CVE-2026-39341

ChurchCRM is an open-source church management system. Prior to 7.1.0, the application is vulnerable to time-based SQL injection due to an improper input validation. Endpoint Reports/ConfirmReportEmail.php?familyId= is not correctly sanitising user input, specifically, the sanitised input is not...

PT-2026-28788

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. From version 2.14.2 to before version 2.17.0 for parameters "before" and "after" and from version 2.1.0-beta to before version 2.17.0 for parameters "section id" and "user id", the /api/v2?cmd=get home stats endpoint...

CVE-2026-33410

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have two authorization issues in the chat direct message API. First, when creating a direct message channel or adding users to an existing one, the targetgroups parameter was passed direct...

UBUNTU-CVE-2026-1090

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user, when the markdownplaceholders feature flag was enabled, to inject JavaScript in a browser due to improper...

CVE-2025-68705 RustFS Path Traversal Vulnerability

RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 to 1.0.0-alpha.78, RustFS contains a path traversal vulnerability in the /rustfs/rpc/readfilestream endpoint. This issue has been patched in version 1.0.0-alpha.79...

CVE-2025-64183 OpenEXR has use after free in PyObject_StealAttrString

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.2.0 through 3.2.4, 3.3.0 through 3.3.5, and 3.4.0 through 3.4.2, there is a use-after-free in PyObjectStealAttrString of pyOpenEXRold.cpp...

SUSE CVE-2024-40896

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...

PT-2023-22197 · Contao · Contao

Name of the Vulnerable Software and Affected Versions: Contao versions prior to 4.9.40 Contao versions prior to 4.13.21 Contao versions prior to 5.1.4 Description: Contao is an open source content management system. Prior to versions 4.9.40, 4.13.21, and 5.1.4, logged in users can list arbitrary...

mezzanine (>=3.0.0 <=3.0.4) potentially affected by CVE-2016-9910 via html5lib (=0.95.0)

html5lib PYPI version =0.95.0 is affected by a known vulnerability. The following packages have a transitive dependency on html5lib and may be impacted: - mezzanine =3.0.0, =3.0.4 Source cves: CVE-2016-9910 Source advisory: OSV:GHSA-8F6M-GFQ9-G33V...

OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit...

ate (>=1.0.0 <=1.3.0), ate-auth (>=1.7.0 <=1.9.0) +8 more potentially affected by CVE-2020-36451 via rcu_cell (>=0.1.12 <=1.2.1)

rcucell CARGO version =0.1.12, =1.0.0, =1.7.0, =1.0.0, =1.6.0, =1.8.0, =1.0.0, =0.2.0, =0.1.0, =1.0.0, =1.3.0 Source cves: CVE-2020-36451 Source advisory: OSV:RUSTSEC-2020-0131...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2017-1731)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions including Maximo for Energy Optimization, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life...

Haxx libcurl man-in-the-middle attack vulnerability (CNVD-2018-07226)

Haxx libcurl is a free , open source client-side URL transport library from the Swedish company Haxx. The library supports FTP, FTPS, TFTP, HTTP and so on. A security vulnerability exists in the 'verifycertificate' function in the lib/vtls/schannel.c file in Haxx libcurl versions 7.30.0 through...

SimpleSAMLphp Incorrect Authentication Vulnerability

SimpleSAMLphp is a set of PHP authentication applications that implement the SAML 2.0 service provider and identity provider functionality . A security vulnerability exists in SimpleSAMLphp versions 1.7.0 through 1.14.10. An attacker can exploit the vulnerability to obtain sensitive information a...

F5 Networks BIG-IP : PHP vulnerability (K17127)

The GetCode function in gdgifin.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service buffer over-read and application crash via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function...