CVE-2026-25741

Zulip is an open-source team collaboration tool. Prior to commit bf28c82dc9b1f630fa8e9106358771b20a0040f7, the API endpoint for creating a card update session during an upgrade flow was accessible to users with only organization member privileges. When the associated Stripe Checkout session is...

EUVD-2026-8884

SPIP versions prior to 4.4.10 contain a SQL injection vulnerability that allows authenticated low-privilege users to execute arbitrary SQL queries by manipulating union-based injection techniques. Attackers can exploit this SQL injection flaw combined with PHP tag processing to achieve remote cod...

DEBIAN-CVE-2026-22206

SPIP versions prior to 4.4.10 contain a SQL injection vulnerability that allows authenticated low-privilege users to execute arbitrary SQL queries by manipulating union-based injection techniques. Attackers can exploit this SQL injection flaw combined with PHP tag processing to achieve remote cod...

UBUNTU-CVE-2026-22206

SPIP versions prior to 4.4.10 contain a SQL injection vulnerability that allows authenticated low-privilege users to execute arbitrary SQL queries by manipulating union-based injection techniques. Attackers can exploit this SQL injection flaw combined with PHP tag processing to achieve remote cod...

CVE-2026-22206

SPIP versions prior to 4.4.10 contain a SQL injection vulnerability that allows authenticated low-privilege users to execute arbitrary SQL queries by manipulating union-based injection techniques. Attackers can exploit this SQL injection flaw combined with PHP tag processing to achieve remote cod...

CVE-2026-22206 SPIP < 4.4.10 SQL Injection RCE via Union & PHP Tags

SPIP versions prior to 4.4.10 contain a SQL injection vulnerability that allows authenticated low-privilege users to execute arbitrary SQL queries by manipulating union-based injection techniques. Attackers can exploit this SQL injection flaw combined with PHP tag processing to achieve remote cod...

CVE-2026-22206

SPIP versions prior to 4.4.10 contain a SQL injection vulnerability that allows authenticated low-privilege users to execute arbitrary SQL queries by manipulating union-based injection techniques. Attackers can exploit this SQL injection flaw combined with PHP tag processing to achieve remote cod...

CVE-2026-23750

Golioth Pouch 0.1.0 (prior to the fixed version) is affected by a heap-based buffer overflow in the BLE GATT server certificate handling. In server_cert_write(), a heap buffer of CONFIG_POUCH_SERVER_CERT_MAX_LEN is allocated for the first fragment, and subsequent fragments are appended via memcpy...

Moderate: Red Hat Security Advisory: openssl security update

An update for openssl is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...

CVE-2026-27744

The SPIP tickets plugin versions prior to 4.3.3 contain an unauthenticated remote code execution vulnerability in the forum preview handling for public ticket pages. The plugin appends untrusted request parameters into HTML that is later rendered by a template using unfiltered environment renderi...

📄 fast-xml-parser REGEX Injection / Cross Site Scripting

fast-xml-parser versions starting at 4.1.3 and below 5.3.5 suffer from a REGEX injection issue that can allow for cross site scripting attacks. ============================================================================================================================================= | Title :...

A High-Throughput AES-GCM Implementation on GPUs for Secure, Policy-Based Access to Massive Astronomical Catalogs

The era of large astronomical surveys generates massive image catalogs requiring efficient and secure access, particularly during pre-publication periods where data confidentiality and integrity are paramount. While Findable, Accessible, Interoperable, and Reusable FAIR principles guide the...

PT-2026-22182

Name of the Vulnerable Software and Affected Versions SPIP versions prior to 4.4.10 Description SPIP versions before 4.4.10 have a SQL injection flaw. Authenticated low-privilege users can execute arbitrary SQL queries through union-based injection techniques. Attackers can combine this SQL...

CVE-2026-26271

FreeRDP (Remote Desktop Protocol client) is affected by CVE-2026-26271 due to a buffer overread in freerdp_image_copy_from_icon_data() (libfreerdp/codec/color.c). The vulnerability is exploitable by crafted RDP Window Icon data and is reachable over the network when a client processes icon data f...

Buffer Over-read

Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Buffer Over-read

Overview Magick.NET-Q16-HDRI-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

Missing Release of Memory after Effective Lifetime

Overview Magick.NET-Q16-HDRI-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

Missing Release of Memory after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime via coders that handles raw pixel data output. An attacker can cause increased memory consumption and potential denial of service by repeatedly triggering image processing operations th...

Missing Release of Memory after Effective Lifetime

Overview Magick.NET-Q16-HDRI-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Missing Release of Memory after Effective Lifetime

Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...