CVE-2026-48210

An improper default configuration in OTRS 2026.3.1 causes ticket article forwarding actions to enforce the “Is visible for customer” flag by default and prevent users from disabling it via the UI. This leads to unintended exposure of internal ticket information to the External Frontend This issue...

PT-2026-38551

Name of the Vulnerable Software and Affected Versions FreeScout versions prior to 1.8.214 Description The backend conversation change customer action fails to properly validate the customer email variable. While the Change Customer modal filters out-of-scope customers via the mailbox-filtered...

EUVD-2025-209697

HCL BigFix Service Management SM had directories that were not linked or publicly visible but could be accessed directly. This could allow an increased risk of information disclosure or misuse of sensitive functionality...

CVE-2025-31982

HCL BigFix Service Management SM had directories that were not linked or publicly visible but could be accessed directly. This could allow an increased risk of information disclosure or misuse of sensitive functionality...

Astra Linux - уязвимость в firefox

When a network error occurred during page loading, the previous content could remain visible, accompanied by a blank URL bar. This could be used to disguise a spoofed website. This vulnerability affects Firefox versions earlier than 126...

Astra Linux - уязвимость в zabbix

A Zabbix administrator can inject arbitrary SQL code during the automatic removal of hosts by inserting malicious SQL statements into the 'Visible name' field...

WordPress plugin Otter Blocks 授权问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

CVE-2026-35369

An argument parsing error in the kill utility of uutils coreutils incorrectly interprets kill -1 as a request to send the default signal SIGTERM to PID -1. Sending a signal to PID -1 causes the kernel to terminate all processes visible to the caller, potentially leading to a system crash or massi...

EUVD-2026-24184

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, a low-privileged agent can edit a visible customer and add an email address already owned by a hidden customer in another mailbox. The server discloses the hidden customer’s name and profile URL in the success...

PT-2026-34024

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, a low-privileged agent can edit a visible customer and add an email address already owned by a hidden customer in another mailbox. The server discloses the hidden customer’s name and profile URL in the success...

Zabbix 6.0.x < 6.0.34 / 6.4.x < 6.4.19 / 7.0.x < 7.0.4 SQLi (ZBX-26986)

The version of Zabbix Server installed on the remote host is prior to 6.0.34, 6.4.19, 7.0.4. It is, therefore, affected by a SQL injection vulnerability : - A Zabbix administrator can inject arbitrary SQL during the autoremoval of hosts by inserting malicious SQL in the 'Visible name' field...

GHSA-MW7W-G3MG-XQM7 OpenClaw: BlueBubbles Group Reactions Bypass requireMention and Still Enqueue Agent-Visible System Events

Summary BlueBubbles Group Reactions Bypass requireMention and Still Enqueue Agent-Visible System Events Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details...

OpenClaw: BlueBubbles Group Reactions Bypass requireMention and Still Enqueue Agent-Visible System Events

Summary BlueBubbles Group Reactions Bypass requireMention and Still Enqueue Agent-Visible System Events Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details...

PT-2026-27493

solidtime is an open-source time-tracking app. Prior to version 0.11.6, the project detail endpoint GET /api/v1/organizations/org/projects/project allows any authenticated Employee to access any project in the organization by UUID, including private projects they are not a member of. The index...

CVE-2026-20122

creationtimestamp| type| source ---|---|--- 2026-02-25 16:34:22+00:00| seen| https://vulnerability.circl.lu/bundle/b24f0b20-207c-4881-af91-eb1d15b224ba 2026-02-25 17:00:08+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mfp5rtagrx26 2026-02-25 17:29:05+00:00| seen|...

wechat-monitor-poc

WeChat Message Monitoring PoC Project Project Description...

Your VMDR Year in Review: Making Security Progress Visible and Actionable

Security Teams Rarely Stop to Reflect When a security program is working well, very little seems to happen. That is by design. There is no alert for the incident that was prevented. No visibility into the attack path that was quietly closed. No recognition for the vulnerability that was fixed...

CVE-2020-12407

Mozilla Developer Nicolas Silva found that when using WebRender, Firefox would under certain conditions leak arbitrary GPU memory to the visible screen. The leaked memory content was visible to the user, but not observable from web content. This vulnerability affects Firefox 77...

Unsound APIs of public `constant::Reader` and `StructSchema`

The safe API functions constant::Reader::get and StructSchema::new rely on PointerReader::getrootunchecked, which can cause undefined behavior UB by constructing arbitrary words or schemas. Reader::get rust pub fn get&self - Result::Reader // ... // UNSAFE: access words without validation...

UBUNTU-CVE-2025-40355

In the Linux kernel, the following vulnerability has been resolved: sysfs: check visibility before changing group attribute ownership Since commit 0c17270f9b92 "net: sysfs: Implement isvisible for physportid, portname, switchid", devchangenetnamespace can hit WARNON when trying to change owner of...