@adenta/cms (>=0.0.6 <=1.1.1-0), @ainsleydev/payload-helper (>=0.0.6 <=0.1.2) +23 more potentially affected by CVE-2026-25544 via @payloadcms/drizzle (>=3.0.0-beta.100 <=3.73.0-internal.783bc97)

@payloadcms/drizzle NPM version =3.0.0-beta.100, =0.0.6, =0.0.6, =3.22.1, =3.37.0, =1.0.0, =3.53.0, =3.61.1-2, =3.50.0-internal.ca62628, =3.0.0, =3.0.0, =3.0.0, =1.0.1, =1.0.2 and more Source cves: CVE-2026-25544 Source advisory: OSV:GHSA-XX6W-JXG9-2WH8...

CVE-2026-23624

GLPI is a free asset and IT management software package. In versions starting from 0.71 to before 10.0.23 and before 11.0.5, when remote authentication is used, based on SSO variables, a user can steal a GLPI session previously opened by another user on the same machine. This issue has been patch...

CVE-2024-43181

IBM Concert 1.0.0 through 2.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system...

CVE-2024-43181

IBM Concert 1.0.0 through 2.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system...

CVE-2024-40685

IBM Operations Analytics – Log Analysis versions 1.3.5.0 through 1.3.8.3 and IBM SmartCloud Analytics – Log Analysis are vulnerable to a cross-site request forgery CSRF vulnerability that could allow an attacker to trick a trusted user into performing unauthorized actions...

CVE-2026-0945

Privilege Defined With Unsafe Actions vulnerability in Drupal Role Delegation allows Privilege Escalation.This issue affects Role Delegation: from 1.3.0 before 1.5.0...

@regis-samurai/n8n (>=0.216.1 <=0.219.1), n8n-nodes-accelo (>=0.1.0 <=0.1.9) +11 more potentially affected by CVE-2026-25115 via n8n (>=0.138.0 <=0.93.0)

n8n NPM version =0.138.0, =0.216.1, =0.1.0, =0.18.0, =0.1.0, =0.1.0, =0.2.14, =0.1.0, =0.1.0, =0.0.2, =0.0.2, =1.1.3 Source cves: CVE-2026-25115 Source advisory: OSV:GHSA-8398-GMMX-564H...

CVE-2026-25122 apko is vulnerable to unbounded resource consumption in expandapk.Split on attacker-controlled .apk streams

apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.0, expandapk.Split drains the first gzip stream of an APK archive via io.Copyio.Discard, gzi without explicit bounds. With an attacker-controlled input stream, this can force lar...

UBUNTU-CVE-2026-22044

GLPI is a free asset and IT management software package. From version 0.85 to before 10.0.23, an authenticated user can perform a SQL injection. This issue has been patched in version 10.0.23...

UBUNTU-CVE-2026-22247

GLPI is a free asset and IT management software package. From version 11.0.0 to before 11.0.5, a GLPI administrator can perform SSRF request through the Webhook feature. This issue has been patched in version 11.0.5...

CVE-2026-21893

n8n is an open source workflow automation platform. From version 0.187.0 to before 1.120.3, a command injection vulnerability was identified in n8n’s community package installation functionality. The issue allowed authenticated users with administrative permissions to execute arbitrary system...

CVE-2025-6596

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation Vector. This vulnerability is associated with program files resources/skins.Vector.Js/portlets.Js, resources/skins.Vector.Legacy.Js/portlets.Js. This issue affects Vecto...

n8n 操作系统命令注入漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. In versions 0.187.0 to 1.120.3, there was a vulnerability related to operating system command injection. This vulnerability stemmed from the community package installation feature’s command injection capability, which coul...

PT-2026-5867

Name of the Vulnerable Software and Affected Versions IBM Concert versions 1.0.0 through 2.1.0 Description The software does not invalidate user sessions after logout. This could allow an authenticated user to impersonate another user on the system. Recommendations Update to a version later than...

apko 资源管理错误漏洞

Apko is an open-source OCI image builder based on APK. In versions 0.14.8 to 1.1.0 of Apko, there was a resource management vulnerability. This vulnerability stemmed from the expandapk.Split function, which did not set clear boundaries when processing APK archives, potentially leading to resource...

apko 安全漏洞

Apko is an open-source OCI image builder based on APK. Versions of Apko from 0.14.8 to 1.1.1 contained security vulnerabilities. These vulnerabilities stemmed from a path traversal vulnerability in the dirFS file system abstraction layer, which could lead to the creation of directories or symboli...

CVE-2025-33081

IBM Concert 1.0.0 through 2.1.0 stores potentially sensitive information in log files that could be read by a local user...

CVE-2025-33081

IBM Concert 1.0.0 through 2.1.0 stores potentially sensitive information in log files that could be read by a local user...

CVE-2026-25616

Blesta 3.x through 5.x before 5.13.3 mishandles input validation, aka CORE-5665...

1shot (>=0.0.3 <=0.0.9), @4via6/relay (>=1.0.0 <=1.1.3) +234 more potentially affected by CVE-2026-24887 via @anthropic-ai/claude-code (>=0.2.126 <=2.0.69)

@anthropic-ai/claude-code NPM version =0.2.126, =0.0.3, =1.0.0, =0.1.18, =1.0.0, =0.4.0, =0.2.3, =0.0.1, =0.0.1, =0.0.55, =0.0.69 - @brandongtr/rule-agent-cli =1.0.1-beta.0 and more Source cves: CVE-2026-24887 Source advisory: OSV:GHSA-QGQW-H4XQ-7W8W...