CVE-2026-5598 Non-constant time comparisons risk private key leakage in FrodoKEM.

Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all core modules. This vulnerability is associated with program files FrodoEngine.Java. This issue affects BC-JAVA: from 1.71 before 1.80.2, from 1.81 before 1.80.1, from 1.82 before 1.84...

CVE-2026-5088

Apache::API::Password versions through 0.5.2 for Perl can generate insecure random values for salts. The makesalt and makesaltbcrypt methods will attept to load Crypt::URandom and then Bytes::Random::Secure to generate random bytes for the salt. If those modules are unavailable, it will simply...

CVE-2026-5088 Apache::API::Password versions through 0.5.2 for Perl can generate insecure random values for salts

Apache::API::Password versions through 0.5.2 for Perl can generate insecure random values for salts. The makesalt and makesaltbcrypt methods will attept to load Crypt::URandom and then Bytes::Random::Secure to generate random bytes for the salt. If those modules are unavailable, it will simply...

perl:5.32 security update

An update is available for module.perl-CPAN-DistnameInfo, module.perl-Text-Diff, module.perl-Carp, perl-Data-Section, perl-Pod-Simple, perl-File-Fetch, perl-parent, perl-CPAN-Meta, module.perl-Exporter, module.perl-File-Fetch, perl-Pod-Usage, module.perl-Pod-Checker,...

EUVD-2026-22170

Due to a missing authorization check in SAP Business Analytics and SAP Content Management, an authenticated user could make unauthorized calls to certain remote function modules, potentially accessing sensitive information beyond their intended permissions. This vulnerability affects...

CVE-2026-34261

CVE-2026-34261 affects SAP Business Analytics and SAP Content Management. Root cause: missing authorization check enables an authenticated user to call certain remote function modules beyond their permissions. Impact: confidentiality is affected; no noted impact to integrity or availability. Expl...

CVE-2026-34261 Missing Authorization check in SAP Business Analytics and SAP Content Management

Due to a missing authorization check in SAP Business Analytics and SAP Content Management, an authenticated user could make unauthorized calls to certain remote function modules, potentially accessing sensitive information beyond their intended permissions. This vulnerability affects...

SAP Business Analytics和SAP Content Management 安全漏洞

SAP Business Analytics and SAP Content Management are both products of the German company SAP. SAP Business Analytics is a suite of enterprise data analysis and business intelligence solutions. SAP Content Management is an enterprise content storage and document management system. Both SAP Busine...

SAP Landscape Transformation 代码注入漏洞

SAP Landscape Transformation is a tool developed by SAP, a German company, for system data migration and integration. SAP Landscape Transformation has a code injection vulnerability; this vulnerability stems from vulnerabilities in the RFC-exposed function modules, which may allow for the injecti...

PT-2026-32970

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 1.8-rc-1, 17.0.0-rc-1 and 17.5.0-rc-1 and prior include a resource exhaustion vulnerability in REST API endpoints such as...

Security Bulletin: Vulerability in IBM Spectrum Symphony with OpenSSL

Summary Vulerability in IBM Spectrum Symphony with OpenSSL Vulnerability Details CVEID:CVE-2024-13176 DESCRIPTION: Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDS...

Oracle Linux 9 : perl-XML-Parser (ELSA-2026-7679)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-7679 advisory. 2.46-9.1.0.1 - Add perlLWP, perlURI, perlURI::file Requires 2.46-9.1 - Fix CVE-2006-10002, CVE-2006-10003 Tenable has extracted the preceding descripti...

Exploit for SQL Injection in Devcode Openstamanager

CVE-2026-24417: OpenSTAManager has a Time-Based Blind SQL Inje...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: perl: perl-5.42.2-524.1.hum1 aarch64, x8664 perl-Attribute-Handlers-1.03-524.1.hum1 noarch perl-AutoLoader-5.74-524.1.hum1 noarch perl-AutoSplit-5.74-524.1.hum1 noarch perl-B-1.89-524.1.hum1...

be.yildiz-games:module-messaging-activemq (>=1.0.0 <=1.0.1), cn.codeforfun:jfinal-activemq (=0.3) +215 more potentially affected by CVE-2026-39304 via org.apache.activemq:activemq-all (>=5.0.0 <=5.19.4)

org.apache.activemq:activemq-all MAVEN version =5.0.0, =1.0.0, =6.0.03, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.3-rc1, =2.0.0, =3.0.0, =8.0.0, =2.0.0, =1.0.0, =1.0.1, =1.0.2 and more Source cves: CVE-2026-39304 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-15992453...

CVE-2026-39346

OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source allowed authenticated users to bypass disabled-module access controls via URL-encoded request paths and access functionality of modules disabled by an administrator. This vulnerability is fix...

JIZHICMS（极致CMS） 安全漏洞

JIZHICMS is an open-source content management system developed by JIZHI Corporation in China. Version 2.5.4 of JIZHICMS contains a security vulnerability, which stems from server-side request forgeing vulnerabilities in the User Evaluation, Message, and Comment modules...

SUSE CVE-2026-31789

Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: A heap buffer overflow may lead to a crash or possibly an attacker controlled code execution or other undefined behavior. If an attacker c...

org.apache.tomee.bom:tomee-microprofile (>=10.0.0 <=10.0.0-M3), org.apache.tomee.bom:tomee-plume (>=10.0.0 <=10.0.0-M3) +2 more potentially affected by CVE-2026-34500 via org.apache.tomcat:tomcat-coyote-ffm (>=10.1.30 <=10.1.52)

org.apache.tomcat:tomcat-coyote-ffm MAVEN version =10.1.30, =10.0.0, =10.0.0, =10.0.0, =10.0.0, =10.1.4 Source cves: CVE-2026-34500 Source advisory: SNYK:JAVA-ORGAPACHETOMCAT-15989819...

EUVD-2026-20446

Out-of-bounds Write vulnerability in praydog UEVR dependencies/lua/src modules. This vulnerability is associated with program files ldebug.C, lvm.C. This issue affects UEVR: before 1.05...