Code Injection

SimpleEval is vulnerable to code injection. The vulnerability is due to objects leaking dangerous modules through to direct access inside the sandbox, where dangerous functions or modules could be accessed by passing them as callbacks to other safe functions to call...

OESA-2026-1661 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code...

CVE-2026-4434

Improper certificate validation in the PAM propagation WinRM connections allows a network attacker to perform a man-in-the-middle attack via disabled TLS certificate verification...

ai.platon.pulsar:pulsar-e2e-tests (>=4.5.0 <=4.6.0), ai.platon.pulsar:pulsar-it-tests (>=4.5.0 <=4.6.0) +714 more potentially affected by CVE-2026-22731 via org.springframework.boot:spring-boot-actuator-autoconfigure (>=4.0.0-M1 <=4.0.3)

org.springframework.boot:spring-boot-actuator-autoconfigure MAVEN version =4.0.0-M1, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =3.1.0, =3.3.0 and more Source cves: CVE-2026-22731 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKBOOT-15701...

ai.platon.pulsar:pulsar-e2e-tests (>=4.5.0 <=4.6.0), ai.platon.pulsar:pulsar-it-tests (>=4.5.0 <=4.6.0) +773 more potentially affected by CVE-2026-22733 via org.springframework.boot:spring-boot-actuator (>=4.0.0-M1 <=4.0.3)

org.springframework.boot:spring-boot-actuator MAVEN version =4.0.0-M1, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =3.1.0, =3.3.0 and more Source cves: CVE-2026-22733 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKBOOT-15701836...

ch.admin.bit.jeap.jme:jme-spring-boot-integration-test-it (>=1.0.0 <=1.0.1), ch.admin.bit.jeap:jeap-archrepo-instance (>=4.17.0 <=4.22.0) +1065 more potentially affected by CVE-2026-22731 via org.springframework.boot:spring-boot-starter-actuator (>=3.5.0 <=3.5.11)

org.springframework.boot:spring-boot-starter-actuator MAVEN version =3.5.0, =1.0.0, =4.17.0, =4.17.0, =4.17.0, =3.14.0, =3.14.0, =3.14.0, =0.0.1, =0.0.13, =0.0.1, =0.0.1, =2.43.0, =4.14.0, =4.14.0, =4.14.0, =4.18.0 and more Source cves: CVE-2026-22731 Source advisory: OSV:GHSA-8HFC-FQ58-R658...

ch.admin.bit.jeap.jme:jme-spring-boot-integration-test-it (>=1.0.0 <=1.0.1), ch.admin.bit.jeap:jeap-archrepo-instance (>=4.17.0 <=4.22.0) +1065 more potentially affected by CVE-2026-22733 via org.springframework.boot:spring-boot-starter-actuator (>=3.5.0 <=3.5.11)

org.springframework.boot:spring-boot-starter-actuator MAVEN version =3.5.0, =1.0.0, =4.17.0, =4.17.0, =4.17.0, =3.14.0, =3.14.0, =3.14.0, =0.0.1, =0.0.13, =0.0.1, =0.0.1, =2.43.0, =4.14.0, =4.14.0, =4.14.0, =4.18.0 and more Source cves: CVE-2026-22733 Source advisory: OSV:GHSA-MGVC-8Q2H-5PGC...

ai.platon.pulsar:pulsar-e2e-tests (>=4.5.0 <=4.6.0), ai.platon.pulsar:pulsar-it-tests (>=4.5.0 <=4.6.0) +682 more potentially affected by CVE-2026-22733 via org.springframework.boot:spring-boot-starter-actuator (>=4.0.0-M1 <=4.0.3)

org.springframework.boot:spring-boot-starter-actuator MAVEN version =4.0.0-M1, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =3.1.0, =3.3.0 and more Source cves: CVE-2026-22733 Source advisory: OSV:GHSA-MGVC-8Q2H-5PGC...

EUVD-2026-13362

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, an Authenticated Remote Code Execution RCE vulnerability exists in SuiteCRM modules. Versions 7.15.1 and 8.9.3 patch the issue...

CVE-2026-29102 SuiteCRM has Authenticated RCE in Modules

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, an Authenticated Remote Code Execution RCE vulnerability exists in SuiteCRM modules. Versions 7.15.1 and 8.9.3 patch the issue...

CVE-2026-29102

SuiteCRM (open-source CRM) has an Authenticated Remote Code Execution (RCE) vulnerability affecting modules in versions prior to 7.15.1 and 8.9.3. Patch versions 7.15.1 and 8.9.3 to remediate. The CVSSv3.1 base score is 7.2 (High) with network attack vector, low attack complexity, and privileges ...

CVE-2026-29102 SuiteCRM has Authenticated RCE in Modules

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, an Authenticated Remote Code Execution RCE vulnerability exists in SuiteCRM modules. Versions 7.15.1 and 8.9.3 patch the issue...

CVE-2026-29102 SuiteCRM has Authenticated RCE in Modules

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, an Authenticated Remote Code Execution RCE vulnerability exists in SuiteCRM modules. Versions 7.15.1 and 8.9.3 patch the issue...

CVE-2026-29101 SuiteCRM Vulnerable to Directory Traversal to DoS in Modules

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, a Denial-of-Service DoS vulnerability exists in SuiteCRM modules. Versions 7.15.1 and 8.9.3 patch the issue...

CVE-2026-29101

CVE-2026-29101 affects SuiteCRM prior to versions 7.15.1 and 8.9.3, where a Denial-of-Service (DoS) vulnerability exists in modules. The issue is resolved by upgrading to 7.15.1 or 8.9.3, per multiple sources. The available descriptions identify the vulnerability as a DoS affecting SuiteCRM modul...

CVE-2026-29101 SuiteCRM Vulnerable to Directory Traversal to DoS in Modules

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, a Denial-of-Service DoS vulnerability exists in SuiteCRM modules. Versions 7.15.1 and 8.9.3 patch the issue...

EUVD-2025-208869

Improper Authentication vulnerability in Secomea GateManager webserver modules allows Authentication Bypass.This issue affects GateManager: 11.4;0...

CVE-2025-14716

Improper Authentication vulnerability in Secomea GateManager webserver modules allows Authentication Bypass.This issue affects GateManager: 11.4;0...

CVE-2025-14716 Unauthorized access to information

Improper Authentication vulnerability in Secomea GateManager webserver modules allows Authentication Bypass.This issue affects GateManager: 11.4;0...

CVE-2025-14716

Improper Authentication vulnerability in Secomea GateManager webserver modules allows Authentication Bypass.This issue affects GateManager: 11.4;0...