedora 30 Update: glpi-9.4.3-1.fc30

GLPI is the Information Resource-Manager with an additional Administration- Interface. You can use it to build up a database with an inventory for your company computer, software, printers.... It has enhanced functions to make the daily life for the administrators easier, like a job-tracking-syst...

Fedora Update for glpi FEDORA-2019-a66789a334

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 30 Update: glpi-9.4.1.1-1.fc30

GLPI is the Information Resource-Manager with an additional Administration- Interface. You can use it to build up a database with an inventory for your company computer, software, printers.... It has enhanced functions to make the daily life for the administrators easier, like a job-tracking-syst...

[SECURITY] Fedora 27 Update: glpi-9.1.7.1-2.fc27

GLPI is the Information Resource-Manager with an additional Administration- Interface. You can use it to build up a database with an inventory for your company computer, software, printers.... It has enhanced functions to make the daily life for the administrators easier, like a job-tracking-syst...

[SECURITY] Fedora 26 Update: glpi-9.1.7.1-2.fc26

GLPI is the Information Resource-Manager with an additional Administration- Interface. You can use it to build up a database with an inventory for your company computer, software, printers.... It has enhanced functions to make the daily life for the administrators easier, like a job-tracking-syst...