362 matches found
EulerOS Virtualization 2.13.0 : avahi (EulerOS-SA-2026-2394)
According to the versions of the avahi packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. Prior to version 0.9-rc...
CVE-2026-8940 WP Meta Sort Posts <= 0.9 - Cross-Site Request Forgery to Plugin Settings Update
The WP Meta Sort Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9. This is due to missing or incorrect nonce validation on the top-level included script in msp-options.php. This makes it possible for unauthenticated attackers to chan...
org.apache.fluss:fluss-dist (=0.8.0-incubating), org.apache.fluss:fluss-docgen (=0.9.0-incubating) +21 more potentially affected by CVE-2026-49361 via org.apache.fluss:fluss-common (>=0.8.0-incubating <=0.9.0-incubating)
org.apache.fluss:fluss-common MAVEN version =0.8.0-incubating, =0.8.0-incubating, =0.8.0-incubating, =0.8.0-incubating, =0.8.0-incubating, =0.8.0-incubating, =0.8.0-incubating, =0.8.0-incubating, =0.8.0-incubating, =0.8.0-incubating, =0.8.0-incubating, =0.8.0-incubating, =0.8.0-incubating,...
Astra Linux – Vulnerability in unoconv
The unoconv package before version 0.9 mishandles untrusted pathnames, resulting in SSRF and local file inclusions...
CVE-2026-44555 Open WebUI: Base Model Routing Bypasses Access Control via Model Chaining
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, Open WebUI supports model composition via basemodelid: a user-defined model e.g., "Cheap Assistant" can reference an existing base model e.g., "gpt-4-turbo-restricted" that provides...
GHSA-4V58-8P28-2RQ3 awslabs/tough is Missing Delegated Metadata Validation
Summary Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users with delegated signing authority to bypass TUF specification integrity checks for delegated targets metadata and poison the local...
CVE-2026-7508 Bootstrap CMS Page Creation show.blade.php code injection
A vulnerability was found in Bootstrap CMS 0.9.0-alpha. Affected is an unknown function of the file resources/views/pages/show.blade.php of the component Page Creation Handler. Performing a manipulation of the argument body results in code injection. Remote exploitation of the attack is possible...
tomcat: security constraint bypass with HTTP/0.9
A flaw was found in Tomcat. An improper input validation vulnerability allows an attacker to bypass security constraints. Specifically, if a security constraint is configured to permit HEAD requests to a URI but deny GET requests, a malformed or specification invalid HEAD request using the HTTP/0...
OESA-2026-1986 avahi security update
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. This enables you to plug your laptop or computer into a network and instantly be able to view other people who you can chat with, find printers to print to or find files being shared...
OESA-2026-1854 avahi security update
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. This enables you to plug your laptop or computer into a network and instantly be able to view other people who you can chat with, find printers to print to or find files being shared...
Linux Distros Unpatched Vulnerability : CVE-2026-34933
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. Prior to version 0.9-rc4, any unprivileged local us...
CVE-2026-34933
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. Prior to version 0.9-rc4, any unprivileged local user can crash avahi-daemon by sending a single D-Bus method call with conflicting publish flags. This issue has been patched in version...
CVE-2026-34933 Avahi: Reachable assertion in `transport_flags_from_domain()` via conflicting publish flags crashes avahi-daemon
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. Prior to version 0.9-rc4, any unprivileged local user can crash avahi-daemon by sending a single D-Bus method call with conflicting publish flags. This issue has been patched in version...
CVE-2026-34933 Avahi: Reachable assertion in `transport_flags_from_domain()` via conflicting publish flags crashes avahi-daemon
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. Prior to version 0.9-rc4, any unprivileged local user can crash avahi-daemon by sending a single D-Bus method call with conflicting publish flags. This issue has been patched in version...
EUVD-2026-18910
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. Prior to version 0.9-rc4, any unprivileged local user can crash avahi-daemon by sending a single D-Bus method call with conflicting publish flags. This issue has been patched in version...
PT-2026-30270
Name of the Vulnerable Software and Affected Versions Avahi versions prior to 0.9-rc4 Description Avahi, a system for local network service discovery using mDNS/DNS-SD, is susceptible to a denial-of-service condition. An unprivileged local user can terminate the avahi-daemon process by sending a...
CLEANSTART-2026-FN44356 Security fixes for CVE-2022-29526, CVE-2025-47907, CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-68121, CVE-2026-24515, CVE-2026-25210, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142 applied in versions: 0.10-r0, 0.11-r0, 0.9-r0, 0.9-r1, 0.9-r2
Multiple security vulnerabilities affect the druid-exporter-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
OESA-2026-1651 tomcat security update
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Security Fixes: Improper Input Validation...
SUSE-SU-2026:0932-1 Security update for tomcat
This update for tomcat fixes the following issues: Update to Tomcat 9.0.115: - CVE-2025-66614: client certificate verification bypass due to virtual host mapping bsc1258371. - CVE-2026-24733: improper input validation on HTTP/0.9 requests bsc1258385. - CVE-2026-24734: certificate revocation bypas...
SUSE-SU-2026:0922-1 Security update for tomcat
This update for tomcat fixes the following issues: - CVE-2026-24733: improper input validation on HTTP/0.9 requests bsc1258385...