CVE-2026-9170

IBM HTTP Server 8.5, and 9.0...

CVE-2026-37709

Insecure Permissions vulnerability in grokability snipe-it v.8.4.0 and before and fixed after 2026-03-10 commit 676a9958 allows a remote attacker to execute arbitrary code via the app/Http/Controllers/Api/UploadedFilesController.php component...

CVE-2026-8852

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module modfastcgi module...

GHSA-75HH-423H-RVWG vulnerabilities

Vulnerabilities for packages: openjdk-25-openj9, openjdk-8-openj9, openjdk-21-openj9, openjdk-26-openj9, openjdk-11-openj9, openjdk-17-openj9...

GHSA-99RJ-3595-5FRJ vulnerabilities

Vulnerabilities for packages: openjdk-25-openj9, openjdk-8-openj9, openjdk-21-openj9, openjdk-26-openj9, openjdk-11-openj9, openjdk-17-openj9...

CVE-2026-8633

IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to remote code execution in the Web Server Plug-ins, through a specially crafted request...

Suricata 8.x < 8.0.5 Multiple Vulnerabilities

The version of OISF Suricata installed on the remote host is 8.x prior to 8.0.5. It is, therefore, affected by multiple vulnerabilities, including: - LDAP transaction state could store an unbounded number of responses. Because LDAP can be processed over UDP, crafted traffic may cause Suricata to...

CVE-2026-9319 IBM WebSphere Application Server is affected by a remote code execution vulnerability

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untrusted data via JAX-WS endpoints with WS-Security...

CVE-2026-9311

IBM WebSphere Application Server 9.0 and 8.5 are affected by a remote code execution vulnerability (CVE-2026-9311) caused by bypassing security controls. The IBM bulletin assigns CVSS v3.1 base score 9.0 (CRITICAL) with network attack vector, high attack complexity, no privileges required, and re...

CVE-2026-8644 IBM WebSphere Application Server is affected by an identity spoofing vulnerability

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing...

EUVD-2026-33704

Nextcloud is an open source content collaboration platform. From version 6.1.0 to before version 8.2.2, an attacker can craft links that would redirect users to another website, when the victim uses the attackers link to log in via user OIDC. This issue has been patched in version 8.2.2...

CVE-2026-45278 Nextcloud: Open Redirect in user_oidc login flow via protocol-relative URL bypass

Nextcloud is an open source content collaboration platform. From version 6.1.0 to before version 8.2.2, an attacker can craft links that would redirect users to another website, when the victim uses the attackers link to log in via user OIDC. This issue has been patched in version 8.2.2...

CVE-2026-48187 Email with special content can lead to DoS

An uncontrolled allocation of resources without limits or throttling in the e-mail handling in OTRS allows excessive allocation which may lead to the abortion of the webserver.This issue affects OTRS: 8.0.X 2023.X 2024.X 2025.X 2026.X before 2026.4.X Please note that OTRS Community Edition 6.x,...

EUVD-2026-33550

An incorrect handling of permissions in OTRS External Interface and the ConfigItem List module allows an authenticated customer to query the system for CI information. Please note that CMDB has to be anabled and CustomerGroupSupport has to be used to be affected. This issue affects OTRS: 7.0.X...

PT-2026-45528

Name of the Vulnerable Software and Affected Versions Nextcloud versions 1.3.6 through 8.3.x Description An improper check in the authentication process allows users provided by LDAP to continue authenticating via user OIDC even after they have been deleted. Recommendations Update to version 8.4....

SUSE CVE-2026-45104

MapServer is a system for developing web-based GIS applications. From 6.4.0 to before 8.6.3, msSLDParseUserStyle always calls SLDApplyRuleValuespsRule, psLayer, 1; for any carrying - it assumes msSLDParseRule added one class. When the rule has no symbolizer a structurally valid SLD, msSLDParseRul...

CVE-2026-47761

Summary: CVE-2026-47761 is a stored XSS vulnerability in TinyMCE’s media plugin, triggered by crafted data-mce-* attributes during content rendering. Affected software: TinyMCE (open source rich text editor); affected version range prior to 5.11.1, 7.9.3, and 8.5.1. Root cause/Vector: Media plugi...

CVE-2026-44833

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, an open redirect vulnerability in Snipe-IT allows attackers to redirect users to malicious sites via unvalidated HTTP Referer header stored in session variable. This vulnerability is fixed in 8.4.1...

CVE-2026-44831

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, users with component view access could be impacted by an unescaped notes column, resulting in cross-site scripting XSS. This vulnerability is fixed in 8.4.1...

CVE-2026-44832 Snipe-IT: Privilege Escalation via API Permissions Assignment

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, aAn authenticated user with only users.edit permission can escalate their own privileges to admin by sending a PATCH request to /api/v1/users/id with permissionsadmin=1. The API controller only strips the superuser key from the...