5-ifc-check-cli (=1.0.0), 7ghost (>=4.11.2 <=4.11.46) +4171 more potentially affected by CVE-2026-33036 via fast-xml-parser (>=4.0.0-beta.7 <=4.5.4)

fast-xml-parser NPM version =4.0.0-beta.7, =4.11.2, =0.1.1, =0.0.2, =1.0.1, =1.0.0, =0.0.1, =1.0.0, =0.0.1, =0.0.1, =0.0.3 and more Source cves: CVE-2026-33036 Source advisory: OSV:GHSA-8GC5-J5RX-235R...

@activepieces/piece-amazon-s3 (>=0.5.4 <=0.5.8), @activepieces/piece-amazon-ses (>=0.0.1 <=0.1.3) +1168 more potentially affected by CVE-2026-33036 via fast-xml-parser (>=5.0.1 <=5.5.5)

fast-xml-parser NPM version =5.0.1, =0.5.4, =0.0.1, =0.5.3, =0.2.1, =13.1.4, =1.0.0, =1.9.12, =1.0.3, =1.1.31, =1.0.0, =1.7.16, =2.33.6, =3.13.0 and more Source cves: CVE-2026-33036 Source advisory: OSV:GHSA-8GC5-J5RX-235R...

CVE-2026-25769 Wazuh Cluster vulnerable to Remote Code Execution via Insecure Deserialization

Wazuh is a free and open source platform used for threat prevention, detection, and response. Versions 4.0.0 through 4.14.2 have a Remote Code Execution RCE vulnerability due to Deserialization of Untrusted Data. All Wazuh deployments using cluster mode master/worker architecture and any...

Security Bulletin: IBM InfoSphere Information Server is vulnerable due to sensitive information written to a log file (CVE-2026-1265)

Summary A vulnerability due to sensitive information written to a log file in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2026-1265 DESCRIPTION: IBM InfoSphere Information Server is vulnerable to writing of sensitive Information in a log file. CWE:CWE-532:...

0lever-utils (>=0.0.2 <=0.0.7), a2grunnerp (>=0.1.0 <=0.1.8) +756 more potentially affected by CVE-2026-30922 via pyasn1 (>=0.1.7 <=0.6.2)

pyasn1 PYPI version =0.1.7, =0.0.2, =0.1.0, =0.4.0, =0.4.0, =0.1.1, =0.0.5, =0.4.0, =0.0.2, =0.87.2.dev9, =0.30.1, =0.1.0.dev19, =1.3.0, =0.1.0, =0.1.3 and more Source cves: CVE-2026-30922 Source advisory: SNYK:PYTHON-PYASN1-15674561...

airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plugin (=1.5.0) +28 more potentially affected by CVE-2026-28779 via apache-airflow (>=3.0.0 <=3.1.7)

apache-airflow PYPI version =3.0.0, =0.7.0, =0.6.1, =1.10.7, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0, =1.6.0, =1.5.3, =1.25.0, =3.12.0, =0.0.4, =2.0.2, =2.3.0rc1 and more Source cves: CVE-2026-28779 Source advisory: OSV:GHSA-4FHM-P86V-HWPX...

airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plugin (=1.5.0) +28 more potentially affected by CVE-2026-28779 via apache-airflow (>=3.0.0 <=3.1.7)

apache-airflow PYPI version =3.0.0, =0.7.0, =0.6.1, =1.10.7, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0, =1.6.0, =1.5.3, =1.25.0, =3.12.0, =0.0.4, =2.0.2, =2.3.0rc1 and more Source cves: CVE-2026-28779 Source advisory: OSV:PYSEC-2026-16...

PYSEC-2026-16

Apache Airflow versions 3.1.0 through 3.1.7 session token token in cookies is set to path=/ regardless of the configured webserver baseurl or api baseurl. This allows any application co-hosted under the same domain to capture valid Airflow session tokens from HTTP request headers, allowing full...

pyOpenSSL 安全漏洞

pyOpenSSL is an open-source Python library that encapsulates OpenSSL from the Python Cryptographic Authority project. Versions of pyOpenSSL from 0.14.0 to 26.0.0 contained security vulnerabilities. These vulnerabilities stemmed from unhandled exceptions in the settlsextservername Callback functio...

Wazuh 缓冲区错误漏洞

Wazuh is an open-source application developed by Wazuh. It is used for collecting, summarizing, indexing, and analyzing security data, helping organizations detect intrusions, threats, and abnormal behaviors. Versions of Wazuh from 3.9.0 to 4.14.3 contained a buffer error vulnerability. This...

PT-2026-35967

Name of the Vulnerable Software and Affected Versions Wazuh versions 4.4.0 through 4.14.3 Description A path traversal issue exists in the cluster synchronization extraction routine, specifically within the decompress files function. This allows an authenticated cluster peer to write arbitrary...

PT-2026-25959

Name of the Vulnerable Software and Affected Versions GLPI versions 11.0.0 through 11.0.5 Description GLPI is an Asset and IT management software package. A malicious actor with knowledge of a user's credentials can bypass Multi-Factor Authentication MFA and compromise the account. The issue...

CVE-2026-4270 AWS API MCP File Access Restriction Bypass

Improper Protection of Alternate Path exists in the no-access and workdir feature of the AWS API MCP Server versions = 0.2.14 and 1.3.9 on all platforms may allow the bypass of intended file access restriction and expose arbitrary local file contents in the MCP client application context. To...

CVE-2025-13460

IBM Aspera Console 3.3.0 through 3.4.8 could allow an attacker to enumerate usernames due to an observable response discrepancy...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2026-1556)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

joomla-exploits

joomla-exploits Exploit Title: Joomla! 4.2.8 - Unauthen...

CVE-2026-32702

Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. From 2.7.0 to 2.8.0, the /api/auth/login endpoint contains a logic flaw that allows unauthenticated remote attackers to enumerate valid usernames by...

CVE-2026-32445

Missing Authorization vulnerability in Elementor Elementor Website Builder elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Website Builder: from n/a through = 3.35.5...

CVE-2025-13212 IBM Aspera Console Denial of Service

IBM Aspera Console 3.3.0 through 3.4.8 could allow an authenticated user to cause a denial of service in the email service due to improper control of interaction frequency...

CVE-2025-13212 IBM Aspera Console Denial of Service

IBM Aspera Console 3.3.0 through 3.4.8 could allow an authenticated user to cause a denial of service in the email service due to improper control of interaction frequency...