PT-2026-25542

A security flaw has been discovered in Tecnick TCExam up to 16.6.0. Affected is the function F xml export users of the file admin/code/tce xml users.php of the component XML Export. Performing a manipulation results in cross site scripting. Remote exploitation of the attack is possible. There are...

CVE-2026-27471 ERP: Document access through endpoints due to missing validation

ERP is a free and open source Enterprise Resource Planning tool. In versions up to 15.98.0 and 16.0.0-rc.1 and through 16.6.0, certain endpoints lacked access validation which allowed for unauthorized document access. This issue has been fixed in versions 15.98.1 and 16.6.1...

CVE-2026-22601 OpenProject is Vulnerable to Code Execution in E-Mail function

OpenProject is an open-source, web-based project management software. For OpenProject version 16.6.1 and below, a registered administrator can execute arbitrary command by configuring sendmail binary path and sending a test email. This issue has been patched in version 16.6.2...

CVE-2026-22601 OpenProject is Vulnerable to Code Execution in E-Mail function

OpenProject is an open-source, web-based project management software. For OpenProject version 16.6.1 and below, a registered administrator can execute arbitrary command by configuring sendmail binary path and sending a test email. This issue has been patched in version 16.6.2...

EUVD-2023-57555

Malicious code in bioql PyPI...

BIT-GITLAB-2023-4658 Incorrect Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions starting from 8.13 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to abuse the Allowed to merge permission as a guest user, when granted t...

GitLab Enterprise Edition Security Vulnerability

GitLab Enterprise Edition EE is a content management system from GitLab, Inc. in the United States. A security vulnerability exists in GitLab Enterprise Edition Premium, Ultimate 16.4.3, 16.5.3, and 16.6.1 versions, which stems from a project that uses subgroups to define who can push or merge in...

Input validation

Improper neutralization of input in Jira integration configuration in GitLab CE/EE, affecting all versions from 15.10 prior to 16.6.1, 16.5 prior to 16.5.3, and 16.4 prior to 16.4.3 allows attacker to execute javascript in victim's browser...

CVE-2023-3964

Removed by vendor...

CVE-2023-6033

Removed by vendor...

Apple Safari Security Update (HT213930)

Apple Safari is prone to a code execution vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apple:safari";...

ZeroDay vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed two ZeroDay vulnerabilities in iOS and iPadOS. A malicious person could exploit the vulnerabilities to execute arbitrary execute arbitrary code as a user of the system. Successful exploitation requires the malicious party to trick the victim into opening a rogue image, or opening ...

PT-2021-6612 · Node.Js +7 · Node.Js +7

Name of the Vulnerable Software and Affected Versions: Node.js versions prior to 16.6.1 Node.js versions prior to 14.17.5 Node.js versions prior to 12.22.5 Description: The issue is related to a use after free attack, where an attacker might exploit memory corruption to change process behavior...