Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Server-Side Request Forgery in LangChain [CVE-2026-26013]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Server-Side Request Forgery in LangChain, due to a faulty method that fetches arbitrary imageurl values without validation when computing token counts for vision-enabled models. CVE-2026-26013. LangChain is used in our speech runtime...

CVE-2026-29191

Technical details about CVE-2026-29191 are not publicly available in the provided documents. Based on the initial description, no affected products, versions, root cause, or remediation are specified beyond the patch version 4.12.0. Monitor for updates.

ZITADEL 跨站脚本漏洞

ZITADEL is an open-source identity and access management platform developed by ZITADEL in Switzerland. Versions of ZITADEL from 4.0.0 to 4.11.1 have a cross-site scripting vulnerability. This vulnerability stems from a default URI redirection issue in the login V2 interface, which may lead to...

WordPress Conditional CAPTCHA plugin <= 4.0.0 - Open Redirect vulnerability

Open Redirect vulnerability discovered by Bob Matyas in WordPress Plugin Conditional CAPTCHA versions = 4.0.0...

org.apache.syncope.client.am:syncope-client-am-console (>=4.0.0 <=4.0.3), org.apache.syncope.client.idm:syncope-client-idm-console (>=4.0.0 <=4.0.3) +4 more potentially affected by CVE-2026-23795 via org.apache.syncope.client.idrepo:syncope-client-idrepo-console (>=4.0.0 <=4.0.3)

org.apache.syncope.client.idrepo:syncope-client-idrepo-console MAVEN version =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.3 Source cves: CVE-2026-23795 Source advisory: OSV:GHSA-73F3-RQQF-2J54...

PT-2026-6183

Name of the Vulnerable Software and Affected Versions Apache Syncope versions 3.0 through 3.0.15 Apache Syncope versions 4.0 through 4.0.3 Description A reflected cross-site scripting XSS issue exists in the Enduser Login page of Apache Syncope. An attacker could potentially steal user credential...

CVE-2025-67495 ZITADEL Vulnerable to Account Takeover via DOM-Based XSS in Zitadel V2 Login

ZITADEL is an open-source identity infrastructure tool. Versions 4.0.0-rc.1 through 4.7.0 are vulnerable to DOM-Based XSS through the Zitadel V2 logout endpoint. The /logout endpoint insecurely routes to a value that is supplied in the postlogoutredirect GET parameter. As a result, unauthenticate...

JLSEC-2025-261 Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dir...

Null source pointer passed as an argument to memcpy function within TIFFReadDirectory in tifdirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c...

CVE-2025-60632

An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the NpcfBDTPolicyControl API...

free5GC 安全漏洞

free5GC is an open source project for 5th Generation 5G mobile core networks open sourced by free5GC. A security vulnerability exists in free5GC versions 4.0.0 and 4.0.1, which stems from the NnssfNSSAIAvailability API mishandling of ad-hoc POST requests, which could lead to a denial of service...

FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_unknown_tlv function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.

...

CVE-2025-61104

FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the showvtyunknowntlv function at ospfext.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted OSPF packet...

CVE-2025-61105

FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the showvtylinkinfo function at ospfext.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted OSPF packet...

CVE-2025-61102

FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the showvtyextlinkadjsid function at ospfext.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted OSPF packet...

CVE-2022-44354

SolarView Compact 4.0 and 5.0 is vulnerable to Unrestricted File Upload via a crafted php file...

Wazuh Unsafe Deserialization / Remote Code Execution

Wazuh versions starting at 4.4.0 and before 4.9.1 suffer from an unsafe deserialization vulnerability that allows for remote code execution...

WordPress Bubble Menu Plugin <= 4.0.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Khang Duong in WordPress Plugin Bubble Menu – circle floating menu versions = 4.0.2...

PT-2024-32950 · Unknown · Featured Posts With Multiple Custom Groups

Name of the Vulnerable Software and Affected Versions: Featured Posts with Multiple Custom Groups FPMCG versions n/a through 4.0 Description: This issue is related to an Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. It allows for Reflected XS...

PT-2024-32949 · Unknown · Featured Posts With Multiple Custom Groups

Name of the Vulnerable Software and Affected Versions: Featured Posts with Multiple Custom Groups FPMCG versions n/a through 4.0 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Cross Site Request Forgery. Recommendations: For versions n/a through 4.0, update ...

WordPress Include Fussball.de Widgets plugin <= 4.0.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin Include Fussball.de Widgets versions = 4.0.0...