PT-2026-34815

Name of the Vulnerable Software and Affected Versions Kirby versions prior to 4.9.0 Kirby versions prior to 5.4.0 Description The Xml::value method in Kirby contains a flaw in how it handles blocks. While the method is designed to allow valid CDATA to pass through without being escaped a second...

CVE-2026-33597

PRSD detection denial of service...

EUVD-2026-24601

The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated remote attackers to arbitrarily read database contents through a specific API method...

CVE-2026-6834

The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated remote attackers to arbitrarily read database contents through a specific API method...

CVE-2026-6834

Technical details about CVE-2026-6834 are not publicly provided in the supplied documents. No affected products, versions, impact, or remediation are detailed here; monitor for updates.

CVE-2026-6834

The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated remote attackers to arbitrarily read database contents through a specific API method...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013511)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013511 advisory. In the Linux kernel, the following vulnerability has been resolved: ACPICA: Refuse to evaluate a method if arguments are missing As reported in 1, a platform firmwar...

PT-2026-34247

CVE-2026-6834 The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated remote attackers to arbitrarily read database contents through a specif… https://t.co/30wrzM11aW...

EUVD-2026-24408

Vulnerability in the RDBMS component of Oracle Database Server. Supported versions that are affected are 19.3-19.30. Easily exploitable vulnerability allows high privileged attacker having Row Access Method privilege with network access via multiple protocols to compromise RDBMS. Successful attac...

CVE-2026-6797

A vulnerability was identified in Sanluan PublicCMS up to 6.202506.d. Affected by this vulnerability is the function ZipSecureFile.setMinflateRatio of the file common/src/main/java/com/publiccms/common/tools/DocToHtmlUtils.java. Such manipulation leads to resource consumption. It is possible to...

CVE-2026-34312

Vulnerability in the RDBMS component of Oracle Database Server. Supported versions that are affected are 19.3-19.30. Easily exploitable vulnerability allows high privileged attacker having Row Access Method privilege with network access via multiple protocols to compromise RDBMS. Successful attac...

CVE-2026-34312

Vulnerability in the RDBMS component of Oracle Database Server. Supported versions that are affected are 19.3-19.30. Easily exploitable vulnerability allows high privileged attacker having Row Access Method privilege with network access via multiple protocols to compromise RDBMS. Successful attac...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-006913)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006913 advisory. In the Linux kernel, the following vulnerability has been resolved: platform/x86: mxm-wmi: fix memleak in mxmwmicallmxds|mx The ACPI buffer memory out.pointer return...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010952)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010952 advisory. In the Linux kernel, the following vulnerability has been resolved: platform/x86: mxm-wmi: fix memleak in mxmwmicallmxds|mx The ACPI buffer memory out.pointer return...

PT-2026-34236

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.0 Description A flaw exists in the run method of the CSV Agents class due to improper sandboxing when evaluating Python scripts generated by a Large Language Model LLM. An unauthenticated attacker can use prompt...

(0Day) PublicCMS getXml Server-Side Request Forgery Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PublicCMS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getXml method. The issue results from the lack of authorization prior to allowing...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013079)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013079 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix crash in transport port remove by using iocinfo During...

PT-2026-34135

Vulnerability in the RDBMS component of Oracle Database Server. Supported versions that are affected are 19.3-19.30. Easily exploitable vulnerability allows high privileged attacker having Row Access Method privilege with network access via multiple protocols to compromise RDBMS. Successful attac...

EUVD-2026-23929

GFI HelpDesk before 4.99.10 contains a stored cross-site scripting vulnerability in the Reports module where the title parameter is passed directly to SWIFTReport::Create without HTML sanitization. Attackers can inject arbitrary JavaScript into the report title field when creating or editing a...

CVE-2026-23756 GFI HelpDesk < 4.99.9 Stored XSS via Troubleshooter Step Subject

GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the Troubleshooter module where the subject POST parameter is not sanitized in ControllerStep.InsertSubmit and EditSubmit before being rendered by ViewStep.RenderViewSteps. An authenticated staff member can inject...