Important: Red Hat Security Advisory: OpenShift Virtualization v4.17 Images

Red Hat OpenShift Virtualization release v4.17 is now available with updates to packages and images that fix several bugs and add enhancements. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift...

EUVD-2026-38276

Mattermost versions 11.7.x = 11.7.0, 10.11.x = 10.11.17 fail to validate bot targets when demoting users to guests which allows a lower-privileged administrator to degrade arbitrary bot accounts via the standard demote-user API.. Mattermost Advisory ID: MMSA-2026-00669...

EUVD-2026-38179

Craft CMS versions = 5.0.0-RC1, = 4.0.0-RC1, = 4.17.7 contain an authorization bypass in the assets/preview-file endpoint. The action does not enforce per-asset view authorization before returning preview content, allowing an authenticated low-privileged user to supply a controlled assetId for an...

CVE-2026-48137

There is an untrusted pointer dereference vulnerability in the NI grpc-device sideband streaming API that may allow an attacker to cause an arbitrary memory dereference, potentially resulting in remote code execution. Successful exploitation requires an attacker to supply a specially...

CVE-2026-9143 Incorrect Conversion between Numeric Types in NI grpc-device due to missing range checks in CodeGen

There is an incorrect conversion between numeric types vulnerability in NI grpc-device due to missing range checks in CodeGen. This may silently discard high bits if a size value exceeded the target type's range. This affects NI grpc-device 2.17.0 and prior versions...

CVE-2026-48140 Unchecked enum cast vulnerability in NI grpc-device in BeginSidebandStream

There is an unchecked enum cast vulnerability in NI grpc-device BeginSidebandStream that may allow an attacker to trigger invalid enum states and undefined behavior, potentially resulting in a denial of service. Successful exploitation requires an attacker to supply a specially crafted message...

CVE-2026-49871

The CVE-2026-49871 entry describes a CSRF vulnerability in the cas-auth plugin under default configurations, affecting Apache APISIX releases 3.0.0 through 3.16.0. A remote attacker who can lure a victim to a controlled webpage can cause the victim’s browser to be authenticated as a different ide...

EUVD-2026-38015

Incorrect Authorization vulnerability in Apache APISIX. An attacker can capitalise on authz-casdoor plugin under default configuration to authenticate themselves with credentials from a different source. This issue affects Apache APISIX: from 2.14.1 through 3.16.0. Users are recommended to upgrad...

CVE-2026-44942

A path traversal in handling the "path" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could be used by attackers to fill directories on the system outside of the zypp cache with content...

CVE-2025-69162

Unauthenticated Local File Inclusion in Grecko = 5.17 versions...

CVE-2026-46884

Vulnerability in the Siebel Apps - Marketing product of Oracle Siebel CRM component: Marketing. Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel Apps - Marketing. Successful attac...

CVE-2025-69162 WordPress Grecko theme <= 5.17 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Grecko = 5.17 versions...

PT-2026-50025

Name of the Vulnerable Software and Affected Versions Oracle Siebel CRM Siebel CRM Cloud Applications versions 17.0 through 26.5 Description An issue exists in the Siebel Cloud Manager component of Oracle Siebel CRM Cloud Applications. An unauthenticated attacker with network access via HTTP can...

Android 17 Security Release NotesStay organized with collectionsSave and categorize content based on your preferences.

This Android Security Release Notes contains details of security vulnerabilities affecting Android devices which are addressed as part of Android 17. Android 17 devices with a security patch level of 2026-07-01 or later are protected against these issues Android 17, as released on AOSP, will have...

CVE-2026-52702 WordPress SEO Redirection plugin <= 9.17 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in SEO Redirection = 9.17 versions...

EUVD-2026-37003

Unauthenticated Cross Site Scripting XSS in SEO Redirection = 9.17 versions...

CVE-2026-52702 WordPress SEO Redirection plugin <= 9.17 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in SEO Redirection = 9.17 versions...

CVE-2026-52702

CVE-2026-52702 affects the WordPress plugin “SEO Redirection” (versions ≤ 9.17). The vulnerability is an unauthenticated Cross Site Scripting (XSS) flaw reported in multiple sources. The connected documents identify the affected product and version range and confirm an XSS impact but do not provi...

PT-2026-49392

Unauthenticated Cross Site Scripting XSS in Paid Member Subscriptions = 2.17.3 versions...

PT-2026-49524

Unauthenticated Cross Site Scripting XSS in SEO Redirection = 9.17 versions...