RHSA-2026:2490 Red Hat Security Advisory: kernel security update

Bulletin has no description...

CVE-2026-25947 Worklenz Boolean-Based Blind SQL Injection via Improper ORDER BY Clause Input Validation

Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilities were discovered in backend SQL query construction affecting project and task management controllers, reporting and financial data endpoints, real-time socket.io handlers, and resource allocatio...

CVE-2026-25749

Vim is an open source, command line text editor. Prior to version 9.1.2132, a heap buffer overflow vulnerability exists in Vim's tag file resolution logic when processing the 'helpfile' option. The vulnerability is located in the gettagfname function in src/tag.c. When processing help file tags,...

CVE-2026-25644

DataHub is an open-source metadata platform. Prior to version 1.3.1.8, the LDAP ingestion source is vulnerable to MITM attack through TLS downgrade. This issue has been patched in version 1.3.1.8...

CVE-2025-15337

CVE-2025-15337 involves an incorrect default permissions issue in Tanium Patch. The connected data identifies the affected product as Tanium Patch, with the root cause described as default-permissions misconfiguration. The CVSS 3.1 base metrics indicate a MEDIUM overall severity (AV:N/AC:L/PR:H/U...

CVE-2025-62615 AutoGPT has SSRF vulnerability in ReadRSSFeedBlock

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in RSSFeedBlock, the third-party library urllib.request.urlopen is used directly to access the URL, but the inpu...

EUVD-2026-5318

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a stack-buffer-overflow vulnerability in CIccTagFloatNum::GetValues. This is triggered when processing a malformed ICC...

EVE: SSH as Root Unlockable Without Triggering Measured Boot

Impact On boot, the Pillar container checks for /config/authorizedkeys. If present with a valid public key, it enables SSH on port 22 with root login. The /config partition is not protected by measured boot, is mutable and unencrypted. This enables an attacker with physical access to the device t...

CVE-2026-25512 Group-Office is vulnerable to RCE due to Command Injection via TNEF Attachment Handler

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, there is a remote code execution RCE vulnerability in Group-Office. The endpoint email/message/tnefAttachmentFromTempFile directly concatenates the user-controlled...

CVE-2026-25481

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.59.32, there is a bypass to the fix for CVE-2025-46724. TableChatAgent can call pandaseval tool to evaluate the expression. There is a WAF in langroid/utils/pandasutils.py introduced to block code...

CVE-2026-22044

GLPI is a free asset and IT management software package. From version 0.85 to before 10.0.23, an authenticated user can perform a SQL injection. This issue has been patched in version 10.0.23...

EUVD-2026-5421

n8n is an open source workflow automation platform. Prior to versions 1.123.17 and 2.5.2, an authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n. This issue h...

CVE-2026-25509 CI4MS Vulnerable to User Email Enumeration via Password Reset Flow

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, the authentication implementation in CI4MS is vulnerable to email enumeration. An unauthenticated attacker can determine whether...

CVE-2026-25509

CI4MS is a CodeIgniter 4–based CMS skeleton. A vulnerability in the authentication flow allows unauthenticated attackers to enumerate registered emails via password-reset responses, by differentiating between existing vs non-existing emails. The issue is documented across multiple feeds (NVD, Red...

Qwik SSR XSS via Unsafe Virtual Node Serialization

Summary Description A Cross-site Scripting CWE-79 vulnerability in Qwik.js' server-side rendering virtual attribute serialization allows a remote attacker to inject arbitrary web scripts into server-rendered pages via virtual attributes. Successful exploitation permits script execution in a...

UBUNTU-CVE-2026-25238

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in bug subscription deletion may allow attackers to inject SQL via a crafted email value. This issue has been patched in version 1.33.0...

CVE-2026-25503

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, type confusion allowed malformed ICC profiles to trigger undefined behavior when loading invalid icImageEncodingType values causin...

CVE-2026-25237 PEAR is Vulnerable to PHP Code Execution via preg_replace /e in Bug Update Emails

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, use of pregreplace with the /e modifier in bug update email handling can enable PHP code execution if attacker-controlled content reaches the evaluated replacement. This issue has been patched in...

CVE-2026-25490

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator’s browser. This occurs because the 'Address Line 1' field in...

EUVD-2026-5208

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, there is a Stored XSS via Product Type names. The name is not sanitized when displayed in user permissions settings. The vulnerable input source is in Commerce Product Type setting...