CVE-2026-27570

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the onebox method in the SharedAiConversation model renders the conversation title directly into HTML without proper sanitization. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 conta...

XML External Entity (XXE) Injection

Overview org.apache.sis.core:sis-metadata is an Implementations of metadata derived from ISO 19115. This module provides both an implementation of the metadata interfaces defined in GeoAPI, and a framework for handling those metadata through Java reflection. Affected versions of this package are...

SUSE CVE-2025-24032

PAM-PKCS11 is a Linux-PAM login module that allows a X.509 certificate based user login. Prior to version 0.6.13, if certpolicy is set to none the default value, then pampkcs11 will only check if the user is capable of logging into the token. An attacker may create a different token with the user...

Enterprise Search 8.11.2 / 7.17.16 Security Update (ESA-2023-31)

Enterprise Search Insertion of Sensitive Information into Log File ESA-2023-31 An issue was discovered by Elastic whereby the Documents API of App Search logged the raw contents of indexed documents at INFO log level. Depending on the contents of such documents, this could lead to the insertion o...