strongSwan 4.5.0 < 6.0.5 EAP-TTLS AVP Parsing Integer Underflow

...

PT-2026-28115

IBM Concert 1.0.0 through 2.2.0 could allow a privileged user to perform unauthorized actions due to improper restriction of channel communication to intended endpoints...

PT-2026-28093

IBM Concert 1.0.0 through 2.2.0 contains hard-coded credentials that could be obtained by a local user...

IBM Concert 信任管理问题漏洞

IBM Concert is an enterprise-class collaboration and project management software from IBM. A security vulnerability exists in IBM Concert versions 1.0.0 through 2.2.0 that stems from fixed authentication information embedded in the software. An attacker could exploit the vulnerability to obtain...

PT-2026-27999

Name of the Vulnerable Software and Affected Versions codepeople Contact Form Email versions n/a through 1.3.63 Description An authorization issue exists in codepeople Contact Form Email. The issue involves exploiting incorrectly configured access control security levels. Recommendations Update t...

Security Bulletin: IBM InfoSphere Information Server is vulnerable due to disclosure of sensitive information (CVE-2025-14808)

Summary A sensitive information disclosure vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-14808 DESCRIPTION: InfoSphere Information Server could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to...

CVE-2026-33334 Vikunja Desktop: Any frontend XSS escalates to Remote Code Execution due to nodeIntegration

Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper enables nodeIntegration in the renderer process without contextIsolation or sandbox. This means any cross-site scripting XSS vulnerability in...

ddsapi (>=0.6.0b5 <=0.7.1), gandharva (=0.0.1) +9 more potentially affected by CVE-2026-33310 via intake (>=2.0.0a2 <=2.0.8)

intake PYPI version =2.0.0a2, =0.6.0b5, =0.2.7, =0.2.4, =0.6.2, =0.0.1, =0.6.4, =0.18.0, =0.19.10 Source cves: CVE-2026-33310 Source advisory: SNYK:PYTHON-INTAKE-15763544...

CVE-2026-32642

Incorrect Authorization CWE-863 vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscription on an address that doesn't exist with an authenticated user which has the "createDurableQueue"...

com.mayhoo:config-server (=3.0.2), com.okta.spring.examples:okta-spring-boot-cloud-config-example (>=3.0.3 <=3.0.8) +9 more potentially affected by CVE-2026-22739 via org.springframework.cloud:spring-cloud-config-server (>=4.0.0 <=4.1.7)

org.springframework.cloud:spring-cloud-config-server MAVEN version =4.0.0, =3.0.3, =0.5, =0.0.1, =1.2.1-rc1, =7.0.0, =7.0.0, =4.0.0, =3.0.0, =3.1.6 Source cves: CVE-2026-22739 Source advisory: OSV:GHSA-3QWQ-Q9VM-5J42...

WordPress plugin User Registration & Membership 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Astro 输入验证错误漏洞

Astro is a content-driven website framework developed by Astro OpenSource. Versions of Astro from 2.10.10 to 5.18.1 had a vulnerability related to input validation errors. This vulnerability stemmed from defects in the path matching logic of remotePatterns, which could allow access to paths that...

Vikunja 安全漏洞

Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja from 0.18.0 to 2.2.1 had security vulnerabilities. These vulnerabilities stemmed from insufficient validation of user status during certain authentication processes, allowing users who were already...

Vikunja 资源管理错误漏洞

Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja from 1.0.0-rc0 to 2.2.0 contained a resource management vulnerability. This vulnerability stemmed from unlimited image decoding and resizing during preview generation, which could lead to CPU and memo...

CVE-2026-27131

The CVE concerns the Sprig Plugin for Craft CMS. Versions 2.0.0 up to, but not including, 2.15.2 and 3.15.2 expose a risk where admin users or those with Sprig Playground access could reveal the security key, credentials, and other sensitive configuration data, and could also run the hashData() s...

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @kontaa/subgraph (>=1.0.1 <=1.2.3) +27 more potentially affected by CVE-2026-33508 via parse-server (>=2.0.8 <=7.5.4)

parse-server NPM version =2.0.8, =1.0.5, =1.0.1, =1.2.1, =2.4.46, =2.4.8, =1.0.0, =1.0.0, =1.0.1, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.29 - parse-cli-server2 =0.0.30 and more Source cves: CVE-2026-33508 Source advisory: OSV:GHSA-6QH5-M6G3-XHQ6...

CVE-2026-33179 libfuse: NULL Pointer Dereference and Memory Leak in io_uring Queue Initialization

libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a NULL pointer dereference and memory leak in fuseuringinitqueue allows a local user to crash the FUSE daemon or cause resource exhaustion. When numaalloclocal fails during iouring queue entry...

IMAPServer (=0.1.0), OpenDataSH_twitter_notifier (>=0.1.0 <=0.1.2) +1861 more potentially affected by unknown CVE via tokio-uds (>=0.1.5 <=0.3.0-alpha.1)

tokio-uds CARGO version =0.1.5, =0.1.0, =0.2.0, =0.5.3, =0.2.1, =0.1.0, =0.4.0, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.3.0, =0.1.0, =0.7.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0050...

CVE-2026-33036

fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Versions 4.0.0-beta.3 through 5.5.5 contain a bypass vulnerability where numeric character references &NNN;, &xHH; and standard XML entities completely evade the entity expansion limits e.g.,...

CVE-2026-33012 Micronaut Framework vulnerable to a Denial of Service in HTML error response caching

Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. Versions 4.7.0 through 4.10.16 used an unbounded ConcurrentHashMap cache with no eviction policy in its DefaultHtmlErrorResponseBodyProvider. If the application throws an...