Moderate Photon OS Security Update - PHSA-2026-4.0-1020

Updates of 'curl' packages of Photon OS have been released...

EUVD-2026-30662

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the channel webhook create/update flow accepts arbitrary profileimageurl values, including data:image/svg+xml;base64,... payloads. The profile image endpoint then decodes and serves...

CVE-2026-44376

CubeCart is an ecommerce software solution. Prior to 6.7.0, an unauthenticated Reflected XSS vulnerability exists in the CubeCart v6.x search feature. Due to a logic flaw in classes/catalogue.class.php, user input is reflected without sanitization only when a search returns exactly one product...

Incorrect Authorization

Clerk is vulnerable to Incorrect Authorization. The vulnerability is due to improper request matching in createRouteMatcher, which allows an attacker to craft requests that bypass middleware protection and access downstream handlers...

CVE-2021-47967

PHP Timeclock 1.04 contains multiple cross-site scripting vulnerabilities that allow unauthenticated attackers to inject arbitrary JavaScript by manipulating URL paths and POST parameters. Attackers can append malicious payloads to login.php, timeclock.php, audit.php, and timerpt.php endpoints, o...

CVE-2021-47966 PHP Timeclock 1.04 SQL Injection via login.php

PHP Timeclock 1.04 contains time-based and boolean-based blind SQL injection vulnerabilities in the loginuserid parameter of login.php that allows unauthenticated attackers to extract database contents. Attackers can submit crafted POST requests with SQL payloads using SLEEP functions or RLIKE...

CVE-2026-44641 Microsoft APM: plugin.json component paths escape plugin root and copy arbitrary host files during install

Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.8.12, Microsoft APM normalizes marketplace plugins by copying plugin components referenced in plugin.json into .apm/. The manifest fields agents, skills, commands, and hooks are attacker-controlled, but...

BELL-CVE-2026-42926 CVE-2026-42926 does not affect BellSoft software

Bulletin has no description...

BELL-CVE-2026-40460

Bulletin has no description...

CVE-2026-41552

PDF Export Module used in DHTMLX’s Gantt and Scheduler is vulnerable to path traversal due to insufficient HTML sanitization. An unauthenticated user could craft a payload that references local server files and renders them in the generated PDF. The issue is fixed in PDF Export Module version 0.7...

RHSA-2026:17689 Red Hat Security Advisory: firefox security update

Bulletin has no description...

Multiple vulnerabilities in "Musetheque V4 Information Disclosure for IPKNOWLEDGE"

Overview Musetheque V4 Information Disclosure for IPKNOWLEDGE provided by Fujitsu Japan Limited contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2026-24662 Cross-site request forgery CWE-352 - CVE-2026-28761 Nozomi Iimura, Sho Odagiri of GMO Cybersecurity by Ierae...

BlueNoteMKVI PHP Timeclock 跨站脚本漏洞

BlueNoteMKVI PHP Timeclock is an employee attendance and working hours recording system developed by BlueNoteMKVI company, based on PHP and MySQL. Version 1.04 of PHP Timeclock contains a cross-site scripting vulnerability. This vulnerability stems from multiple cross-site scripting issues,...

CVE-2025-67031

ORSEE Online Recruitment System for Economic Experiments 3.1.0 contains an authenticated Remote Code Execution vulnerability in the participant profile field processing subsystem. Certain field configurations accept values beginning with the prefix "func:" which are passed directly into an eval...

Cisco Catalyst SD-WAN Controller Authentication Bypass (cisco-sa-sdwan-rpa2-v69WY2SW)

According to its self-reported version, Cisco SD-WAN Viptela Software is affected by a vulnerability. - A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an...

Exposure of Sensitive Information Through Environmental Variables

Overview utcp-cli is an UTCP communication protocol plugin for wrapping local command-line tools. Affected versions of this package are vulnerable to Exposure of Sensitive Information Through Environmental Variables via the prepareenvironment function. An attacker can access and exfiltrate...

Improper Authorization

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Improper Authorization via the bypassfilter parameter in the HTTP query string, which is unintentionally exposed in the route handler. An attacker can gain unauthorized access to restricted models by appendin...

CVE-2026-24000

Fleet is open source device management software. Prior to version 4.80.1, Fleet trusted client-supplied IP address headers when determining the source IP for incoming requests. This allowed authenticated and unauthenticated clients to spoof their apparent IP address and bypass per-IP rate limitin...

UBUNTU-CVE-2026-43907

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed integer overflow in QueryRGBBufferSizeInternal in DPXColorConverter.cpp leads to a heap-based out-of-bounds write when...

CVE-2026-44637 libsixel: integer overflow in parser

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a signed integer overflow in the SIXEL parser's image-buffer doubling loop can lead to an out-of-bounds heap write in sixeldecoderawimpl. context-posx grows by repeatcount on every sixel character wit...