p11-kit security update

An update is available for p11-kit. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The p11-kit packages provide a mechanism to manage PKCS11 modules. The...

Casdoor 安全漏洞

Casdoor is an open-source platform developed by Casdoor that supports various authentication and authorization protocols. Versions of Casdoor 2.362.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the SAML service provider’s failure to validate the...

PT-2026-43262

A security flaw has been discovered in Das Parking Management System 停车场管理系统 6.2.0. This vulnerability affects unknown code of the component Search API Endpoint. The manipulation of the argument Value results in sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2026-40638

Dell PowerScale InsightIQ, versions 5.0.0 through 6.2.0, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges...

PT-2026-40029

Dell PowerScale InsightIQ, versions 5.0.0 through 6.2.0, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges...

CVE-2026-6796 Sanluan PublicCMS Failed Login LoginAdminController.java log_login cleartext storage in file

A vulnerability was determined in Sanluan PublicCMS up to 6.202506.d. Affected is the function loglogin of the file core/src/main/java/com/publiccms/controller/admin/LoginAdminController.java of the component Failed Login Handler. This manipulation of the argument errorPassword causes cleartext...

PT-2026-30809

Cross-Site Request Forgery CSRF vulnerability in Analytify Simple Social Media Share Buttons allows Cross Site Request Forgery.This issue affects Simple Social Media Share Buttons: from n/a through 6.2.0...

EUVD-2025-208897

A weak authentication vulnerability has been reported to affect QHora. If an attacker gains local network access, they can then exploit the vulnerability to gain sensitive information. We have already fixed the vulnerability in the following version: QuRouter 2.6.2.007 and later...

CVE-2025-62844

A weak authentication vulnerability has been reported to affect QHora. If an attacker gains local network access, they can then exploit the vulnerability to gain sensitive information. We have already fixed the vulnerability in the following version: QuRouter 2.6.2.007 and later...

CVE-2026-22735

CVE-2026-22735 affects Spring MVC and Spring WebFlux applications via Server-Sent Events (SSE) stream handling. Concrete details in the connected documents show impact on Spring Framework components: Spring Foundation versions 5.3.0–5.3.46, 6.1.0–6.1.25, 6.2.0–6.2.16, and 7.0.0–7.0.5 experience s...

CVE-2026-22735

Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events SSE. This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46...

org.apache.activemq.tooling:activemq-maven-plugin (=6.2.0), org.apache.activemq:activemq-osgi (=6.2.0) +4 more potentially affected by CVE-2025-66168 +1 more via org.apache.activemq:activemq-all (=6.2.0)

org.apache.activemq:activemq-all MAVEN version =6.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.activemq:activemq-all and may be impacted: - org.apache.activemq.tooling:activemq-maven-plugin =6.2.0 - org.apache.activemq:activemq-osgi...

CVE-2026-26989

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are affected by a Stored Cross-Site Scripting XSS vulnerability in the Alert Rules workflow. An attacker with administrative privileges can inject malicious scripts that execute in the browser...

WordPress plugin WP Plugin Info Card 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are vulnerable to Information Disclosure (CVE-2025-36002)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the information disclosure vulnerability Vulnerability Details CVEID:CVE-2025-36002 DESCRIPTION: IBM Sterling B2B Integrator stores user credentials in configuration files which can be read by a local user...

Das Parking Management System SQL注入漏洞

Das Parking Management System is a parking management system from Das Corporation. A SQL injection vulnerability exists in Das Parking Management System version 6.2.0, which is caused by incorrect manipulation of the parameter vehicleTypeCode in the file /vehicle/search...

CVE-2024-49808

IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 could allow an authenticated user to spoof the identity of another user due to improper authorization which could allow the user to bypass access restrictions...

Security update for pcp

This update for pcp fixes the following issues: CVE-2024-45770: Fixed pmpost symlink attack allowing escalating pcp to root user bsc1230552. CVE-2024-45769: Fixed pmcd heap corruption through metric pmstore operations bsc1230551. CVE-2024-3019: Fixed exposure of the redis backend server allowing...

CVE-2024-45089

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition EBICS server could allow an authenticated user to obtain sensitive filename information due to an observable discrepancy...

app.valuationcontrol:library (>=0.5.2 <=0.5.6), app.valuationcontrol:webservice (>=0.5.0 <=0.5.1) +2196 more potentially affected by CVE-2024-38827 via org.springframework.security:spring-security-core (>=6.2.0 <=6.2.7)

org.springframework.security:spring-security-core MAVEN version =6.2.0, =0.5.2, =0.5.0, =7.0.0, =1.0.0, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.6, =1.0.31 and more Source cves: CVE-2024-38827 Source advisory: OSV:GHSA-Q3V6-HM2V-PW99...