CVE-2026-4053 post edit time limit is not enforced on some post update operations

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to enforce the PostEditTimeLimit on non-message post fields which allows an authenticated user to modify post file attachments, props, and pin status after the edit window has expired via the post patch and update API endpoints...

EUVD-2026-29363

Due to insufficient authorization checks in the SAP Incentive and Commission Management application, authenticated users could invoke a remote-enabled function module to perform table update operations. This vulnerability has a low impact on integrity with no impact on confidentiality and...

CVE-2026-40134

Due to insufficient authorization checks in the SAP Incentive and Commission Management application, authenticated users could invoke a remote-enabled function module to perform table update operations. This vulnerability has a low impact on integrity with no impact on confidentiality and...

CVE-2026-43389

A flaw was found in the memfdluo subsystem of the Linux kernel. When using memfd preservation with Live Update Operations LUO, the kernel may incorrectly mark a memory page folio as clean even if it contains user data. This can lead to data loss, as the kernel might reclaim these 'dirty' folios...

CVE-2026-4330

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to authorization bypass through user-controlled key in all versions up to, and including, 8.8.3. This is due to the plugin's AJAX handlers failing to validate that the user-supplied 'b2sid' parameter belongs to...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure when applying isFilterable to sensitive data. By adding malicious uniqueness filters to the where clause of an update or delete operation, a user can infer the presence of specific values in records the user does no...

CVE-2026-28452

OpenClaw versions prior to 2026.2.14 contain a denial of service vulnerability in the extractArchive function within src/infra/archive.ts that allows attackers to consume excessive CPU, memory, and disk resources through high-expansion ZIP and TAR archives. Remote attackers can trigger resource...

PT-2026-23530

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.14 clawdbot versions prior to 2026.1.24-3 Description The software contains a denial of service issue in the extractArchive function within src/infra/archive.ts. Attackers can provide maliciously crafted ZIP a...

EUVD-2024-33364

Malicious code in bioql PyPI...

CVE-2025-46720

Keystone is a content management system for Node.js. Prior to version 6.5.0, field.isFilterable access control can be bypassed in update and delete mutations by adding additional unique filters. These filters can be used as an oracle to probe the existence or value of otherwise unreadable fields...

CVE-2025-46720 Keystone has an unintended `isFilterable` bypass that can be used as an oracle to match hidden fields

Keystone is a content management system for Node.js. Prior to version 6.5.0, field.isFilterable access control can be bypassed in update and delete mutations by adding additional unique filters. These filters can be used as an oracle to probe the existence or value of otherwise unreadable fields...

GHSA-HG9M-67MM-7PG3 Keystone has an unintended `isFilterable` bypass that can be used as an oracle to match hidden fields

Summary field.isFilterable access control can be bypassed in update and delete mutations by adding additional unique filters. These filters can be used as an oracle to probe the existence or value of otherwise unreadable fields. Specifically, when a mutation includes a where clause with multiple...

Updated kanboard packages fix security vulnerability

In versions prior to 1.2.31 an authenticated user is able to perform a SQL injection, leading to a privilege escalation or loss of confidentiality. It appears that in some insert and update operations the code improperly uses the PicoDB library to update/insert new information...

CVE-2024-10953

An authenticated data.all user is able to perform mutating UPDATE operations on persisted Notification records in data.all for group notifications that their user is not a member of...

CVE-2024-10953 data.all authenticated users can perform mutating update operations on persisted notification records

An authenticated data.all user is able to perform mutating UPDATE operations on persisted Notification records in data.all for group notifications that their user is not a member of...

Improper Authorization in Select Permissions

Due to the order in which permissions were processed, some statements, filters and computations could lead to leaking field values or record contents to users without the required permissions. This behavior could be triggered in different scenarios: - When performing a SELECT operation on a table...

bind: bind9: BIND's database will be slow if a very large number of RRs exist at the same nam

A flaw was found in the bind9 package, where a hostname with significant resource records may slow down bind's resolver cache and authoritative zone databases while these records are being added or updated. In addition, client queries for the related hostname may cause the same issue. This...

PT-2023-25704 · Kanboard +1 · Kanboard +1

Name of the Vulnerable Software and Affected Versions: Kanboard versions prior to 1.2.31 Description: Kanboard is project management software that focuses on the Kanban methodology. In versions prior to 1.2.31, an authenticated user is able to perform a SQL Injection, leading to a privilege...

Lexiglot Resource Management Error Vulnerability

Lexiglot is a translation platform written in PHP by the French software developer Damien Sorel. A resource management error vulnerability exists in Lexiglot 2014-11-20 and earlier versions, which stems from the fact that the api/update.php file uses a large amount of resources when performing sv...

CVE-2014-8937

Lexiglot through 2014-11-20 allows denial of service because api/update.php launches svn update operations that use a great deal of resources...