EUVD-2025-208173

Chamilo is a learning management system. Prior to version 1.11.30, an input validation vulnerability exists when importing user data from CSV files. This flaw occurs due to insufficient sanitization of user data, specifically in the "Last Name", "First Name", and "Username" fields. It allows...

CVE-2025-50187

Chamilo is a learning management system. Prior to version 1.11.28, parameter from SOAP request is evaluated without filtering which leads to Remote Code Execution. This issue has been patched in version 1.11.28...

PT-2026-22633

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the password reset flow did not revoke existing refresh tokens, allowing an attacker with a previously stolen refresh token to continue minting valid JWTs after the victim resets their password. This issue has be...

PT-2026-22631

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, shared view passwords were stored in plaintext in the database and compared using direct string equality. This issue has been patched in version 0.301.3...

Android XR Bulletin—March 2026Stay organized with collectionsSave and categorize content based on your preferences.

The XR Security Bulletin contains details of security vulnerabilities affecting the XR platform. The full XR update comprises the security patch level of 2026-03-05 or later from the March 2026 Android Security Bulletin in addition to all issues in this bulletin. We encourage all customers to...

Security update for haproxy (moderate)

openSUSE security update: security update for haproxy ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20290-1 Rating: moderate References: bsc1257521 bsc1257976 Cross-References: CVE-2026-26080 CVE-2026-26081 CVSS scores: CVE-2026-26080 SUSE : 7.5...

PT-2026-22560

Name of the Vulnerable Software and Affected Versions MediaTek chips affected versions not specified Description A logic error in the preloader component allows the reading of device unique identifiers. This can lead to local information disclosure if an attacker has physical access to the device...

Exploit for CVE-2026-3395

CVE‑2026‑3395 — MaxSite CMS Unauthenticated Remote Code Execut...

EUVD-2026-9130

A flaw has been found in MaxSite CMS up to 109.1. This impacts the function eval of the file application/maxsite/admin/plugins/editormarkitup/preview-ajax.php of the component MarkItUp Preview AJAX Endpoint. Executing a manipulation can lead to code injection. It is possible to launch the attack...

CVE-2026-28219

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an improper authorization check in the topic management logic allows authenticated users to modify privileged attributes of their topics. By manipulating specific parameters in a PUT or POST...

CVE-2026-28271 Kiteworks Core is vulnerable to Server-Side Request Forgery (SSRF)

Kiteworks is a private data network PDN. Prior to version 9.2.0, a vulnerability in Kiteworks configuration functionality allows bypassing of SSRF protections through DNS rebinding attacks. Malicious administrators could exploit this to access internal services that should be restricted. Version...

OPENSUSE-SU-2026:20283-1 Security update for libsoup2

This update for libsoup2 fixes the following issues: - CVE-2026-1761: incorrect length calculation when parsing of multipart HTTP responses can lead to a stack-based buffer overflow bsc1257598...

CVE-2026-3293

A weakness has been identified in snowflakedb snowflake-jdbc up to 4.0.1. Impacted is the function SdkProxyRoutePlanner of the file src/main/java/net/snowflake/client/internal/core/SdkProxyRoutePlanner.java of the component JDBC URL Handler. Executing a manipulation of the argument nonProxyHosts...

EUVD-2026-8989

A flaw has been found in libvips 8.19.0. This vulnerability affects the function vipsunpremultiplybuild of the file libvips/conversion/unpremultiply.c. Executing a manipulation of the argument alphaband can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been...

EUVD-2026-8990

A vulnerability has been found in libvips 8.19.0. This issue affects the function vipsextractbandbuild of the file libvips/conversion/extract.c. The manipulation of the argument extractband leads to out-of-bounds read. The attack needs to be performed locally. The exploit has been disclosed to th...

CVE-2026-3282

A flaw has been found in libvips 8.19.0. This vulnerability affects the function vipsunpremultiplybuild of the file libvips/conversion/unpremultiply.c. Executing a manipulation of the argument alphaband can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been...

CVE-2026-3282

A flaw has been found in libvips 8.19.0. This vulnerability affects the function vipsunpremultiplybuild of the file libvips/conversion/unpremultiply.c. Executing a manipulation of the argument alphaband can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been...

UBUNTU-CVE-2026-3281

A vulnerability was detected in libvips 8.19.0. This affects the function vipsbandrankbuild of the file libvips/conversion/bandrank.c. Performing a manipulation of the argument index results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit is now publ...

PT-2026-22288

A vulnerability was found in libvips 8.19.0. Impacted is the function vips extract area build of the file libvips/conversion/extract.c. The manipulation of the argument extract area results in integer overflow. The attack requires a local approach. The exploit has been made public and could be...

PT-2026-22396

Name of the Vulnerable Software and Affected Versions Kiteworks versions prior to 9.2.0 Description Kiteworks Email Protection Gateway contains a flaw that allows authenticated administrators to inject malicious scripts through a configuration interface. These scripts execute when users interact...