CVE-2026-45153 Nextcloud: PIN bypass in PassCodeActivity via back button

Nextcloud is an open source content collaboration platform. From version 33.0.0 to before version 33.1.0, after unlocking a locked Android phone the back-button could be used to bypass the Nextcloud Files app PIN. This issue has been patched in version 33.1.0...

CVE-2026-8931

A critical Remote Code Execution RCE vulnerability exists in Disig Web Signer versions 2.0.3 through 2.5.3...

CVE-2026-8931 Critical RCE vulnerability in Disig Web Signer

A critical Remote Code Execution RCE vulnerability exists in Disig Web Signer versions 2.0.3 through 2.5.3...

CVE-2026-8931 Critical RCE vulnerability in Disig Web Signer

A critical Remote Code Execution RCE vulnerability exists in Disig Web Signer versions 2.0.3 through 2.5.3...

WordPress Slider Revolution plugin 7.0.0-7.0.14 - Incorrect Authorization to Authenticated (Contributor+) Sensitive Information Exposure vulnerability

Incorrect Authorization to Authenticated Contributor+ Sensitive Information Exposure vulnerability discovered by Prickly Cactus in WordPress Plugin Slider Revolution versions 7.0.0-7.0.14...

at.chrl:chrl-jms (=1.1.0), at.researchstudio.sat:won-core (>=0.2 <=0.9) +1035 more potentially affected by CVE-2026-34197 +1 more via org.apache.activemq:activemq-broker (>=5.10.0 <=5.19.6)

org.apache.activemq:activemq-broker MAVEN version =5.10.0, =0.2, =0.3, =0.2, =0.2, =0.3, =0.3, =0.3, =0.3, =0.3, =0.2, =0.3, =0.3, =0.6 - at.researchstudio.sat:won-owner =0.3 - at.researchstudio.sat:won-owner-webapp =0.3 and more Source cves: CVE-2026-34197, CVE-2026-45505 Source advisory:...

abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +162 more potentially affected by CVE-2025-57735 +1 more via apache-airflow (>=1.8.2 <=3.2.1rc3)

apache-airflow PYPI version =1.8.2, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.2.1, =0.2.9b1, =0.4.0, =0.1.0a1, =0.6.0, =1.6.0 and more Source cves: CVE-2025-57735, CVE-2026-48726 Source advisory: OSV:PYSEC-2026-187...

PT-2026-45541

IBM i Access Family 1.1.5.0 through 1.1.9.12 IBM i Access Client Solutions ACS is vulnerable to remote code execution when configured to listen for requests from IBM i Navigator...

PT-2026-45515

Name of the Vulnerable Software and Affected Versions Spring Cloud Function versions prior to 3.2.16 Spring Cloud Function versions prior to 4.1.10 Spring Cloud Function versions prior to 4.2.6 Spring Cloud Function versions prior to 4.3.3 Spring Cloud Function versions prior to 5.0.2 Spring Clou...

CVE-2026-37711

An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-al...

Nextcloud Android app 授权问题漏洞

The Nextcloud Android app is a mobile application developed by the German company Nextcloud, designed for accessing Nextcloud servers on the Android platform. In versions 33.0.0 to 33.1.0 of the Nextcloud Android app, there was an authorization vulnerability. This vulnerability occurred when...

EUVD-2026-33446

Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of uninitialized stack memory values to a client...

GHSA-7CWM-FPFH-RRCH Ironic Standalone Operator's prometheus metrics exporter bound to all interfaces

Impact The Ironic Standalone Operator IRSO is the operator to maintain an Ironic deployment for Metal3. The Prometheus metrics exporter binds to 0.0.0.0 all network interfaces by default with no authentication. The default config is disabled. If enabled, this exposes operational metrics to any ho...

@aiconnect/codelets-runner (>=0.1.0 <=0.2.0), @cairncms/api (>=1.0.0-beta.1 <=1.0.0-beta.4) +21 more potentially affected by CVE-2026-47139 via vm2 (>=3.0.0 <=3.11.3)

vm2 NPM version =3.0.0, =0.1.0, =1.0.0-beta.1, =3.0.46, =0.1.0, =1.1.15, =1.27.8, =1.0.0-beta.1, =1.1.0, =0.2.0, =0.1.64, =0.1.61, =1.66.16, =1.66.16, =1.72.4 and more Source cves: CVE-2026-47139 Source advisory: SNYK:JS-VM2-17111337...

@aiconnect/codelets-runner (>=0.1.0 <=0.2.0), @cairncms/api (>=1.0.0-beta.1 <=1.0.0-beta.4) +21 more potentially affected by CVE-2026-47135 via vm2 (>=3.0.0 <=3.11.3)

vm2 NPM version =3.0.0, =0.1.0, =1.0.0-beta.1, =3.0.46, =0.1.0, =1.1.15, =1.27.8, =1.0.0-beta.1, =1.1.0, =0.2.0, =0.1.64, =0.1.61, =1.66.16, =1.66.16, =1.72.4 and more Source cves: CVE-2026-47135 Source advisory: SNYK:JS-VM2-17111274...

@bloggrify/bento (>=3.0.0 <=3.0.1), @bloggrify/core (>=3.0.0 <=3.1.2) +22 more potentially affected by CVE-2026-47200 via nuxt (>=4.0.0-rc.0 <=4.4.4)

nuxt NPM version =4.0.0-rc.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =1.0.3, =10.0.2, =1.1.11, =1.0.4, =0.4.5, =0.0.0, =0.0.1, =1.0.0, =1.1.0, =2.0.1 and more Source cves: CVE-2026-47200 Source advisory: OSV:GHSA-HG3F-28RG-4JXJ...

@geode/opengeodeweb-front (>=9.13.1 <=10.0.2-rc.4), nuxt (>=3.20.0 <=3.21.5) potentially affected by CVE-2026-47200 via @nuxt/nitro-server (>=3.20.0 <=3.21.5)

@nuxt/nitro-server NPM version =3.20.0, =9.13.1, =3.20.0, =3.21.5 Source cves: CVE-2026-47200 Source advisory: SNYK:JS-NUXTNITROSERVER-17111073...

0xpay-cc-sdk (>=0.0.8 <=0.1.0), 0xtrails (>=0.0.0-20251106131028 <=0.16.0) +7399 more potentially affected by CVE-2018-16487 +1 more via axios (>=1.0.0 <=1.15.2)

axios NPM version =1.0.0, =0.0.8, =0.0.0-20251106131028, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =1.0.0, =0.0.2-beta.0, =8.0.5, =6.1.0, =0.0.0-canary-847463221a9a1bee28641d8c0ecfaca98ee142f6, =0.0.1-alpha.3, =0.1.6-alpha.11, =0.1.6-alpha.12 and more Source cves: CVE-2018-16487, CVE-2026-44490 Source...

Vulnerabilities in Oracle E-Business Suite components

Oracle has discovered vulnerabilities in various components of the Oracle E-Business Suite, including Oracle Payments, Oracle Internet Procurement Connector, Oracle Financials Common Modules, Oracle iAssets, Oracle Public Sector Financials International, Oracle Universal Work Queue, Oracle Payrol...

Roslyn CodeLens MCP Server 安全漏洞

Roslyn CodeLens MCP Server is a Roslyn-based .NET code library tool for deep semantic analysis, developed by Marcel Roozekrans. Versions of Roslyn CodeLens MCP Server from 0.0.9 to 1.17.0 contain security vulnerabilities. These vulnerabilities stem from the getdiagnostics tool, which loads and...