CVE-2026-12781

A vulnerability was identified in EaseUS Partition Master up to 14.5. The affected element is an unknown function in the library epmntdrv.sys of the component Kernel Driver. The manipulation leads to improper access controls. The attack needs to be performed locally. The exploit is publicly...

Astra Linux – Vulnerability in ffmpeg5

When decoding an OpenEXR file that uses DWAA or DWAB compression, there is an implicit assumption that the height and width are divisible by 8. If the height or width of the image is not divisible by 8, the copy operation will loop at positions 0 and 1, continuing to write until a multiple of 8 i...

n8n: Credential Exfiltration via Permission Bypass

Impact A member-level user with editor access to a shared workflow could reference credentials they do not own via specific public API endpoints. Credential ownership checks were only enforced partially leading to cross-user credential access. This issue affects instances where workflow sharing i...

EUVD-2026-36672

A vulnerability was identified in VS Revo RevoUninstaller 2.5.x/2.6.x. The affected element is the function IOCtlHandler in the library RevoDetector.sys of the component IOCTL Handler. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is...

Exploit for Improper Handling of Length Parameter Inconsistency in Mongodb

CVE-2025-14847-mongobleed CVE-2025-14847 mongobleed python fil...

CVE-2026-50633

The CVE-2026-50633 issue is a JNDI Injection vulnerability in Apache CXF’s JCA integration module (DispatchMDBMessageListenerImpl). The vulnerability allows code execution when an attacker can manipulate the JCA deployment descriptor (ra.xml) or runtime activation parameters. Affected software is...

NULL Pointer Dereference

Overview Magick.NET-Q16-HDRI-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to insufficient access controls on the API endpoints handling unlisted questions. An attacker can retrieve sensitive content, including unlisted questions, their answers, comments, and revision history, by...

EUVD-2026-35368

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Timeline-related APIs lacked proper authorization checks, allowing regular authenticated users to access deleted, private, or unapproved content and i...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.20 CNF IBU extras update

An update for ibu components is available for Red Hat OpenShift Container Platform 4.20. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the extra ibu container...

EulerOS Virtualization 2.12.0 : python-pip (EulerOS-SA-2026-2111)

According to the versions of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in...

CVE-2026-29220

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

SUSE CVE-2026-45155

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.7 and 33.0.0 to before 33.0.1, a missing access check on API level allowed to add unknown circles by their ID directly to other circles. Since circle IDs have 62^15 complexity by...

TencentOS Server 4: squid (TSSA-2026:0346)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0346 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

EUVD-2026-33964

Insufficient access control restrictions in the file write tool in Amazon Kiro IDE before version 0.11 might allow remote unauthenticated actors to execute arbitrary commands via crafted instructions that cause writes to execution-sensitive paths such as .vscode/tasks.json, enabling auto-executio...

EUVD-2026-33842

Kiteworks is a private data network PDN. Prior to version 9.3.0,ultiple SQL Injection vulnerabilities in Kiteworks Secure Data Forms could be exploited by an authenticated attacker with the FormBuilder role to retrieve information on or modify other users' form definitions and some global...

CVE-2026-4392 TeamSpeak 3 Server clientek Handshake assertion

A vulnerability was detected in TeamSpeak 3 Server up to 3.13.7. This issue affects some unknown processing of the component clientek Handshake Handler. Performing a manipulation of the argument proof results in reachable assertion. Remote exploitation of the attack is possible. Upgrading to...

CVE-2026-9581 JeecgBoot add access control

A vulnerability was identified in JeecgBoot up to 3.9.1. The impacted element is an unknown function of the file /sys/comment/add. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit is publicly available and might be used. Upgrading to version...

CVE-2026-44417 Apache CXF: Incomplete fix for CVE-2025-48913 (Untrusted JMS configuration can lead to RCE)

The fix for CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE was not complete, meaning that another path in the code might lead to code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended to upgrade to versions 4.2.1...

PT-2026-42754

Insecure XML parser configuration in Apache CXF's WS-Transfer module may allow attackers to perform XXE attacks. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue...