CVE-2026-1577

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic...

CVE-2026-3345 Path Traversal and Arbitrary File Write Vulnerability in IBM Langflow Desktop API v2 File Upload Endpoint

IBM Langflow Desktop =1.8.4 Langflow could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

CVE-2026-35569

ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a stored cross-site scripting vulnerability in SEO-related fields SEO Title and Meta Description, where user-controlled input is rendered without proper output encoding into HTML contexts includin...

EUVD-2025-209597

Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radiusaddress POST parameter is split and interpolated directly into a sed command without sanitization. An unauthenticated remote attacker can...

Vuln2Secure-A-Secure-Software-Design-Testing-Framework

No d...

EUVD-2026-26390

Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation. This issue affects MOVEit Automation: from 2025.1.0 before 2025.1.5, from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0...

EUVD-2026-26389

Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass. This issue affects MOVEit Automation: from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0...

CVE-2026-7402

Improper Control of Interaction Frequency vulnerability in MeWare Software Development Inc. PDKS allows Flooding. This issue affects PDKS: from V16.20200313 before VMYR3.5.2025117...

EUVD-2026-26372

Improper Control of Interaction Frequency vulnerability in MeWare Software Development Inc. PDKS allows Flooding. This issue affects PDKS: from V16.20200313 before VMYR3.5.2025117...

CVE-2026-7402 Improper Rate Limiting in MeWare Software's PDKS

Improper Control of Interaction Frequency vulnerability in MeWare Software Development Inc. PDKS allows Flooding. This issue affects PDKS: from V16.20200313 before VMYR3.5.2025117...

CVE-2026-7399

CVE-2026-7399 describes an authorization bypass via a user-controlled key in MeWare Software Development Inc. PDKS, enabling privilege abuse. Affected: PDKS versions from V16.20200313 up to before VMYR_3.5.2025117. The vulnerability is classified with CVSS 3.1 base score 8.1 (High), with attack v...

EUVD-2026-26371

Authorization bypass through User-Controlled key vulnerability in MeWare Software Development Inc. PDKS allows Privilege Abuse. This issue affects PDKS: from V16.20200313 before VMYR3.5.2025117...

EUVD-2026-26370

Exposure of Sensitive Information to an Unauthorized Actor, Exposure of private personal information to an unauthorized actor vulnerability in MeWare Software Development Inc. PDKS allows Excavation. This issue affects PDKS: from V16.20200313 before VMYR3.5.2025117...

CVE-2026-7382

Technical details for CVE-2026-7382 are not publicly provided in the supplied documents; they only note an information disclosure in MeWare PDKS with a version range, with no specifics on components, root cause, impact, or remediation.

Security Bulletin: IBM Maximo Application Suite uses axios-1.12.2.tgz which is vulnerable to CVE-2026-25639.

Summary IBM Maximo Application Suite uses axios-1.12.2.tgz which is vulnerable to CVE-2026-25639. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-25639 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.j...

MAL-2026-3198 Malicious code in timecurrently (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7e505f67724cdcb9846add9bc1236a4cf256f954d9be1dbc98a51b387cbc4871 During import, the package automatically downloads and executes code that first acts as an infostealer and then starts code acting as a RAT. It connects with a...

UBUNTU-CVE-2026-5408

BT-DHT protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

UBUNTU-CVE-2026-7375

UDS protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

CVE-2026-7447

A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file /admin/updatecustomer.php. This manipulation of the argument type/length/business parameter validity causes sql injection. The attack is possible to be carried out...

CVE-2026-7447 SourceCodester Pet Grooming Management Software update_customer.php sql injection

A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file /admin/updatecustomer.php. This manipulation of the argument type/length/business parameter validity causes sql injection. The attack is possible to be carried out...