CVE-2026-29054

Traefik is an HTTP reverse proxy and load balancer. From version 2.11.9 to 2.11.37 and from version 3.1.3 to 3.6.8, there is a potential vulnerability in Traefik managing the Connection header with X-Forwarded headers. When Traefik processes HTTP/1.1 requests, the protection put in place to preve...

CVE-2026-28209

FreePBX is an open source IP PBX. From versions 16.0.17.2 to before 16.0.20 and from version 17.0.2.4 to before 17.0.5, a command injection vulnerability exists in FreePBX when using the ElevenLabs Text-to-Speech TTS engine in the recordings module. This issue has been patched in versions 16.0.20...

CVE-2026-28223

Wagtail (Django-based CMS) contains a stored XSS in the wagtail.contrib.simple_translation module. Prior to versions 6.3.8, 7.0.6, 7.2.3, and 7.3.1, a user with admin access may craft a page title that, when another user runs the Translate action, executes arbitrary JavaScript in that user’s cont...

CVE-2026-25921

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, overwritable LFS object across different repos leads to supply-chain attack, all LFS objects are vulnerable to be maliciously overwritten by malicious attackers. This issue has been patched in version 0.14.2...

EUVD-2026-9846

OpenProject is an open-source, web-based project management software. Prior to versions 17.0.5 and 17.1.2, an attacker can create wiki pages belonging to unpermitted projects through an improperly authenticated request. This issue has been patched in versions 17.0.5 and 17.1.2...

ROOT-OS-DEBIAN-13-CVE-2026-25796 CVE-2026-25796 in rootio-imagemagick - Patched by Root

Root has patched CVE-2026-25796 in the rootio-imagemagick package for Root:Debian:13. Multiple fixed versions available...

ROOT-OS-DEBIAN-13-CVE-2026-26066 CVE-2026-26066 in rootio-imagemagick - Patched by Root

Root has patched CVE-2026-26066 in the rootio-imagemagick package for Root:Debian:13. Multiple fixed versions available...

CVE-2026-29052

The Calendar module for HumHub enables users to create one-time or recurring events, manage attendee invitations, and efficiently track all scheduled activities. Prior to version 1.8.11, a Stored Cross-Site Scripting XSS vulnerability in the Event Types of the HumHub Calendar module impacts users...

CVE-2026-29053

Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1...

CVE-2026-29053 Ghost Vulnerable to Remote Code Execution via Malicious Themes

Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1...

AZL-79431 CVE-2026-3381 affecting package qt5-qtbase 5.12.11-19

Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib. Compress::Raw::Zlib includes a copy of the zlib library. Compress::Raw::Zlib version 2.220 includes zlib 1.3.2, which addresses findings fron the 7ASecurity audit of zlib. The includes fixs for...

TechDocs Mkdocs Configuration Key Enables Arbitrary Code Execution

Impact This is a configuration bypass vulnerability that enables arbitrary code execution. The @backstage/plugin-techdocs-node package uses an allowlist to filter dangerous MkDocs configuration keys during the documentation build process. A gap in this allowlist allows attackers to craft an...

PT-2026-23505

Name of the Vulnerable Software and Affected Versions The Graph versions prior to 3.0.0 Description A flaw exists in the token vesting contracts of The Graph protocol. This issue allows users to access tokens before they are released according to their vesting schedule. The problem was addressed...

PT-2026-23508

Name of the Vulnerable Software and Affected Versions Frappe versions prior to 15.98.0 Frappe versions prior to 14.100.0 Description Frappe is a full-stack web application framework. A flaw exists due to insufficient validation during document sharing, potentially allowing a user to share a...

SUSE SLES15 Security Update : kernel (Live Patch 31 for SUSE Linux Enterprise 15 SP5) (SUSE-SU-2026:0731-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0731-1 advisory. This update for the SUSE Linux Enterprise kernel 5.14.21-150500.55.124 fixes various security issues The following security issues were fixed: ...

openSUSE Security Advisory (SUSE-SU-2026:0777-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-66024

The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Versions prior to 9.15.7 are vulnerable to Stored Cross-Site Scripting XSS via the Blog Post Title. The vulnerability arises because the post title is injected directly into the HTML tag without proper...

Dark Reader gives users the ability to request style sheets from local web servers

Description Dark Reader versions prior to 4.9.117 included a behavior where a website could request a style sheet from a locally running web server, for example http://localhost:8080/style.css, If an address was available and returned a text/css content type. Patches The problem was fixed in...

Security update for libxslt

This update for libxslt fixes the following issues: CVE-2025-10911: use-after-free will be fixed on libxml2 side instead bsc1250553. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run th...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.17.50 bug fix and security update

Red Hat OpenShift Container Platform release 4.17.50 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.17. Red Hat Product Security has rated this update as having a...