EUVD-2026-14967

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.2, password reset tokens in Wallos never expire. The passwordresets table includes a createdat timestamp column, but the token validation logic never checks it. A password reset token remains valid...

CVE-2026-33473

Vikunja is an open-source self-hosted task management platform. Starting in version 0.13 and prior to version 2.2.1, any user that has enabled 2FA can have their TOTP reused during the standard 30 second validity window. Version 2.2.1 patches the issue...

Malicious code in nodecognivault (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7709482c6e8d04dee2a9310780eff8f0f31cb64800273088f08a5cd1a8570c0a The package nodecognivault was found to contain malicious code...

MAL-2026-2359 Malicious code in env-embed (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb6e9ae149bf8b69194b4ae8fea78a4f31cbd1c01a9f65a188c063380b5c1d34 The package env-embed was found to contain malicious code...

Malicious code in deriv_ppetest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 61958a4979f72a02b66fa1076fda768ab5e13ecb3f565e75e3c2fdce8ae7f4e3 The package derivppetest was found to contain malicious code...

CVE-2019-25630

PhreeBooks ERP 5.2.3 contains an arbitrary file upload vulnerability in the Image Manager component that allows authenticated attackers to upload malicious files by submitting requests to the image upload endpoint. Attackers can upload PHP files through the imgFile parameter to the...

CVE-2019-25644 WinMPG Video Convert 9.3.5 Buffer Overflow Local Denial of Service

WinMPG Video Convert 9.3.5 and older versions contain a buffer overflow vulnerability in the registration dialog that allows local attackers to crash the application by supplying oversized input. Attackers can paste a large payload of 6000 bytes into the Name and Registration Code field to trigge...

CVE-2019-25630

PhreeBooks ERP 5.2.3 contains an arbitrary file upload vulnerability in the Image Manager component that allows authenticated attackers to upload malicious files by submitting requests to the image upload endpoint. Attackers can upload PHP files through the imgFile parameter to the...

CVE-2026-4739

A flaw was found in InsightSoftwareConsortium ITK, specifically within its Expat modules. This integer overflow or wraparound vulnerability can be exploited by a remote attacker without requiring authentication. Successful exploitation could lead to arbitrary code execution, allowing the attacker...

RHSA-2026:5436 Red Hat Security Advisory: gimp:2.8 security update

Bulletin has no description...

RHSA-2026:5389 Red Hat Security Advisory: gimp security update

Bulletin has no description...

CVE-2026-33252

A flaw was found in the Go MCP SDK's Streamable HTTP transport, which uses Go's standard encoding/json package. In deployments without authorization, a remote attacker can exploit this Cross-Site Request Forgery CSRF vulnerability. By sending browser-generated cross-site POST requests to a local...

EUVD-2026-14742

Vitals ESP developed by Galaxy Software Services has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to execute certain functions to obtain sensitive information...

EUVD-2026-14707

Integer Overflow or Wraparound vulnerability in InsightSoftwareConsortium ITK ‎Modules/ThirdParty/Expat/src/expat modules.This issue affects ITK: before 2.7.1...

EUVD-2026-14740

Vitals ESP developed by Galaxy Software Services has a Incorrect Authorization vulnerability, allowing authenticated remote attackers to perform certain administrative functions, thereby escalating privileges...

BELL-CVE-2026-33210 CVE-2026-33210 does not affect BellSoft software

Bulletin has no description...

CVE-2026-4639

Vitals ESP developed by Galaxy Software Services has a Incorrect Authorization vulnerability, allowing authenticated remote attackers to perform certain administrative functions, thereby escalating privileges...

CVE-2026-4640

Vitals ESP developed by Galaxy Software Services has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to execute certain functions to obtain sensitive information...

CVE-2026-4640 Galaxy Software Services｜Vitals ESP - Missing Authentication

Vitals ESP developed by Galaxy Software Services has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to execute certain functions to obtain sensitive information...

CVE-2026-4640

Vitals ESP developed by Galaxy Software Services has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to execute certain functions to obtain sensitive information...