CVE-2026-42860

The CVE-2026-42860 issue affects Open edX Openedx Enterprise Service (edx-enterprise). From 7.0.2 through 7.0.4, the sync_provider_data endpoint retrieves SAML metadata from a URL stored in SAMLProviderConfig.metadata_source. An authenticated Enterprise Admin can PATCH this field to an arbitrary ...

phpVMS has an /importer authorization bypass causing full database wipe

Security Advisory: Unauthenticated Access to Legacy Import Feature Severity: Critical Affected versions: phpVMS 7.x up to 7.0.5 Fixed in: v7.0.6 Component: Legacy importer Summary A critical vulnerability in phpVMS 7.x allowed unauthenticated access to a legacy import feature. Although this featu...

CVE-2026-7705

A flaw has been found in JD Cloud JDCOS 4.5.1.r4518. This vulnerability affects the function setiptvinfo of the file /jdcap of the component Service Interface. Executing a manipulation of the argument vid can lead to command injection. It is possible to launch the attack remotely. The exploit has...

CVE-2025-67705

creationtimestamp| type| source ---|---|--- 2026-01-01 00:36:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mbd56v7z2r2c 2026-01-02 18:51:10+00:00| seen| Telegram/jewkuyTggD2PWaKrabPFdcCxroyUzLRM-AR1O-LdmNxSvc...

Suricata security breach

Suricata is a suite of network intrusion detection systems IDS, intrusion prevention systems IPS, and network security monitoring engines developed by the Open Information Security Foundation OISF and its supporting vendors, which supports multi-threading, built-in IPv6, and the ability to load...

DEBIAN-CVE-2024-32663

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, a small amount of HTTP/2 traffic can lead to Suricata using a large amount of memory. The issue has been addressed in Suricata 7.0.5 and 6.0.19...

Suricata 安全漏洞

Suricata is a suite of network Intrusion Detection Systems IDS, Intrusion Prevention Systems IPS, and network security monitoring engines developed by the Open Information Security Foundation OISF and its supporting vendors, which supports multi-threading, built-in IPv6, and the ability to load...

SUSE CVE-2016-4072

The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of \0 characters by the pharanalyzepath function in ext/phar/phar.c...

Couchbase Server 安全漏洞

Couchbase Server is a distributed, open source NoSQL non-relational database from Couchbase, Inc. that supports data querying, full-text searching, and active global replication. A security vulnerability exists in Couchbase Server versions prior to 6.6.6, 7.x through 7.0.5, and 7.1.x through 7.1....

CVE-2022-34092

Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting XSS vulnerability via svg2img.php...

i3geo 跨站脚本漏洞

i3geo is a saladesituacao open source application for developing interactive web maps. A security vulnerability exists in Portal do Software Publico Brasileiro i3geo version v7.0.5, which originates from a security issue in the svg2img.php file...

i3geo 跨站脚本漏洞

i3geo is a saladesituacao open source application for developing interactive web maps. A security vulnerability exists in Portal do Software Publico Brasileiro i3geo version v7.0.5, which originates from the presence of XSS in accesstoken.php...

IBM UrbanCode Deploy Information Disclosure Vulnerability (CNVD-2020-24013)

IBM UrbanCode Deploy UCD is a set of application automation deployment tools from IBM in the United States. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different environments, su...