EUVD-2026-32514

Jenkins AppSpider Plugin 1.0.17 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to connect to an attacker-specified URL...

CVE-2026-48923

Jenkins AppSpider Plugin 1.0.17 and earlier is affected by a permission-check bypass in a form-validation method. The issue allows attackers with Overall/Read permissions to connect to an attacker-specified URL, enabling potential external requests from the plugin context. The affected component ...

EUVD-2026-32183

Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded allows Input Data Manipulation.This issue affects Ads by WPQuads: from n/a through = 3.0.2...

CLEANSTART-2026-VT65447 Security fixes for CVE-2025-11579, CVE-2026-21726, CVE-2026-24051, CVE-2026-25934, CVE-2026-26958, CVE-2026-32281, CVE-2026-32283, CVE-2026-32287, CVE-2026-33186, CVE-2026-33762, CVE-2026-33810, CVE-2026-34040, CVE-2026-34165, CVE-2026-34986, CVE-2026-39882, CVE-2026-39883, CVE-2026-41506, CVE-2026-41602, ghsa-37cx-329c-33x3, ghsa-3xc5-wrhm-f963, ghsa-497x-rrr9-68jp, ghsa-6g7g-w4f8-9c9x, ghsa-fw7p-63qq-7hpr, ghsa-w8rr-5gcm-pp58, ghsa-wf45-q9ch-q8gh, ghsa-xmrv-pmrh-hhx2 applied in versions: 1.13.2-r0, 1.14.1-r0, 1.14.2-r0, 1.14.2-r1, 1.15.1-r1, 1.16.0-r0

Multiple security vulnerabilities affect the grafana-alloy package. These issues are resolved in later releases. See references for individual vulnerability details...

PT-2026-40978

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server 2016 affected versions not specified Microsoft Exchange Server 2019 affected versions not specified Microsoft Exchange Server Subscription Edition affected versions not specified Description An issue exists in the...

CVE-2026-43429

In the Linux kernel, the following vulnerability has been resolved: USB: usbtmc: Use usbbulkmsgkillable with user-specified timeouts The usbtmc driver accepts timeout values specified by the user in an ioctl command, and uses these timeouts for some usbbulkmsg calls. Since the user can specify...

Linux Distros Unpatched Vulnerability : CVE-2026-40394

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a workspace overflow denial of service daemon panic for certain amounts of prefetche...

BIT-GITLAB-2025-13078 Improper Validation of Specified Quantity in Input in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to cause a denial of service due to excessive resource consumption when processing certain webhook configurati...

PT-2026-28440

Name of the Vulnerable Software and Affected Versions BUFFALO Wi-Fi router products affected versions not specified Description A code injection issue exists in BUFFALO Wi-Fi router products. Successful exploitation of this issue could allow for the execution of arbitrary code on affected devices...

PT-2026-28294

Name of the Vulnerable Software and Affected Versions HCL Aftermarket DPC affected versions not specified Description The software is susceptible to a weak password policy, which simplifies unauthorized access to user accounts by enabling attackers to guess passwords or employ brute-force methods...

GO-2026-4778 Juju affected by Confused Deputy IDOR attack via Predictable user specified ID in Juju Secrets in github.com/juju/juju

Juju affected by Confused Deputy IDOR attack via Predictable user specified ID in Juju Secrets in github.com/juju/juju...

Siemens APE1808 Incorrect Provision of Specified Functionality (CVE-2025-58325)

An Incorrect Provision of Specified Functionality vulnerability CWE-684 in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2.5 through 7.2.10, 7.0.0 through 7.0.15, 6.4 all versions may allow a local authenticated attacker to execute system commands via crafted CLI commands. This plugin only works with...

EUVD-2025-208574

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to cause a denial of service condition due to improper input validation on webhook custom header names under...

PT-2026-7015

Name of the Vulnerable Software and Affected Versions Great Developers Certificate Generation System affected versions not specified Description A security issue exists in Great Developers Certificate Generation System. The issue involves unrestricted upload due to manipulation of the file...

PT-2026-6780

Name of the Vulnerable Software and Affected Versions Tanium Client affected versions not specified Description Tanium Client is subject to a denial of service condition. The vulnerability allows for a denial of service. Recommendations At the moment, there is no information about a newer version...

PT-2026-6624

Name of the Vulnerable Software and Affected Versions Tanium Discover affected versions not specified Description Tanium Discover was found to have an incorrect default permissions setting. This could potentially allow unauthorized access or modification of data. Recommendations At the moment,...

PT-2026-6619

Name of the Vulnerable Software and Affected Versions Tanium Threat Response affected versions not specified Description Tanium Threat Response contains an information disclosure issue. The vulnerability allows for the potential exposure of information. Recommendations At the moment, there is no...

PT-2026-6604

Name of the Vulnerable Software and Affected Versions Tanium Interact affected versions not specified Description Tanium Interact was found to have improper access controls. This allows unauthorized access to resources. Recommendations At the moment, there is no information about a newer version...

CVE-2025-13348

An improper access control vulnerability exists in ASUS Secure Delete Driver of ASUS Business Manager. This vulnerability can be triggered by a local user sending a specially crafted request, potentially leading to the creation of arbitrary files in a specified path. Refer to the "Security Update...

CVE-2025-13348

Summary : CVE-2025-13348 describes an improper access control vulnerability in the ASUS Secure Delete Driver of ASUS Business Manager. A local attacker can trigger it with a crafted request, potentially enabling creation of arbitrary files in a specified path. This is tied to ASUS Security Adviso...