PT-2026-3675

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u471, 8u471-b50, 8u471-perf Oracle Java SE version 11.0.29 Oracle Java SE version 17.0.17 Oracle Java SE version 21.0.9 Oracle Java SE version 25.0.1 Oracle GraalVM for JDK versions 17.0.17 and 21.0.9 Oracle GraalVM...

CVE-2026-1110

A flaw has been found in cijliu librtsp up to 2ec1a81ad65280568a0c7c16420d7c10fde13b04. This affects the function rtspparsemethod. This manipulation causes buffer overflow. It is possible to launch the attack on the local host. Continious delivery with rolling releases is used by this product...

CVE-2026-1111 Sanluan PublicCMS Task Template Management TaskTemplateAdminController.java save path traversal

A vulnerability has been found in Sanluan PublicCMS up to 5.202506.d. This impacts the function Save of the file com/publiccms/controller/admin/sys/TaskTemplateAdminController.java of the component Task Template Management Handler. Such manipulation of the argument path leads to path traversal. T...

CVE-2026-1110

A flaw has been found in cijliu librtsp up to 2ec1a81ad65280568a0c7c16420d7c10fde13b04. This affects the function rtspparsemethod. This manipulation causes buffer overflow. It is possible to launch the attack on the local host. Continious delivery with rolling releases is used by this product...

CVE-2026-1110

CVE-2026-1110 affects cijliu librtsp (up to 2ec1a81ad65280568a0c7c16420d7c10fde13b04). The flaw is in the rtsp_parse_method function, where manipulation leads to a buffer overflow. The vulnerability can be triggered on the local host. Public details do not provide affected version ranges or updat...

CVE-2026-1110 cijliu librtsp rtsp_parse_method buffer overflow

A flaw has been found in cijliu librtsp up to 2ec1a81ad65280568a0c7c16420d7c10fde13b04. This affects the function rtspparsemethod. This manipulation causes buffer overflow. It is possible to launch the attack on the local host. Continious delivery with rolling releases is used by this product...

CVE-2026-1110 cijliu librtsp rtsp_parse_method buffer overflow

A flaw has been found in cijliu librtsp up to 2ec1a81ad65280568a0c7c16420d7c10fde13b04. This affects the function rtspparsemethod. This manipulation causes buffer overflow. It is possible to launch the attack on the local host. Continious delivery with rolling releases is used by this product...

CVE-2026-1110

A flaw has been found in cijliu librtsp up to 2ec1a81ad65280568a0c7c16420d7c10fde13b04. This affects the function rtspparsemethod. This manipulation causes buffer overflow. It is possible to launch the attack on the local host. Continious delivery with rolling releases is used by this product...

Kimai security vulnerabilities

Kimai is a web-based, multi-user time tracking application developed by Kimai’s developers. Versions of Kimai prior to 2.46.0 contained security vulnerabilities. These vulnerabilities stemmed from the overly lax security policies for the Twig sandbox used in the export function, which allowed...

librtsp security vulnerabilities

Librtsp is a RTSP protocol library developed by CIJLIU as an individual project. Librtsp has a security vulnerability, which stems from a buffer overflow in the rtspparsemethod function, potentially allowing local attacks...

CVE-2026-23727

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and nomeClasse=TipoSaidaControl...

CVE-2026-23728

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and nomeClasse=DestinoControle...

CVE-2026-23643

CakePHP is a rapid development framework for PHP. The PaginatorHelper::limitControl method has a cross-site-scripting vulnerability via query string parameter manipulation. This issue has been fixed in 5.2.12 and 5.3.1...

CVE-2026-23726

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, An Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and...

CVE-2026-23727

WeGIA is vulnerable to an Open Redirect in the /WeGIA/controle/control.php endpoint, exploitable via the nextPage parameter when paired with metodo=listarTodos and nomeClasse=TipoSaidaControle. The app does not validate/restrict nextPage, allowing attackers to redirect users to arbitrary external...

CVE-2026-23727

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and nomeClasse=TipoSaidaControl...

Security Bulletin: Remediation of Multiple Spring Vulnerabilities in IBM Library Support for Spring

Summary Multiple Spring Vulnerabilities have been addressed in IBM Library Support for Spring Vulnerability Details CVEID:CVE-2025-41249 DESCRIPTION: The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized...

MiracleLinux 7 : java-1.7.0-openjdk-1.7.0.181-2.6.14.5.0.1.el7.AXS7 (AXSA:2018-3025:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2018-3025:02 advisory. OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass Hotspot, 8192025 CVE-2018-2814 OpenJDK: unrestricted deserialization of...

MiracleLinux 7 : java-1.7.0-openjdk-1.7.0.221-2.6.18.0.0.1.el7.AXS7 (AXSA:2019-3860:03)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-3860:03 advisory. Enhancement - Oracle Java SE REIWA Security Fix - Oracle Java SE Libraries DoSCVE-2019-2602 - Oracle Java SE RMI CVE-2019-2684 - Oracle Java SE 2D...

Denial Of Service (DoS)

aiohttp is vulnerable to a Denial of Service DoS. The vulnerability is due to improper handling of crafted requests in the Request.post method, which allows an attacker to exhaust server memory and freeze the AIOHTTP server during request processing...