PT-2026-38899

These are all security issues fixed in the libexif-devel-0.6.26-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-7709

A vulnerability was identified in janeczku Calibre-Web up to 0.6.26. The impacted element is the function generateauthtoken of the file cps/koboauth.py of the component Endpoint. Such manipulation of the argument userid leads to improper authorization. The attack may be launched remotely. The...

Calibre-Web 安全漏洞

Calibre-Web is a web application developed by Jan B, designed for browsing, reading, and downloading e-books from the Calibre database. Calibre-Web versions 0.6.26 and earlier contain security vulnerabilities. These vulnerabilities stem from the generateauthtoken function in the Endpoint...

[SECURITY] Fedora 42 Update: libexif-0.6.26-1.fc42

Most digital cameras produce EXIF files, which are JPEG files with extra tags that contain information about the image. The EXIF library allows you to parse an EXIF file and read the data from those tags...

Fedora 43 : libexif (2026-78adb25141)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-78adb25141 advisory. Update to 0.6.26, fixing several CVEs https://github.com/libexif/libexif/releases/tag/v0.6.26 Tenable has extracted the preceding description block...

Slackware Linux 15.0 / current libexif Multiple Vulnerabilities (SSA:2026-104-01)

The version of libexif installed on the remote host is prior to 0.6.26. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2026-104-01 advisory. New libexif packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted the...

CVE-2023-38350

PNP4Nagios through 81ebfc5 has stored XSS in the AJAX controller via the basket API and filters. This affects 0.6.26...

CVE-2023-0270

The YaMaps for WordPress Plugin WordPress plugin before 0.6.26 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

CVE-2023-38349

PNP4Nagios through 81ebfc5 lacks CSRF protection in the AJAX controller. This affects 0.6.26...

CVE-2023-38350

PNP4Nagios through 81ebfc5 has stored XSS in the AJAX controller via the basket API and filters. This affects 0.6.26...

CVE-2023-38350

PNP4Nagios through 81ebfc5 has stored XSS in the AJAX controller via the basket API and filters. This affects 0.6.26...

CVE-2023-38349

PNP4Nagios through 81ebfc5 lacks CSRF protection in the AJAX controller. This affects 0.6.26...

CVE-2023-38350

PNP4Nagios through 81ebfc5 has stored XSS in the AJAX controller via the basket API and filters. This affects 0.6.26...

CVE-2023-38349

PNP4Nagios through 81ebfc5 lacks CSRF protection in the AJAX controller. This affects 0.6.26...

CVE-2023-38350

PNP4Nagios through 81ebfc5 has stored XSS in the AJAX controller via the basket API and filters. This affects 0.6.26...

Cross site request forgery (csrf)

PNP4Nagios through 81ebfc5 lacks CSRF protection in the AJAX controller. This affects 0.6.26...

PNP4Nagios 跨站请求伪造漏洞

PNP4Nagios is a plugin for the PNP4Nagios project. A cross-site request forgery vulnerability exists in PNP4Nagios version 0.6.26 and earlier, which stems from a lack of CSRF protection in the AJAX controller...

PNP4Nagios 跨站脚本漏洞

PNP4Nagios is a plugin for the PNP4Nagios project. A security vulnerability exists in PNP4Nagios version 0.6.26 that stems from stored cross-site scripting in the basket API and filters in the AJAX controller...

CVE-2023-38350

PNP4Nagios through 81ebfc5 has stored XSS in the AJAX controller via the basket API and filters. This affects 0.6.26...

CVE-2023-38349

PNP4Nagios through 81ebfc5 lacks CSRF protection in the AJAX controller. This affects 0.6.26...