PT-2026-34519

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.11 through 18.11.0 Description Improper access control in the issue description rendering process could allow an authenticated user to access titles of confidential or private issues within public projects...

CVE-2026-5921

A server-side request forgery SSRF vulnerability was identified in GitHub Enterprise Server that allowed an attacker to extract sensitive environment variables from the instance through a timing side-channel attack against the notebook rendering service. When private mode was disabled, the notebo...

CVE-2026-5921 Server-Side Request Forgery in GitHub Enterprise Server allowed extraction of sensitive environment variables via timing side-channel attack

A server-side request forgery SSRF vulnerability was identified in GitHub Enterprise Server that allowed an attacker to extract sensitive environment variables from the instance through a timing side-channel attack against the notebook rendering service. When private mode was disabled, the notebo...

CVE-2026-5921

CVE-2026-5921 describes a server-side request forgery (SSRF) in GitHub Enterprise Server. The notebook rendering service can be reached via an open redirect chain when private mode is disabled, allowing an unauthenticated SSRF to internal services. A timing side-channel across a regex-filtered in...

CVE-2026-40567

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can inject arbitrary HTML into outgoing emails generated by FreeScout by sending an email with a crafted From display name. The name is stored in the database without sanitization a...

CVE-2026-27937 October: Reflected XSS via DataTable Form Widget

October is a Content Management System CMS and web platform. Prior to 3.7.16 and 4.1.16, a reflected Cross-Site Scripting XSS vulnerability was identified in the backend DataTable widget where a query parameter was rendered without proper output escaping. This vulnerability is fixed in 3.7.16 and...

CVE-2026-27937 October: Reflected XSS via DataTable Form Widget

October is a Content Management System CMS and web platform. Prior to 3.7.16 and 4.1.16, a reflected Cross-Site Scripting XSS vulnerability was identified in the backend DataTable widget where a query parameter was rendered without proper output escaping. This vulnerability is fixed in 3.7.16 and...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open-source application developed by GitHub in the United States. It provides a scalable and easy-to-manage platform by allowing users to set their GitHub instances as virtual devices. Prior to version 3.21 of GitHub Enterprise Server, there was a security...

PT-2026-34233

Summary The defineScriptVars function in Astro's server-side rendering pipeline uses a case-sensitive regex //g to sanitize values injected into inline tags via the define:vars directive. HTML parsers close elements case-insensitively and also accept whitespace or / before the closing , allowing ...

PT-2026-33923

Reflected Cross-Site Scripting XSS vulnerability in Navigate Content Management System. The vulnerability is present in the '/blog' endpoint because user input is not properly sanitized through designed query parameters. This results in unsafe HTML rendering, which could allow a remote attacker t...

PT-2026-34011

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can inject arbitrary HTML into outgoing emails generated by FreeScout by sending an email with a crafted From display name. The name is stored in the database without sanitization a...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011173)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011173 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Validate the box size for the snooped cursor Invalid userspace dma surface copies cou...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011313)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011313 advisory. In the Linux kernel, the following vulnerability has been resolved: fbdev: Add bounds checking in bitputcs to fix vmalloc-out-of-bounds Add bounds checking to preven...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013034)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013034 advisory. In the Linux kernel, the following vulnerability has been resolved: fbdev: Add bounds checking in bitputcs to fix vmalloc-out-of-bounds Add bounds checking to preven...

CVE-2026-40259

SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, the /api/av/removeUnusedAttributeView endpoint is protected only by generic authentication that accepts publish-service RoleReader tokens. The handler passes a caller-controlled id directly to a model...

CVE-2026-23756 GFI HelpDesk < 4.99.9 Stored XSS via Troubleshooter Step Subject

GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the Troubleshooter module where the subject POST parameter is not sanitized in ControllerStep.InsertSubmit and EditSubmit before being rendered by ViewStep.RenderViewSteps. An authenticated staff member can inject...

EUVD-2026-23860

SGLang's reranking endpoint /v1/rerank achieves Remote Code Execution RCE when a model file containing a malcious tokenizer.chattemplate is loaded, as the Jinja2 chat templates are rendered using an unsandboxed jinja2.Environment...

CVE-2026-5760

SGLang's reranking endpoint /v1/rerank achieves Remote Code Execution RCE when a model file containing a malcious tokenizer.chattemplate is loaded, as the Jinja2 chat templates are rendered using an unsandboxed jinja2.Environment...

OPENSUSE-SU-2026:20571-1 Security update for go1.26

This update for go1.26 fixes the following issues: - Update to version go1.26.2 bsc1255111. - CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG bsc1261653. - CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination bsc1261654. - CVE-2026-27144:...

CVE-2026-6600

The CVE affects langflow-ai langflow up to version 1.8.3, targeting the Frontend React component rendering path in src/frontend/src/modals/IOModal/components/chatView/chatMessage/components/edit-message.tsx. A manipulation can lead to cross-site scripting (XSS); the attack may be launched remotel...