CVE-2026-42490

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. To create and manage guests, domctl operations are used by the control domain, a possible Xenstore domain, or by a domain controlling a particular guest. Some of these...

EUVD-2026-37890

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. To create and manage guests, domctl operations are used by the control domain, a possible Xenstore domain, or by a domain controlling a particular guest. Some of these...

CVE-2026-42489

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. To create and manage guests, domctl operations are used by the control domain, a possible Xenstore domain, or by a domain controlling a particular guest. Some of these...

CVE-2026-42490

CVE-2026-42490 : The supplied documents describe a vulnerability in Xen domctl lock handling. When XSM/Flask is in use, certain domctl operations acquire the system-wide lock before performing permission checks, meaning lock acquisition may occur ahead of authorization. The root cause is a non-fa...

CVE-2026-6040

A vulnerability was found in LibreOffice. If a user inadvertently opens a malicious OpenDocument Format ODF file, an attacker could execute unauthorized code and potentially gain full control of the system. Mitigation Users should exercise caution and avoid opening untrusted OpenDocument Format O...

ROOT-OS-DEBIAN-12-CVE-2026-46520 CVE-2026-46520 in rootio-imagemagick - Patched by Root

Root has patched CVE-2026-46520 in the rootio-imagemagick package for Root:Debian:12. Multiple fixed versions available...

CVE-2026-40457

A Reflected Cross-Site Scripting XSS vulnerability exists in LMS LAN Management System before commit 9c5651b in the "dbrecover.php" and "netremap.php" modules where unsanitized GET parameters are directly embedded into HTML output. This allows an attacker to inject arbitrary JavaScript when an...

EUVD-2026-37876

A Reflected Cross-Site Scripting XSS vulnerability exists in LMS LAN Management System before commit 9c5651b in the "dbrecover.php" and "netremap.php" modules where unsanitized GET parameters are directly embedded into HTML output. This allows an attacker to inject arbitrary JavaScript when an...

EUVD-2026-37875

An OS Command Injection vulnerability exists in LMS LAN Management System before commit 9fcb4de due to an IP address parameter being passed to the "exec" function without proper validation, allowing attackers to execute arbitrary operating system commands...

CVE-2026-40455

Affected software: LMS (LAN Management System). Vulnerability: SQL Injection in the tarifflist.php module caused by insufficient sanitization of the POST tg[] parameter; the code concatenates user-supplied array values into an SQL query using implode(). Impact / access: authenticated attackers ca...

EUVD-2026-37872

claudiopizzillo PIAF-HMS PBX-In-A-Flash Hotel Management System; no released versions, latest commit 389d2633441b65ced1c104212cd62be2bfca21e5 contains multiple unauthenticated SQL injection vulnerabilities. The application has no authentication mechanism and passes user-supplied HTTP parameters...

MINI-W7CJ-CC2Q-JXF5

Bulletin has no description...

CVE-2026-40624

creationtimestamp| type| source ---|---|--- 2026-06-18 05:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-169-01 2026-06-19 04:03:30+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3momhk3tmue2g 2026-06-19 05:01:02+00:00| seen|...

CVE-2026-48523 vulnerabilities

Vulnerabilities for packages: superset, ggshield, datadog-agent, kserve...

SUSE CVE-2026-12460

Insufficient policy enforcement in File System Access in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted PDF file. Chromium security severity: High...

Debian dla-4633 : fonts-opensymbol - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4633 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4633-1 [email protected]...

PT-2026-50703

Name of the Vulnerable Software and Affected Versions U.S. GAO Electronic Protest Docketing System EPDS affected versions not specified U.S. CBCA Electronic Docketing System EDS affected versions not specified Description The U.S. Government Accountability Office GAO Electronic Protest Docketing...

PT-2026-50777

Name of the Vulnerable Software and Affected Versions NILFS utilities versions prior to 2.3.1 Description The nilfs sb is valid function fails to validate the s log block size field in the NILFS2 superblock before performing bit-shift operations. An attacker can provide crafted NILFS2 images to...

PT-2026-50658

Name of the Vulnerable Software and Affected Versions ibaPDA affected versions not specified ibaDatCoordinator affected versions not specified Description Remote, unauthenticated attackers can exploit a deserialization of untrusted data issue to achieve remote code execution, potentially gaining...

Critical Photon OS Security Update - PHSA-2026-5.0-0886

Updates of 'samba-client', 'nano', 'libsolv' packages of Photon OS have been released...