21698 matches found
PT-2026-48890
Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, an IDOR vulnerability allows authenticated users to access other users' email configuration details. This issue has been patched in versions 15.107.0 and 16.17.0...
PT-2026-48844
Name of the Vulnerable Software and Affected Versions Apache CXF versions prior to 4.2.2 Apache CXF versions prior to 4.1.7 Description The EndpointReferenceUtils and W3CMultiSchemaFactory classes construct a SAXParserFactory without the required JAXP hardening configurations. This allows for...
MINI-HX3F-6G5R-RVQ9
Bulletin has no description...
MINI-FQMX-XP7P-X6Q8
Bulletin has no description...
MINI-QCQP-F2X4-75V6
Bulletin has no description...
MINI-23MF-V8V3-QMH5
Bulletin has no description...
MINI-HPFF-82WF-C64V
Bulletin has no description...
MINI-WR78-V5PP-PQ56
Bulletin has no description...
CGA-PFR2-624J-PJCP
Bulletin has no description...
CGA-X969-39Q4-2J4C
Bulletin has no description...
Malicious Package
Overview @solana-labs/web3.js is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview solana-web3 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...
Malicious Package
Overview solana-mev-bot is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MINI-9F48-HX76-X6RF
Bulletin has no description...
CVE-2026-7787 Unauthenticated Session History Access via Public Flow Execution
IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references...
CVE-2026-8406
openSIS Classic 9.3 is affected by an insecure direct object reference in the messaging module. An authenticated user with access to messaging can request details of sent messages by supplying an arbitrary mail_id to modules/messaging/SentMail.php, exposing potentially sensitive information. No e...
CVE-2026-8406 openSIS Classic 9.3 - Insecure Direct Object Reference in Sent Mail
openSIS Classic 9.3 contains an insecure direct object reference vulnerability in the messaging module. Any authenticated user with access to the messaging module can request sent-message details from modules/messaging/SentMail.php by supplying an arbitrary mailid value...
EUVD-2026-36245
openSIS Classic 9.3 contains an insecure direct object reference vulnerability in the messaging module. Any authenticated user with access to the messaging module can request sent-message details from modules/messaging/SentMail.php by supplying an arbitrary mailid value...
CVE-2026-8406 openSIS Classic 9.3 - Insecure Direct Object Reference in Sent Mail
openSIS Classic 9.3 contains an insecure direct object reference vulnerability in the messaging module. Any authenticated user with access to the messaging module can request sent-message details from modules/messaging/SentMail.php by supplying an arbitrary mailid value...
GHSA-C2GF-V879-257J netty-codec-http2: ByteBuf Reference-Count Leak in DelegatingDecompressorFrameListener Leads to Memory Exhaustion
Impact The DelegatingDecompressorFrameListener class orchestrates HTTP/2 decompression by embedding a per-stream EmbeddedChannel that runs the appropriate decompression codec gzip, deflate, zstd and forwards decompressed chunks to a wrapped listener. Each decompressed chunk is a pooled ByteBuf...