ROOT-OS-UBUNTU-2404-CVE-2025-71192 CVE-2025-71192 in rootio-linux - Patched by Root

Root has patched CVE-2025-71192 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

CVE-2026-49054 WordPress The Post Grid plugin <= 7.9.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Mamunur Rashid The Post Grid allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects The Post Grid: from n/a through 7.9.2...

CVE-2026-49054

CVE-2026-49054 concerns WordPress plugin The Post Grid (versions up to 7.9.2). The issue is a Missing Authorization / Broken Access Control vulnerability caused by misconfigured access control logic, allowing unauthorized access where restrictions should apply. Public sources in the connected rec...

WordPress The Post Grid plugin <= 7.9.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by timomangcut in WordPress Plugin The Post Grid versions = 7.9.2...

WordPress Livemesh SiteOrigin Widgets plugin <= 3.9.2 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

Missing Authorization to Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Livemesh SiteOrigin Widgets versions = 3.9.2...

CVE-2026-3897

The CVE-2026-3897 entry describes a Stored XSS in the Livemesh Addons for Beaver Builder WordPress plugin, via the labb_admin_ajax action. Affected versions are all up to 3.9.2. Root cause is missing authorization checks despite nonce verification, enabling authenticated Subscriber+ users to modi...

EUVD-2026-31986

A vulnerability was determined in JeecgBoot up to 3.9.1. The affected element is the function LoginController.selectDepart of the file /sys/selectDepart. This manipulation causes improper access controls. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and m...

Security Bulletin: IBM OpenPages is affected by multiple security vulnerabilities of DB2 Database Server (April 2026)

Summary IBM® Db2® Database Server is shipped as a supporting program of IBM OpenPages. Information about security vulnerabilities affecting IBM Db2 Database Server has been published in multiple security bulletins. Vulnerability Details Refer to the security bulletins listed in the...

SUSE CVE-2022-39307

Grafana is an open-source platform for monitoring and observability. When using the forget password on the login page, a POST request is made to the /api/user/password/sent-reset-email URL. When the username or email does not exist, a JSON response contains a “user not found” message. This leaks...

CLSA-2026-1779465287 Update of tomcat

Bump leading release to maintain monotonic rpm-version ordering in the AlmaLinux 9.2 ESU update stream...

EUVD-2026-31420

A broken access control vulnerability exists in the TeamViewer DEX Platform On‑Premises prior version 9.2. Certain backend API endpoints do not correctly enforce authorization checks, allowing an authenticated user with low privileges to perform actions and access resources intended only for...

CVE-2026-8381 Broken Access Control in TeamViewer DEX Platform (On Premises)

A broken access control vulnerability exists in the TeamViewer DEX Platform On‑Premises prior version 9.2. Certain backend API endpoints do not correctly enforce authorization checks, allowing an authenticated user with low privileges to perform actions and access resources intended only for...

Astra Linux - уязвимость в net-snmp

Net-SNMP provides various tools related to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials could exploit an improper input validation vulnerability when setting malformed OIDs in both the master agent and subagent simultaneously. Version 5.9.2...

CLEANSTART-2026-TK12973 Security fixes for CVE-2025-54410, CVE-2026-32952, CVE-2026-33186, ghsa-4vq8-7jfc-9cvp, ghsa-p77j-4mvh-x3m3, ghsa-pjcq-xvwq-hhpj applied in versions: 9.2.8-r0, 9.2.8-r1

Multiple security vulnerabilities affect the elastic-beats package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2026-2695

A command injection vulnerability was discovered in TeamViewer DEX Platform On-Premises former 1E DEX Platform On-Premises prior to version 9.2. Improper input validation allows authenticated users with at least questioner privileges to inject commands in specific instructions. Exploitation could...

CVE-2026-39218

creationtimestamp| type| source ---|---|--- 2026-05-08 18:19:08+00:00| seen| https://gist.github.com/cla7aye15I4nd/f9a7700240afe7ae8171ee65682e890f...

CVE-2026-41889 pgx: SQL Injection via placeholder confusion with dollar quoted string literals

pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, that string literal contains text that would be would be interpreted as a placeholder outside of a...

CVE-2026-41889

pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, that string literal contains text that would be would be interpreted as a placeholder outside of a...

Gambio 安全漏洞

Gambio is an integrated e-commerce solution developed by the Gambio company. Version Gambio 4.9.2.0 contains a security vulnerability. This vulnerability arises from the possibility of bypassing the password reset function; as long as the ID is known, any password for any account can be set...

Astra Linux - уязвимость в net-snmp

Net-SNMP provides various tools related to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials could use an improperly formatted OID in a SET request to the nsVacmAccessTable, causing a NULL pointer derefrence. Version 5.9.2 includes a patch to addre...