GHSA-F7PM-6HR8-7GGM vulnerabilities

Vulnerabilities for packages: nextcloud-server...

CVE-2026-28399

creationtimestamp| type| source ---|---|--- 2026-03-03 19:19:53+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mg6ifbejac2s...

GHSA-F7WW-2725-QVW2

creationtimestamp| type| source ---|---|--- 2026-03-03 03:40:09+00:00| seen| https://gist.github.com/alon710/bffd66867d7e1347878d807d5c4dde51...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses netty-codec-http-4.2.5.Final.jar which is vulnerable to CVE-2025-67735.

Summary IBM Maximo Application Suite - Monitor Component uses netty-codec-http-4.2.5.Final.jar which is vulnerable to CVE-2025-67735. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-67735 DESCRIPTION: Netty is an asynchronous, event-driven...

GHSA-JJPJ-P2WH-QF23

creationtimestamp| type| source ---|---|--- 2026-02-26 07:40:19+00:00| seen| https://gist.github.com/alon710/1352ed038e89cecf857a70857225ae46 2026-02-26 18:09:12+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/n8n-security-advisory-av26-176 2026-03-03 12:53:52+00:00| seen|...

GHSA-RWJ8-P9VQ-25GV

creationtimestamp| type| source ---|---|--- 2026-02-18 19:40:40+00:00| seen| https://gist.github.com/alon710/1e6afb3840077f77e3f5cee7a373c3eb...

GHSA-H89V-J3X9-8WQJ

creationtimestamp| type| source ---|---|--- 2026-02-18 07:10:30+00:00| seen| https://gist.github.com/alon710/e76a508d42a933b6e0e4ae7a1f22b0f7...

CVE-2026-1226

CWE‑94: Improper Control of Generation of Code vulnerability exists that could cause execution of untrusted or unintended code within the application when maliciously crafted design content is processed through a TGML graphics file...

UBUNTU-CVE-2025-14560

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized actions on behalf of another user by injecting malicious conten...

CVE-2025-14560

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized actions on behalf of another user by injecting malicious conten...

CVE-2026-24925

Heap-based buffer overflow vulnerability in the image module. Impact: Successful exploitation of this vulnerability may affect availability...

GHSA-QXX2-7H4C-83F4 vulnerabilities

Vulnerabilities for packages: wolfictl, cg...

GHSA-6RV6-R2F2-GQRC vulnerabilities

Vulnerabilities for packages: python...

GHSA-WP53-J4WJ-2CFG vulnerabilities

Vulnerabilities for packages: semgrep, airflow, open-webui, reflex...

EUVD-2026-4572

The WP-ClanWars plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

EUVD-2026-4228

A vulnerability in the PHP backend of gemsloyalty.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when specially crafted HTTP GET/POST requests are sent to publ...

EUVD-2026-2920

Active Job - Object injection security vulnerability...

EUVD-2026-2457

TinyOS versions up to and including 2.1.2 contain a global buffer overflow vulnerability in the printfUART formatted output implementation used within the ZigBee / IEEE 802.15.4 networking stack. The implementation formats output into a fixed-size global buffer and concatenates strings for %s...

EUVD-2026-2466

In the Linux kernel, the following vulnerability has been resolved: mm/pagealloc: change all pageblocks migrate type on coalescing When a page is freed it coalesces with a buddy into a higher order page while possible. When the buddy page migrate type differs, it is expected to be updated to matc...

EUVD-2026-2058

Authenticated arbitrary file write vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor to create or modify arbitrary files and execute arbitrary...