Kentico Xperience 13 CMS - Staging Service Authentication Bypass (WT-2025-0006)

An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server component password handling for the server defined None type. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through...

CVE-2025-14042

The Automotive Car Dealership Business WordPress Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Project Details' custom field in Portfolio Items in all versions up to, and including, 13.4.1. This is due to insufficient input sanitization and output escaping on...

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

UBUNTU-CVE-2026-42577

Netty is an asynchronous, event-driven network application framework. From 4.2.0.Final to 4.2.13.Final , Netty's epoll transport fails to detect and close TCP connections that receive a RST after being half-closed, leading to stale channels that are never cleaned up and, in some code paths, a 100...

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

CVE-2026-20717

Improper input validation for some IntelR QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result...

[SECURITY] Fedora 42 Update: prosody-13.0.5-1.fc42

Prosody is a flexible communications server for Jabber/XMPP written in Lua. It aims to be easy to use, and light on resources. For developers it aims to be easy to extend and give a flexible system on which to rapidly develop added functionality, or prototype new protocols...

CVE-2026-43001

An issue was discovered in OpenStack Keystone before 29.0.2. POST /v3/credentials did not validate that the caller-supplied projectid for an EC2-type credential matched the project of the authenticating application credential. This allowed an attacker holding an unrestricted application credentia...

CVE-2026-34279

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Event Management. Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle...

CVE-2026-34164 Valtimo: Sensitive data exposure through inbox message logging in InboxHandlingService

Valtimo is an open-source business process automation platform. In versions 13.0.0 through 13.21.0, the InboxHandlingService logs the full content of every incoming inbox message at INFO level. Inbox messages can contain highly sensitive information including personal data PII, citizen identifier...

[SECURITY] Fedora 42 Update: python3.13-3.13.12-2.fc42

Python 3.13 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries...

Amazon Linux 2023 : openssl, openssl-devel, openssl-fips-provider-latest (ALAS2023-2026-1522)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1522 advisory. Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword...

CVE-2026-32491

The CVE-2026-32491 entry covers a Cross-Site Scripting (XSS) vulnerability in the WordPress plugin WP Review Slider, specifically the wp-facebook-reviews component. Affected versions are WP Review Slider up to and including 13.9 (older than or equal to 13.9). The issue arises from improper neutra...

CVE-2026-32491 WordPress WP Review Slider plugin <= 13.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jgwhite33 WP Review Slider wp-facebook-reviews allows Stored XSS.This issue affects WP Review Slider: from n/a through = 13.9...

CVE-2026-32491

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jgwhite33 WP Review Slider wp-facebook-reviews allows Stored XSS.This issue affects WP Review Slider: from n/a through = 13.9...

CVE-2026-25357 WordPress Ultimate Membership Pro plugin <= 13.7 - Account Takeover vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in azzaroco Ultimate Membership Pro indeed-membership-pro allows Authentication Abuse.This issue affects Ultimate Membership Pro: from n/a through = 13.7...

CVE-2026-25357

CVE-2026-25357 describes an authentication bypass in azzaroco Ultimate Membership Pro (indeed-membership-pro) for WordPress, allowing authentication abuse via an alternate path or channel. The issue affects versions n/a through 13.7; CVSSv3.1 base score 8.1 (HIGH) with NETWORK attack vector, LOW ...

PT-2026-27918

Name of the Vulnerable Software and Affected Versions azzaroco Ultimate Membership Pro versions n/a through 13.7 Description An authentication bypass issue exists in azzaroco Ultimate Membership Pro indeed-membership-pro, allowing for authentication abuse. The issue involves using an alternate pa...

PT-2026-26287

We're not migrating to Veeam B&R 13.0.1 until the end of the year, as Veeam B&R is supported until 01 Feb 2027, and we're not find of adopting applications before a couple of version releases have been made. We noticed Action1 appears to be incorrectly assigning CVE's affecting Veeam B&R 13.0.1.x...

RHSA-2026:4504 Red Hat Security Advisory: postgresql:13 security update

Bulletin has no description...