π¨ CVE-2025-66319
Permission control vulnerability in the resource scheduling module. Impact: Successful exploitation of this vulnerability may affect service integrity.
π@cveNotify
Permission control vulnerability in the resource scheduling module. Impact: Successful exploitation of this vulnerability may affect service integrity.
π@cveNotify
π¨ CVE-2026-1321
The Membership Plugin β Restrict Content plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.2.20. This is due to the `rcp_setup_registration_init()` function accepting any membership level ID via the `rcp_level` POST parameter without validating that the level is active or that payment is required. Combined with the `add_user_role()` method which assigns the WordPress role configured on the membership level without status checks, this makes it possible for unauthenticated attackers to register with any membership level, including inactive levels that grant privileged WordPress roles such as Administrator, or paid levels that charge a sign-up fee. The vulnerability was partially patched in version 3.2.18.
π@cveNotify
The Membership Plugin β Restrict Content plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.2.20. This is due to the `rcp_setup_registration_init()` function accepting any membership level ID via the `rcp_level` POST parameter without validating that the level is active or that payment is required. Combined with the `add_user_role()` method which assigns the WordPress role configured on the membership level without status checks, this makes it possible for unauthenticated attackers to register with any membership level, including inactive levels that grant privileged WordPress roles such as Administrator, or paid levels that charge a sign-up fee. The vulnerability was partially patched in version 3.2.18.
π@cveNotify
π¨ CVE-2026-21786
HCL Sametime for iOS is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URLs.
π@cveNotify
HCL Sametime for iOS is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URLs.
π@cveNotify
Hcl-Software
Security Bulletin: HCL Sametime for iOS is affected by sensitive information disclosure - Customer Support
A sensitive information disclosure is addressed in HCL Sametime for iOS 12.0.26. It is recommended to
π¨ CVE-2026-28537
Double free vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect availability.
π@cveNotify
Double free vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect availability.
π@cveNotify
π¨ CVE-2026-28538
Path traversal vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect availability.
π@cveNotify
Path traversal vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect availability.
π@cveNotify
π¨ CVE-2026-28539
Data processing vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
π@cveNotify
Data processing vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
π@cveNotify
π¨ CVE-2026-24924
Vulnerability of improper permission control in the print module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
π@cveNotify
Vulnerability of improper permission control in the print module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
π@cveNotify
π¨ CVE-2026-28542
Permission bypass vulnerability in the system service framework. Impact: Successful exploitation of this vulnerability may affect availability.
π@cveNotify
Permission bypass vulnerability in the system service framework. Impact: Successful exploitation of this vulnerability may affect availability.
π@cveNotify
π¨ CVE-2026-28546
Buffer overflow vulnerability in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability.
π@cveNotify
Buffer overflow vulnerability in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability.
π@cveNotify
π¨ CVE-2026-28547
Vulnerability of uninitialized pointer access in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability.
π@cveNotify
Vulnerability of uninitialized pointer access in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability.
π@cveNotify
π¨ CVE-2026-28548
Vulnerability of improper verification in the email application. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
π@cveNotify
Vulnerability of improper verification in the email application. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
π@cveNotify
π¨ CVE-2026-28549
Race condition vulnerability in the permission management service. Impact: Successful exploitation of this vulnerability may affect availability.
π@cveNotify
Race condition vulnerability in the permission management service. Impact: Successful exploitation of this vulnerability may affect availability.
π@cveNotify
π¨ CVE-2025-11143
The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently from one that generates a response. At the very least, differential parsing may divulge implementation details.
π@cveNotify
The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently from one that generates a response. At the very least, differential parsing may divulge implementation details.
π@cveNotify
GitHub
Different parsing of invalid URIs
The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIS. Specifically:
#### Invalid Scheme
| URI | Jetty | uri-js (nodejs) | node-url(nodej...
#### Invalid Scheme
| URI | Jetty | uri-js (nodejs) | node-url(nodej...
π¨ CVE-2026-1605
In Eclipse Jetty, versions 12.0.0-12.0.31 and 12.1.0-12.0.5, class GzipHandler exposes a vulnerability when a compressed HTTP request, with Content-Encoding: gzip, is processed and the corresponding response is not compressed.
This happens because the JDK Inflater is allocated for decompressing the request, but it is not released because the release mechanism is tied to the compressed response.
In this case, since the response is not compressed, the release mechanism does not trigger, causing the leak.
π@cveNotify
In Eclipse Jetty, versions 12.0.0-12.0.31 and 12.1.0-12.0.5, class GzipHandler exposes a vulnerability when a compressed HTTP request, with Content-Encoding: gzip, is processed and the corresponding response is not compressed.
This happens because the JDK Inflater is allocated for decompressing the request, but it is not released because the release mechanism is tied to the compressed response.
In this case, since the response is not compressed, the release mechanism does not trigger, causing the leak.
π@cveNotify
GitHub
Gzip request memory leak
### Description (as reported)
There is a memory leak when using `GzipHandler` in jetty-12.0.30 that can cause off-heap OOMs.
This can be used for DoS attacks so I'm reporting this as a vuln...
