CVE-2026-1897 WeKan Position-History Tracking positionHistory.js PositionHistoryBleed authorization

A vulnerability was found in WeKan up to 8.20. Affected by this issue is some unknown functionality of the file server/methods/positionHistory.js of the component Position-History Tracking. The manipulation results in missing authorization. The attack may be performed from remote. Upgrading to...

CVE-2026-1895

A flaw has been found in WeKan up to 8.20. Affected is the function applyWipLimit of the file models/lists.js of the component Attachment Storage Handler. Executing a manipulation can lead to improper access controls. The attack can be executed remotely. Upgrading to version 8.21 is able to addre...

CVE-2026-1892

A security vulnerability has been detected in WeKan up to 8.20. This affects the function setBoardOrgs of the file models/boards.js of the component REST API. Such manipulation of the argument item.cardId/item.checklistId/card.boardId leads to improper authorization. The attack may be launched...

CVE-2026-1884

CVE-2026-1884 affects ZenTao up to 21.7.6-85642. The vulnerable element is the function fetchHook in the file module/webhook/model.php of the Webhook Module. This manipulation enables a server-side request forgery (SSRF) that may be exploited remotely; the exploit is publicly available. Vendors w...

libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response

A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption...

Commvault Initial Administrator Login Process Vulnerability

An issue was discovered in Commvault before 11.36.60.During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been configured. id:...

CVE-2025-67188

A buffer overflow vulnerability exists in TOTOLINK A950RG V4.1.2cu.5204B20210112. The issue resides in the setRadvdCfg interface of the /lib/cstemodules/ipv6.so module. The function fails to properly validate the length of the user-controlled radvdinterfacename parameter, allowing remote attacker...

CVE-2025-57529

YouDataSum CPAS Audit Management System =v4.9 is vulnerable to SQL Injection in /cpasList/findArchiveReportByDah due to insufficient input validation. This allows remote unauthenticated attackers to execute arbitrary SQL commands via crafted input to the parameter. Successful exploitation could...

CVE-2026-1835 lcg0124 BootDo cross-site request forgery

A vulnerability was identified in lcg0124 BootDo up to e93dd428ef6f5c881aa74d49a2099ab0cf1e0fcb. This affects an unknown part. The manipulation leads to cross-site request forgery. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. This product...

PT-2026-6082

Name of the Vulnerable Software and Affected Versions Cisco TelePresence Collaboration Endpoint Software affected versions not specified Cisco RoomOS Software affected versions not specified Description A flaw exists in the text rendering subsystem that could allow a remote attacker to cause a...

Ubuntu 25.10 : CRaC JDK 17 vulnerabilities (USN-7997-1)

The remote Ubuntu 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7997-1 advisory. It was discovered that the RMI component of CRaC JDK 17 would establish RMI TCP endpoint connections to a remote host without setting an endpoint...

CVE-2020-37081

Fishing Reservation System 7.5 contains multiple remote SQL injection vulnerabilities in admin.php, cart.php, and calendar.php that allow attackers to inject malicious SQL commands. Attackers can exploit vulnerable parameters like uid, pid, type, m, y, and code to compromise the database manageme...

CVE-2026-1861

Heap buffer overflow in libvpx in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

EUVD-2020-30986

PhpIX 2012 Professional contains a SQL injection vulnerability in the 'id' parameter of productdetail.php that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the 'id' parameter to potentially extract or modify database information...

K000159867: MySQL vulnerability CVE-2026-21941

Security Advisory Description Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via multip...

CVE-2025-13473

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsgi allows remote attackers to enumerate users via a timing attack. Earlier, unsupported Django series such as 5.0.x,...

CVE-2025-61641

A flaw was found in MediaWiki. A remote attacker can exploit this vulnerability without requiring user interaction or privileges. This issue, associated with the includes/api/ApiQueryAllPages.Php program file, may lead to a low impact Denial of Service DoS. Mitigation Mitigation for this issue is...

CVE-2025-6593

A flaw was found in MediaWiki. A remote attacker, by enticing a user to interact with malicious content, could potentially exploit a vulnerability in the includes/user/User.Php file. This could lead to the disclosure of limited sensitive information. Mitigation Mitigation for this issue is either...

CVE-2025-6591

A flaw was found in MediaWiki, specifically within the ApiFeedContributions.Php program file. This vulnerability could potentially be exploited by a remote attacker with high privileges, requiring user interaction. Mitigation Mitigation for this issue is either not available or the currently...

CVE-2025-67851

A flaw was found in moodle. This formula injection vulnerability occurs when data fields are exported without proper escaping. A remote attacker could exploit this by providing malicious data that, when exported and opened in a spreadsheet, allows arbitrary formulas to execute. This can lead to...