KLA90956 Multiple vulnerabilities in Mozilla Thunderbird ESR

Multiple vulnerabilities were found in Mozilla Thunderbird ESR. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, bypass security restrictions, cause denial of service, execute arbitrary code, spoof user interface. Below is a complete list of...

GHSA-HJ7X-HMF2-HC2P Harbor allows the use of the default password for web UI login

Use of hard coded credentials in GoHarbor Harbor version 2.15.0 and below, allows attackers to use the default password and gain access to the web UI...

CVE-2026-4404

Use of hard coded credentials in GoHarbor Harbor version 2.15.0 and below, allows attackers to use the default password and gain access to the web UI...

CVE-2026-4404 Use of hard coded credentials in GoHarbor Harbor

Use of hard coded credentials in GoHarbor Harbor version 2.15.0 and below, allows attackers to use the default password and gain access to the web UI...

CVE-2026-4404

Use of hard coded credentials in GoHarbor Harbor version 2.15.0 and below, allows attackers to use the default password and gain access to the web UI...

EUVD-2026-14455

Use of hard coded credentials in GoHarbor Harbor version 2.15.0 and below, allows attackers to use the default password and gain access to the web UI...

CVE-2026-4404 Use of hard coded credentials in GoHarbor Harbor

Use of hard coded credentials in GoHarbor Harbor version 2.15.0 and below, allows attackers to use the default password and gain access to the web UI...

PT-2026-27137

Name of the Vulnerable Software and Affected Versions GoHarbor versions prior to 2.15.0 Description The use of hard-coded credentials in GoHarbor allows attackers to use the default password and gain access to the web user interface. Recommendations Update GoHarbor to version 2.15.0 or later...

CVE-2026-32057

OpenClaw shows an authentication bypass in the trusted-proxy Control UI pairing mechanism. Affected: OpenClaw versions prior to 2026.2.25. Root cause: the control-ui client identifier (client.id=control-ui) is accepted without proper device identity verification, allowing an authenticated node-ro...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.2.25 contained security vulnerabilities. These vulnerabilities stemmed from an authentication bypass vulnerability in the Control UI pairing mechanism, which could allow...

CLSA-2026-1773999754 Fix CVE(s): CVE-2026-25898

SECURITY UPDATE: global buffer overflow read via negative pixel index in UIL and XPM image encoders - debian/patches/CVE-2026-25898.patch: clamp negative pixel index values to zero in WriteUILImage, WritePICONImage, and WriteXPMImage before using them as array subscripts into the Cixel table. -...

SUSE CVE-2026-32632

Glances is an open-source system cross-platform monitoring tool. Glances recently added DNS rebinding protection for the MCP endpoint, but prior to version 4.5.2, the main REST/WebUI FastAPI application still accepts arbitrary Host headers and does not apply TrustedHostMiddleware or an equivalent...

CVE-2025-63260

SyncFusion 30.1.37 is vulnerable to Cross Site Scripting XSS via the Document-Editor reply to comment field and Chat-UI Chat message...

SyncFusion 安全漏洞

SyncFusion is a set of enterprise-level UI component development tools provided by the American company SyncFusion. Version 30.1.37 of SyncFusion contains a security vulnerability. This vulnerability stems from the Document-Editor’s reply comment field and Chat-UI chat messages, and could lead to...

CVE-2026-29099 SuiteCRM has Authenticated Blind SQL Injection in OutboundEmail Legacy Functionality.

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the retrieve function in include/OutboundEmail/OutboundEmail.php fails to properly neutralize the user controlled $id parameter. It is assumed that the...

EUVD-2026-13316

OpenClaw versions prior to 2026.2.21 contain an authentication bypass vulnerability in the Control UI when allowInsecureAuth is explicitly enabled and the gateway is exposed over plaintext HTTP, allowing attackers to bypass device identity and pairing verification. An attacker with leaked or...

EUVD-2026-13288

OpenClaw versions prior to 2026.2.22 contain a path traversal vulnerability in the static file handler that follows symbolic links, allowing out-of-root file reads. Attackers can place symlinks under the Control UI root directory to bypass directory confinement checks and read arbitrary files...

EUVD-2025-208852

IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality...

CVE-2025-15051

IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 is vulnerable to cross-site scripting in the Web UI, allowing embedded JavaScript to alter functionality. The connected IBM security bulletin specifies CVE-2025-15051, with CWE-79, CVSS 3.1 base score 5.4 (UI: REQUIRED, AV:N, AC:L, PR:L; C/L/I...

CVE-2026-1276 IBM QRadar SIEM Cross-Site Scripting

IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...