There is a memory leak when using `GzipHandler` in jetty-12.0.30 that can cause off-heap OOMs.
This can be used for DoS attacks so I'm reporting this as a vuln...
π¨ CVE-2026-21628
A improperly secured file management feature allows uploads of dangerous data types for unauthenticated users, leading to remote code execution.
π@cveNotify
A improperly secured file management feature allows uploads of dangerous data types for unauthenticated users, leading to remote code execution.
π@cveNotify
Astroid
Astroid Framework | Best Free Joomla Template Framework
Powerful framework for designers and developers to create responsive, fast & robust Joomla based websites and templates.
π¨ CVE-2026-28697
Craft is a content management system (CMS). Prior to 4.17.0-beta.1 and 5.9.0-beta.1, an authenticated administrator can achieve Remote Code Execution (RCE) by injecting a Server-Side Template Injection (SSTI) payload into Twig template fields (e.g., Email Templates). By calling the craft.app.fs.write() method, an attacker can write a malicious PHP script to a web-accessible directory and subsequently access it via the browser to execute arbitrary system commands. This vulnerability is fixed in 4.17.0-beta.1 and 5.9.0-beta.1.
π@cveNotify
Craft is a content management system (CMS). Prior to 4.17.0-beta.1 and 5.9.0-beta.1, an authenticated administrator can achieve Remote Code Execution (RCE) by injecting a Server-Side Template Injection (SSTI) payload into Twig template fields (e.g., Email Templates). By calling the craft.app.fs.write() method, an attacker can write a malicious PHP script to a web-accessible directory and subsequently access it via the browser to execute arbitrary system commands. This vulnerability is fixed in 4.17.0-beta.1 and 5.9.0-beta.1.
π@cveNotify
GitHub
AllowedInSandbox attribute Β· craftcms/cms@9dc2a4a
Build bespoke content experiences with Craft. Contribute to craftcms/cms development by creating an account on GitHub.
π¨ CVE-2026-28784
Craft is a content management system (CMS). Prior to 5.8.22 and 4.16.18, it is possible to craft a malicious payload using the Twig map filter in text fields that accept Twig input under Settings in the Craft control panel or using the System Messages utility, which could lead to a RCE. For this to work, you must have administrator access to the Craft Control Panel, and allowAdminChanges must be enabled for this to work, which is against our recommendations for any non-dev environment. Alternatively, you can have a non-administrator account with allowAdminChanges disabled, but you have access to the System Messages utility. Users should update to the patched versions (5.8.22 and 4.16.18) to mitigate the issue.
π@cveNotify
Craft is a content management system (CMS). Prior to 5.8.22 and 4.16.18, it is possible to craft a malicious payload using the Twig map filter in text fields that accept Twig input under Settings in the Craft control panel or using the System Messages utility, which could lead to a RCE. For this to work, you must have administrator access to the Craft Control Panel, and allowAdminChanges must be enabled for this to work, which is against our recommendations for any non-dev environment. Alternatively, you can have a non-administrator account with allowAdminChanges disabled, but you have access to the System Messages utility. Users should update to the patched versions (5.8.22 and 4.16.18) to mitigate the issue.
π@cveNotify
Craft CMS
Securing Craft | Craft CMS
There are several steps you can take to strengthen the security of your Craft install.Do not enable Dev Mode in a production environmentDev Mode isβ¦
π¨ CVE-2026-29069
Craft is a content management system (CMS). Prior to 5.9.0-beta.2 and 4.17.0-beta.2, the actionSendActivationEmail() endpoint is accessible to unauthenticated users and does not require a permission check for pending users. An attacker with no prior access can trigger activation emails for any pending user account by knowing or guessing the user ID. If the attacker controls the target userβs email address, they can activate the account and gain access to the system. This vulnerability is fixed in 5.9.0-beta.2 and 4.17.0-beta.2.
π@cveNotify
Craft is a content management system (CMS). Prior to 5.9.0-beta.2 and 4.17.0-beta.2, the actionSendActivationEmail() endpoint is accessible to unauthenticated users and does not require a permission check for pending users. An attacker with no prior access can trigger activation emails for any pending user account by knowing or guessing the user ID. If the attacker controls the target userβs email address, they can activate the account and gain access to the system. This vulnerability is fixed in 5.9.0-beta.2 and 4.17.0-beta.2.
π@cveNotify
GitHub
Harden UsersController actions Β· craftcms/cms@c3d02d4
Build bespoke content experiences with Craft. Contribute to craftcms/cms development by creating an account on GitHub.
π¨ CVE-2026-3236
In affected versions of Octopus Server it was possible to create a new API key from an existing access token resulting in the new API key having a lifetime exceeding the original API key used to mint the access token.
π@cveNotify
In affected versions of Octopus Server it was possible to create a new API key from an existing access token resulting in the new API key having a lifetime exceeding the original API key used to mint the access token.
π@cveNotify
Octopus
Security Advisory 2026-02
2026-02 - Access Token can be used to create new API key with extended lifetime
π¨ CVE-2025-5987
A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.
π@cveNotify
A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.
π@cveNotify
π¨ CVE-2025-13601
A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.
π@cveNotify
A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.
π@cveNotify