CVE-2026-34261

CVE-2026-34261 affects SAP Business Analytics and SAP Content Management. Root cause: missing authorization check enables an authenticated user to call certain remote function modules beyond their permissions. Impact: confidentiality is affected; no noted impact to integrity or availability. Expl...

EUVD-2026-22170

Due to a missing authorization check in SAP Business Analytics and SAP Content Management, an authenticated user could make unauthorized calls to certain remote function modules, potentially accessing sensitive information beyond their intended permissions. This vulnerability affects...

SAP Landscape Transformation 代码注入漏洞

SAP Landscape Transformation is a tool developed by SAP, a German company, for system data migration and integration. SAP Landscape Transformation has a code injection vulnerability; this vulnerability stems from vulnerabilities in the RFC-exposed function modules, which may allow for the injecti...

PT-2026-32970

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 1.8-rc-1, 17.0.0-rc-1 and 17.5.0-rc-1 and prior include a resource exhaustion vulnerability in REST API endpoints such as...

SAP Business Analytics和SAP Content Management 安全漏洞

SAP Business Analytics and SAP Content Management are both products of the German company SAP. SAP Business Analytics is a suite of enterprise data analysis and business intelligence solutions. SAP Content Management is an enterprise content storage and document management system. Both SAP Busine...

Security Bulletin: Vulerability in IBM Spectrum Symphony with OpenSSL

Summary Vulerability in IBM Spectrum Symphony with OpenSSL Vulnerability Details CVEID:CVE-2024-13176 DESCRIPTION: Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDS...

Oracle Linux 9 : perl-XML-Parser (ELSA-2026-7679)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-7679 advisory. 2.46-9.1.0.1 - Add perlLWP, perlURI, perlURI::file Requires 2.46-9.1 - Fix CVE-2006-10002, CVE-2006-10003 Tenable has extracted the preceding descripti...

Exploit for SQL Injection in Devcode Openstamanager

CVE-2026-24417: OpenSTAManager has a Time-Based Blind SQL Inje...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: perl: perl-5.42.2-524.1.hum1 aarch64, x8664 perl-Attribute-Handlers-1.03-524.1.hum1 noarch perl-AutoLoader-5.74-524.1.hum1 noarch perl-AutoSplit-5.74-524.1.hum1 noarch perl-B-1.89-524.1.hum1...

be.yildiz-games:module-messaging-activemq (>=1.0.0 <=1.0.1), cn.codeforfun:jfinal-activemq (=0.3) +215 more potentially affected by CVE-2026-39304 via org.apache.activemq:activemq-all (>=5.0.0 <=5.19.4)

org.apache.activemq:activemq-all MAVEN version =5.0.0, =1.0.0, =6.0.03, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.3-rc1, =2.0.0, =3.0.0, =8.0.0, =2.0.0, =1.0.0, =1.0.1, =1.0.2 and more Source cves: CVE-2026-39304 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-15992453...

CVE-2026-39346

OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source allowed authenticated users to bypass disabled-module access controls via URL-encoded request paths and access functionality of modules disabled by an administrator. This vulnerability is fix...

JIZHICMS（极致CMS） 安全漏洞

JIZHICMS is an open-source content management system developed by JIZHI Corporation in China. Version 2.5.4 of JIZHICMS contains a security vulnerability, which stems from server-side request forgeing vulnerabilities in the User Evaluation, Message, and Comment modules...

SUSE CVE-2026-31789

Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: A heap buffer overflow may lead to a crash or possibly an attacker controlled code execution or other undefined behavior. If an attacker c...

org.apache.tomee.bom:tomee-microprofile (>=10.0.0 <=10.0.0-M3), org.apache.tomee.bom:tomee-plume (>=10.0.0 <=10.0.0-M3) +2 more potentially affected by CVE-2026-34500 via org.apache.tomcat:tomcat-coyote-ffm (>=10.1.30 <=10.1.52)

org.apache.tomcat:tomcat-coyote-ffm MAVEN version =10.1.30, =10.0.0, =10.0.0, =10.0.0, =10.0.0, =10.1.4 Source cves: CVE-2026-34500 Source advisory: SNYK:JAVA-ORGAPACHETOMCAT-15989819...

EUVD-2026-20446

Out-of-bounds Write vulnerability in praydog UEVR dependencies/lua/src modules. This vulnerability is associated with program files ldebug.C, lvm.C. This issue affects UEVR: before 1.05...

CVE-2026-2263

The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hustlemoduleconverted' AJAX action in all versions up to, and including, 7.8.10.2. This makes it possible for...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006709)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006709 advisory. Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM md, raid, raid5 modules allows Forced Integer Overflow. Tenable has...

CVE-2026-31790

Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. Impact summary: The uninitialized buffer might contain sensitive data from the previous execution of the application process whi...

ALPINE-CVE-2026-28389

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of...

CVE-2026-31790 Incorrect Failure Handling in RSA KEM RSASVE Encapsulation

Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. Impact summary: The uninitialized buffer might contain sensitive data from the previous execution of the application process whi...