CVE-2026-40108

GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, a technician can store an XSS payload in a ITIL costs. This issue has been fixed in version 11.0.7...

EUVD-2026-34006

An unauthenticated user with write access to the knowledge base can store an XSS payload in a knowledge base item. This issue affects glpi: before 11.0.7...

GLPI 跨站脚本漏洞

GLPI is an open-source IT and asset management software developed by GLPI. This software provides a comprehensive IT resource management interface, allowing you to create databases for managing various IT assets such as computers, monitors, servers, printers, network devices, telephones, and even...

CVE-2026-32312

GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, an authenticated user with forms READ permission can export the structure of unauthorized forms. This issue has been fixed in version 11.0.7...

EUVD-2026-25135

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 uses weaker than expected cryptographic algorithms that could allow an...

CVE-2026-5926 Security vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 uses weaker than expected cryptographic algorithms that could allow an...

EUVD-2026-19249

GLPI is a free asset and IT management software package. From 10.0.0 to before 10.0.24 and 11.0.6, an authenticated user can perform a SQL injection via the logs export feature. This vulnerability is fixed in 10.0.24 and 11.0.6...

CVE-2026-25937 GLPI has a MFA bypass

GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, a malicious actor with knowledge of a user's credentials can bypass MFA and steal their account. Version 11.0.6 fixes the issue...

CVE-2026-27452

ASN.1 TypeScript ESM library, including codecs for Basic Encoding Rules BER and Distinguished Encoding Rules DER. In versions 11.0.5 and below, in some cases, decoding an INTEGER could leak the underlying ArrayBuffer. This issue is expected to be fixed in version 11.0.6...

PT-2026-4107

Name of the Vulnerable Software and Affected Versions jegtheme JNews - Pay Writer versions through 11.0.0 Description A flaw exists in jegtheme JNews - Pay Writer that allows for PHP Local File Inclusion due to improper control of filename for include/require statements. This issue potentially...

CVE-2025-66417 GLPI has an unauthenticated SQL injection through the inventory endpoint

GLPI is a free asset and IT management software package. From 11.0.0, 11.0.3, an unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 11.0.3...

PHPEMS 竞争条件问题漏洞

PHPEMS is a PHP online practice exam system. A Competitive Condition Issue vulnerability exists in PHPEMS version 11.0 and earlier, which stems from a competitive condition in the component Coupon Handler that could lead to a competitive condition attack...

Newgen OmniDocs 安全漏洞

Newgen OmniDocs is an enterprise content management suite from Newgen, Inc. A security vulnerability exists in Newgen OmniDocs version v11.0 that stems from an unauthenticated feature-level authorization breach that could lead to access to sensitive information and account takeover...

CVE-2025-64701

CVE-2025-64701 affects QualitySoft QND (Premium/Advance/Standard) versions 11.0.9i and earlier. The root cause is a privilege escalation vulnerability that could allow a user who can log in to a Windows system running the affected product to obtain administrator privileges, with potential access/...

EUVD-2025-25649

Malicious code in bioql PyPI...

CVE-2025-36326 IBM Controller information disclosure

IBM Cognos Controller 11.0.0 through 11.0.1, and IBM Controller 11.1.0 through 11.1.1 could allow an attacker to obtain sensitive information due to the use of hardcoded cryptographic keys for signing session cookies...

SUSE-SU-2025:02979-1 Security update for tomcat11

This update for tomcat11 fixes the following issues: Updated to Tomcat 11.0.9 - CVE-2025-52520: Fixed integer overflow can lead to DoS for some unlikely configurations of multipart upload bsc1246388 - CVE-2025-53506: Fixed uncontrolled resource HTTP/2 client consumption vulnerability bsc1246318...

CVE-2025-54190

Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

json-schema-ref-parser 安全漏洞

json-schema-ref-parser is an open source library from API Dev Tools in the United States. A security vulnerability exists in versions v.11.0.0 and v.11.1.0 of json-schema-ref-parser, which stems from a vulnerability that allows an attacker to manipulate an object's prototype by passing specially...

Bosch Video Management System 安全漏洞

Bosch Video Management System is a video management system from Bosch, Germany. A security vulnerability exists in Bosch Video Management System, which stems from improper authorization of the SSH server, allowing an authenticated attacker to access resources on the internal network via port...