CVE-2025-15619

Technical details about CVE-2025-15619 are not publicly available in the provided documents. No affected products, versions, or remediation are specified. Monitor for updates.

EUVD-2025-210310

HCL Connections contains a broken access control vulnerability that may allow an unauthorized user to view data in a single specific scenario...

Astra Linux – Vulnerability in Ruby 2.5

REXML is an XML toolkit for Ruby. The REXML gem before version 3.3.2 had some DoS vulnerabilities when parsing XML that contained many special characters, such as whitespace characters, , , and . The REXML gem versions 3.3.3 or later include patches to fix these vulnerabilities...

Astra Linux – Vulnerability in Squid

A issue was discovered in Squid 4.x before 4.15, and in 5.x before 5.0.6. If a remote server sends a certain response header via HTTP or HTTPS, it can lead to a denial of service. This header can potentially appear in legitimate network traffic...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: x86/amdnb: The function amdgetmmconfigrange uses rdmsrsafe, which should not be used without proper safeguards. Xen does not provide the MSRFAM10HMMIOCONFbase to all guests. This results in the following warning: Unchecked MSR...

CVE-2026-54362 MISP template builder exposes non-visible custom galaxies across organisations

An incorrect visibility condition in the MISP event template builder allowed authenticated non-site-admin users to view galaxies that should not have been visible to their organisation. The custom access-control condition intended to restrict galaxies to those owned by the user’s organisation or...

CVE-2026-44743

Under certain conditions, when an unauthorized attacker accesses a specific endpoint, SAP Business Objects application leaks sensitive information .This has a low impact on the confidentiality of the data. There is no impact on integrity and availability of the application...

CVE-2026-47921

Acrobat Reader is affected by a Use After Free (CWE-416) in versions 24.001.30365, 26.001.21651 and earlier, potentially allowing arbitrary code execution in the context of the current user. Exploitation requires user interaction (opening a malicious file). Root cause is use-after-free in the aff...

CVE-2026-47911 Acrobat Reader | Out-of-bounds Write (CWE-787)

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

EUVD-2026-35793

A flaw exists in the FlashArray Purity management interface where an authenticated low-privileged user may, under specific conditions, access functionality beyond their assigned privileges...

CVE-2026-44743

Under certain conditions, when an unauthorized attacker accesses a specific endpoint, SAP Business Objects application leaks sensitive information .This has a low impact on the confidentiality of the data. There is no impact on integrity and availability of the application...

EUVD-2026-35280

Under certain conditions, when an unauthorized attacker accesses a specific endpoint, SAP Business Objects application leaks sensitive information .This has a low impact on the confidentiality of the data. There is no impact on integrity and availability of the application...

PT-2026-47531

Under certain conditions, when an unauthorized attacker accesses a specific endpoint, SAP Business Objects application leaks sensitive information .This has a low impact on the confidentiality of the data. There is no impact on integrity and availability of the application...

PT-2026-47466

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description An integer overflow exists in libyuv. This issue allows a remote attacker who has already compromised the renderer process to potentially achieve a sandbox escape by using a specially...

CVE-2026-11206

A policy bypass flaw was found in the ServiceWorker component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=505427216...

Unbreakable Enterprise kernel security update

6.12.0-203.76.7.3 - arm64: errata: Mitigate TLBI errata on various Arm CPUs Mark Rutland Orabug: 39017589 CVE-2025-10263 - arm64: tlb: Add ARM64WORKAROUNDREPEATTLBISYNC Mark Rutland Orabug: 39017589 - arm64: tlb: allow XZR argument to TLBI ops Mark Rutland Orabug: 39017589 - arm64: cputype: Add...

CVE-2026-37711

An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/core/actionsaddupdatedelete.inc.php...

CVE-2026-0204

A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessible under specific conditions...

CVE-2025-41011

HTML injection vulnerability in PHP Point of Sale v19.4. This vulnerability allows an attacker to render HTML in the victim's browser due to a lack of proper validation of user input by sending a request to '/reports/generate/specificcustomer', ussing 'startdateformatted' y 'enddateformatted'...

CVE-2026-6888

Successful exploitation of the SQL injection vulnerability could allow a remote authenticated attacker to execute arbitrary commands via a specific interface, potentially enabling the attacker to access, modify, or delete sensitive information within the database...