CVE-2025-59544 Chamilo: Unauthorized access to update category of any user

Chamilo is a learning management system. Prior to version 1.11.34, the functionality for the user to update the category does not implement authorization checks for the "categoryid" parameter which allows users to update the category of any user by replacing the "categoryid" parameter. This issue...

CVE-2026-28497 TinyWeb: Integer Overflow in `_Val` (HTTP Request Smuggling)

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Prior to version 2.03, an integer overflow vulnerability in the string-to-integer conversion routine Val allows an unauthenticated remote attacker to bypass Content-Length restrictions and perform HTTP Request Smuggling. This can le...

EUVD-2026-9967

MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs currently extracts zip files without any size or entry-count limits. For example, instructors can upload a zip file to provide an assignment configuration; students can upload a zip...

EUVD-2026-9968

MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs allows course instructors to upload YAML files to create/update various entities e.g., assignment settings. These YAML files are parsed with aliases enabled. This issue has been patch...

PT-2026-23731

Name of the Vulnerable Software and Affected Versions TimescaleDB versions 2.23.0 through 2.25.1 Description TimescaleDB is a time-series database that functions as a Postgres extension. A flaw exists where PostgreSQL’s use of the search path setting can allow a malicious user to create functions...

PT-2026-23726

Name of the Vulnerable Software and Affected Versions Mesa versions prior to 3.5.1 Description Mesa is a Python library used for agent-based modeling and simulating complex systems. A flaw exists where checking out untrusted code within the benchmarks.yml workflow could allow for code execution...

PT-2026-23639

Name of the Vulnerable Software and Affected Versions Chartbrew versions prior to 4.8.4 Description Chartbrew is a web application that connects to databases and APIs to create charts. Prior to version 4.8.4, the chart filter endpoint, ''/project/:project id/chart/:chart id/filter'', lacks both...

PT-2026-23736

Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.0, in non-debug mode Cryptomator might leak cleartext paths into the log file. This can reveal meta information about the files stored inside a vault at a time, where the actual vault is closed. Not every...

PT-2026-23654

Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, any ahk code contained inside of a pattern or path file is executed by the macro. Since users commonly share path/pattern files, an attacker could share a file containing malicious code, which i...

CVE-2026-28481 OpenClaw < 2026.2.1 - Bearer Token Leakage via MS Teams Attachment Downloader Suffix Matching

OpenClaw versions 2026.1.30 and earlier, contain an information disclosure vulnerability, patched in 2026.2.1, in the MS Teams attachment downloader optional extension must be enabled that leaks bearer tokens to allowlisted suffix domains. When retrying downloads after receiving 401 or 403...

CVE-2026-29077

Frappe is a full-stack web application framework. Prior to versions 15.98.0 and 14.100.0, due to a lack of validation when sharing documents, a user could share a document with a permission that they themselves didn't have. This issue has been patched in versions 15.98.0 and 14.100.0...

CVE-2026-28436

Frappe is a full-stack web application framework. Prior to versions 16.11.0 and 15.102.0, an attacker can set a crafted image URL that results in XSS when the avatar is displayed, and it can be triggered for other users via website page comments. This issue has been patched in versions 16.11.0 an...

CVE-2026-28222

Wagtail is an open source content management system built on Django. Prior to versions 6.3.8, 7.0.6, 7.2.3, and 7.3.1, a stored cross-site scripting XSS vulnerability exists on rendering TableBlock blocks within a StreamField. A user with access to create or edit pages containing TableBlock...

CVE-2026-28348

lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the hassneakyjavascript method strips backslashes before checking for dangerous CSS keywords. This causes CSS Unicode escape sequences to bypass the @import and expression filters,...

CVE-2026-29054

Traefik is an HTTP reverse proxy and load balancer. From version 2.11.9 to 2.11.37 and from version 3.1.3 to 3.6.8, there is a potential vulnerability in Traefik managing the Connection header with X-Forwarded headers. When Traefik processes HTTP/1.1 requests, the protection put in place to preve...

CVE-2026-28209

FreePBX is an open source IP PBX. From versions 16.0.17.2 to before 16.0.20 and from version 17.0.2.4 to before 17.0.5, a command injection vulnerability exists in FreePBX when using the ElevenLabs Text-to-Speech TTS engine in the recordings module. This issue has been patched in versions 16.0.20...

CVE-2026-28223

Wagtail (Django-based CMS) contains a stored XSS in the wagtail.contrib.simple_translation module. Prior to versions 6.3.8, 7.0.6, 7.2.3, and 7.3.1, a user with admin access may craft a page title that, when another user runs the Translate action, executes arbitrary JavaScript in that user’s cont...

CVE-2026-25921

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, overwritable LFS object across different repos leads to supply-chain attack, all LFS objects are vulnerable to be maliciously overwritten by malicious attackers. This issue has been patched in version 0.14.2...

EUVD-2026-9846

OpenProject is an open-source, web-based project management software. Prior to versions 17.0.5 and 17.1.2, an attacker can create wiki pages belonging to unpermitted projects through an improperly authenticated request. This issue has been patched in versions 17.0.5 and 17.1.2...

ROOT-OS-DEBIAN-13-CVE-2026-25796 CVE-2026-25796 in rootio-imagemagick - Patched by Root

Root has patched CVE-2026-25796 in the rootio-imagemagick package for Root:Debian:13. Multiple fixed versions available...