DRUPAL-CONTRIB-2026-014

This module enables you to block bots by Firewall. The module doesn't sufficiently sanitize user input leading to a reflected Cross-site scripting XSS vulnerability. This vulnerability is mitigated by the fact that the vulnerable functionality is only presented to users that are "challenged" or...

DRUPAL-CONTRIB-2026-011

This module enables you to add icons to CKEditor. The module doesn't sufficiently add custom permissions to the dialog and autocomplete routes, allowing full access to the routes in most scenarios...

CVE-2026-25554

OpenSIPS versions 3.1 before 3.6.4 containing the authjwt module prior to commit 3822d33 contain a SQL injection vulnerability in the jwtdbauthorize function in modules/authjwt/authorize.c when dbmode is enabled and a SQL database backend is used. The function extracts the tag claim from a JWT...

CVE-2026-23627

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Immunization module allows any authenticated user to execute arbitrary SQL queries, leading to complete database compromise, PHI...

CVE-2026-23627 OpenEMR has SQL Injection in Immunization Search/Report

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Immunization module allows any authenticated user to execute arbitrary SQL queries, leading to complete database compromise, PHI...

CVE-2026-23627 OpenEMR has SQL Injection in Immunization Search/Report

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Immunization module allows any authenticated user to execute arbitrary SQL queries, leading to complete database compromise, PHI...

EUVD-2026-8700

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Immunization module allows any authenticated user to execute arbitrary SQL queries, leading to complete database compromise, PHI...

CLSA-2026-1772038463 python: Fix of CVE-2015-20107

CVE-2015-20107: fix shell command injection vulnerability in the mailcap module...

CVE-2026-25554

OpenSIPS versions 3.1 before 3.6.4 containing the authjwt module prior to commit 3822d33 contain a SQL injection vulnerability in the jwtdbauthorize function in modules/authjwt/authorize.c when dbmode is enabled and a SQL database backend is used. The function extracts the tag claim from a JWT...

CVE-2026-25554

OpenSIPS 3.1 (up to 3.6.4) with the auth_jwt module is affected by a SQL injection in jwt_db_authorize() when db_mode is enabled and a SQL backend is used. The function extracts the tag claim from a JWT without signature verification and directly inserts the unescaped value into a SQL query, enab...

CLSA-2026-1772037700 python: Fix of CVE-2015-20107

CVE-2015-20107: fix shell command injection vulnerability in the mailcap module...

CVE-2026-27483

MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.9.1.1, there is a path traversal vulnerability in Mindsdb's /api/files interface, which an authenticated attacker can exploit to achieve remote command execution. The vulnerability exists in the...

EUVD-2026-8598

TypiCMS Core has Stored Cross-Site Scripting XSS via SVG File Upload...

kernel: Linux kernel: Denial of Service in ATM CLIP module via infinite recursion

A flaw was found in the Linux kernel's Asynchronous Transfer Mode ATM Classical IP CLIP module. A local user can trigger an infinite recursive call in the clippush function by repeatedly calling the ioctlATMARPMKIP system call. This vulnerability occurs when the socket is closed, leading to stack...

EUVD-2026-8629

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in CardboardPowered cardboard src/main/java/org/cardboardpowered/impl/world modules. This vulnerability is associated with program files WorldImpl.Java. This issue affects cardboard: before 1.21.4...

CVE-2026-3168

A weakness has been identified in Tenda F453 1.0.0.3. This affects the function fromNatStaticSetting of the file /goform/NatStaticSetting of the component httpd. Executing a manipulation of the argument page can lead to buffer overflow. The attack may be launched remotely. The exploit has been ma...

CVE-2026-3050

A flaw has been found in horilla-opensource horilla up to 1.0.2. Impacted is an unknown function of the file static/assets/js/global.js of the component Leads Module. This manipulation of the argument Notes causes cross site scripting. The attack is possible to be carried out remotely. The exploi...

CVE-2026-21864

Valkey-Bloom is a Rust based Valkey module which brings a Bloom Filter Module data type into the Valkey distributed key-value database. Prior to commit a68614b6e3845777d383b3a513cedcc08b3b7ccd, a specially crafted RESTORE command can cause Valkey to hit an assertion, causes the server to shutdown...

UBUNTU-CVE-2026-27606

Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler specifically v4.x and present in current source is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine allows an attacker t...

kernel: Linux kernel: Denial of Service in ATM CLIP module via infinite recursion

A flaw was found in the Linux kernel's Asynchronous Transfer Mode ATM Classical IP CLIP module. A local user can trigger an infinite recursive call in the clippush function by repeatedly calling the ioctlATMARPMKIP system call. This vulnerability occurs when the socket is closed, leading to stack...