PT-2026-35429

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.32 n8n versions prior to 2.17.4 n8n versions prior to 2.18.1 Description An authenticated user with permissions to create or modify workflows can achieve global prototype pollution via the XML Node. Prototype...

GHSA-45FJ-FVMM-XCC5 Concrete CMS has a stored Cross-site Scripting (XSS) vulnerability

In Concrete CMS below version 9.4.8, a user with permission to edit a page with element Legacy form can perform a stored XSS attack towards high-privilege accounts via the Question field. The Concrete CMS security team thanks minhnn42, namdi and quanlna2 from VCSLab-Viettel Cyber Security for...

CVE-2026-3452

Concrete CMS below version 9.4.8 is vulnerable to Remote Code Execution by stored PHP object injection into the Express Entry List block via the columns parameter. An authenticated administrator can store attacker-controlled serialized data in block configuration fields that are later passed to...

Concrete CMS 安全漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS prior to 9.4.8 contained a security vulnerability. This vulnerability stemmed from improper HTML encoding during the rendering of page names and content in the search block, which could le...

EUVD-2025-208262

IBM MQ Appliance 9.4 CD through 9.4.4.0 to 9.4.4.1...

CVE-2025-47147

Cleartext Storage of Sensitive Information CWE-312 in the Command Centre Mobile Client on Android and iOS could allow an attacker with access to a logged-in Operator's mobile device to extract the session token and exploit access for a limited duration. This issue affects Command Centre Mobile...

PT-2026-22819

IBM MQ Appliance 9.4 CD through 9.4.4.0 to 9.4.4.1...

CVE-2026-27824

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, the calibre Content Server's brute-force protection mechanism uses a ban key derived from both remoteaddr and the X-Forwarded-For header. Since the X-Forwarded-For header i...

DEBIAN-CVE-2026-27810

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, an HTTP Response Header Injection vulnerability in the calibre Content Server allows any authenticated user to inject arbitrary HTTP headers into server responses via an...

Improper Authorization org.springframework:spring-core Dependency in Bitbucket Data Center and Server

This High severity Improper Authorization vulnerability was introduced in version 8.19.0 and 9.4.0 of Bitbucket Data Center and Server. This Improper Authorization vulnerability, with a CVSS Score of 7.5, allows an attacker to potentially perform actions to circumvent authorization checks, which...

Bdtask Pharmacy Management System 安全漏洞

Bdtask Pharmacy Management System is a pharmacy management system from Bdtask Bangladesh. A security vulnerability exists in Bdtask Pharmacy Management System version 9.4 and earlier, which stems from an incorrect manipulation of the file /user/edituser, which could lead to authorization bypass...

EUVD-2025-30903

Malicious code in bioql PyPI...

CVE-2025-11005 TOTOLINK X6000R Unauthenticated Command Injection Vulnerability

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1458B20250708...

CVE-2025-11005

The CVE-2025-11005 issue affects TOTOLINK X6000R, where OS Command Injection arises from improper neutralization of special elements in user input. Affected versions: X6000R up to and including V9.4.0cu.1458_B20250708. Root cause: failure to properly filter special elements allows an attacker to ...

PT-2025-39313

Name of the Vulnerable Software and Affected Versions TOTOLINK X6000R versions through V9.4.0cu.1360 B20241207 Description The software contains an improper input validation issue that can lead to command injection and file manipulation. The vulnerability exists due to insufficient validation of...

CVE-2025-34046

An unauthenticated file upload vulnerability exists in the Fanwei E-Office = v9.4 web management interface. The vulnerability affects the /general/index/UploadFile.php endpoint, which improperly validates uploaded files when invoked with certain parameters uploadType=eofficelogo or...

SAS Studio 安全漏洞

SAS Studio is a Web browser-based programming environment from SAS. A security vulnerability exists in SAS Studio version 9.4. A remote attacker can exploit the vulnerability to execute arbitrary SQL commands via a POST body request...

Scriptcase 路径遍历漏洞

Scriptcase is a low-code platform for rapid application development from Scriptcase, Inc. A path traversal vulnerability exists in Scriptcase version 9.4.019 that stems from improper parameter handling and allows an unauthenticated remote user to bypass SecurityManager's expected restrictions and...

NetApp ONTAP Security Vulnerability

NetApp ONTAP is a proprietary operating system from Network Appliance NetApp, Inc. It is used for storage disk arrays. A security vulnerability exists in NetApp ONTAP 9.4 and later versions that stems from the presence of a sensitive information disclosure vulnerability...

TOTOLINK X6000R Security Breach

TOTOLINK X6000R is a wireless router from China's Gion Electronics TOTOLINK. A security vulnerability exists in TOTOLINK X6000R version V9.4.0cu.852B20230719, which stems from the presence of a command execution vulnerability...