RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2.4, RabbitMQ’s MQTT plugin allows for topic-level authorization using regular expressions with variable substitution. Administrators can create patterns such as ^{client_id}-sensors$ to restrict...
An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/core/class/commonobject.class.php. More information : https://bryamzxz.github.io/2026/05/25/dol_eval-five-years/
Tauri is a framework for building binaries for all major desktop platforms. From 2.0 to 2.11.0, a flaw in Tauri’s is_local_url() function causes it to incorrectly classify remote URLs as trusted local origins on...
Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid...
Craft CMS 5.9.5 and earlier contains a Missing Authorization vulnerability in the migrate endpoint (/actions/app/migrate). More information : https://github.com/0xrixet/cms-security-poc
An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/core/actions_addupdatedelete.inc.php More information : https://bryamzxz.github.io/2026/05/25/dol_eval-five-years/
An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/cron/class/cronjob.class.php, call_user_func_array() in function job type More information : https://bryamzxz.github.io/2026/05/25/dol_eval-five-years/
A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the delete.php endpoint of Jason2605 AdminPanel 4.0. More information : https://github.com/Mehdi-Ben-Hamou/CVE-2026-30498
IBM Business Automation Workflow containers and traditional may leak information about its database structure in error messages. More information : https://www.ibm.com/support/pages/node/7271445
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a table and placing malicious code inside a column identifier. If a superuser calls the k-anonymity function, the malicious...
A flaw was found in Keycloak. An authenticated user with low privileges can exploit this vulnerability by sending an oversized subject_token JSON Web Token (JWT) to the TokenEndpoint. When the token exceeds a 4000-character...
IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential...
IBM Guardium Data Protection 12.2.1, and 12.2.2 ‘s add-on feature of Guardium Data Protection named “Long Term Retention” (LTR) can expose sensitive credentials in debug mode. More information : https://www.ibm.com/support/pages/node/7273657
IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential...