CVE-2026-45369

python-utcp is the python implementation of UTCP. Prior to 1.1.3, the substituteutcpargs method in clicommunicationprotocol.py inserts user-controlled toolargs values directly into shell command strings without any sanitization or escaping. These commands are then executed via /bin/bash -c Unix o...

CVE-2025-13986 Disable Login Page - Critical - Access bypass - SA-CONTRIB-2025-124

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Disable Login Page allows Functionality Bypass.This issue affects Disable Login Page: from 0.0.0 before 1.1.3...

wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL

A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. This flaw allows an attacker to cause an Out of memory OOM issue, leading to a denial of service. The highest threat from this vulnerability is to system availability...

Roundcube webmail cross-site scripting vulnerability

RoundCube Webmail is a browser-based IMAP client. A cross-site scripting vulnerability in program/js/app.js in Roundcube webmail versions prior to 1.0.7, 1.1.x-1.1.3 allows remote attackers to inject arbitrary web script or HTML by dragging and dropping the filename in a file upload...