EUVD-2026-19808

ChurchCRM is an open-source church management system. Prior to 7.1.0, the GroupPropsFormRowOps.php file contains a SQL injection vulnerability. User input in the Field parameter is directly inserted into SQL queries without proper sanitization. The mysqlirealescapestring function does not escape...

PYSEC-2026-124

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the safeextractall function in src/pyload/plugins/extractors/UnTar.py uses os.path.commonprefix for its path traversal check, which performs character-level string comparison rather than path-level...

Cybersecurity in the Age of Instant Software

AI is rapidly changing how software is written, deployed, and used. Trends point to a future where AIs can write custom software quickly and easily: "instant software." Taken to an extreme, it might become easier for a user to have an AI write an application on demand--a spreadsheet, for...

CVE-2026-26027

GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated user can store an XSS payload through the inventory endpoint. This vulnerability is fixed in 11.0.6...

CVE-2026-26263

GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated time-based blind SQL injection exists in GLPI's Search engine. This vulnerability is fixed in 11.0.6...

CVE-2025-24819

Nokia MantaRay NM is vulnerable to a Relative Path Traversal vulnerability due to improper validation of input parameter on the file system in Software Manager application...

EUVD-2026-19701

An issue that could allow access to Explorer groups from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L 4.4 Medium. This issue was fixed in...

CVE-2026-35571 Emissary has Stored XSS via Navigation Template Link Injection

Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, Mustache navigation templates interpolated configuration-controlled link values directly into href attributes without URL scheme validation. An administrator who could modify the navItems configuration could inject javascript:...

CVE-2025-24819 A Relative Path Traversal vulnerability in Nokia MantaRay NM

Nokia MantaRay NM is vulnerable to a Relative Path Traversal vulnerability due to improper validation of input parameter on the file system in Software Manager application...

CVE-2025-24819

Nokia MantaRay NM is vulnerable to a Relative Path Traversal vulnerability due to improper validation of input parameter on the file system in Software Manager application...

CVE-2025-24819

CVE-2025-24819 : Nokia MantaRay NM’s Software Manager is vulnerable to a Relative Path Traversal due to improper validation of input on the file system. The connected sources corroborate this description; however, no product version, affected component details, exploit information, or remediation...

CVE-2025-24819 A Relative Path Traversal vulnerability in Nokia MantaRay NM

Nokia MantaRay NM is vulnerable to a Relative Path Traversal vulnerability due to improper validation of input parameter on the file system in Software Manager application...

Important: Red Hat Security Advisory: Red Hat Developer Hub 1.9.3 release.

Red Hat Developer Hub 1.9.3 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

opencryptoki security update

An update is available for opencryptoki. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The opencryptoki packages contain version 2.11 of the PKCS11 API,...

CVE-2024-43028

creationtimestamp| type| source ---|---|--- 2026-04-07 09:40:09+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mivicunecn2a 2026-04-07 10:00:56+00:00| seen| https://bsky.app/profile/potato.software/post/3mivjhz5lhn2n...

EUVD-2025-209255

Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT...

CVE-2025-65116

Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Deskt...

CVE-2025-65115

Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT...

CVE-2025-65116 Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 and JP1/NETM/DM

Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Deskt...

CVE-2025-65116

Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management - Manager on Windows, Job Management Partner 1/IT Deskt...