CVE-2026-0756

github-kanban-mcp-server execAsync Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of github-kanban-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw...

CVE-2026-0756

The CVE-2026-0756 issue affects github-kanban-mcp-server and stems from improper validation of the create_issue input before it is used in a system call, allowing an attacker to execute arbitrary code with the service account privileges, with no authentication required. References indicate this i...

Oracle Linux 8 : transfig (ELSA-2026-0756)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2026-0756 advisory. 1:3.2.6a-5 - Detect nan in spline control values - Fix for CVE-2025-46397 Tenable has extracted the preceding description block directly from the Oracle Linux...

CVE-2026-0756

creationtimestamp| type| source ---|---|--- 2026-01-09 05:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-26-022/ 2026-01-23 08:28:44+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3md3bszcr7a2n 2026-01-23 10:12:39+00:00| seen|...

CVE-2022-0756

Missing Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5...

CVE-2003-0756

Directory traversal vulnerability in sitebuilder.cgi in SiteBuilder 1.4 allows remote attackers to read arbitrary files via .. dot dot sequences in the selectedpage parameter...

CVE-2025-0756

Overview The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control. CWE-99 Description Hitachi Vantara Pentaho Data Integration & Analytics...

CVE-2025-0756

Overview The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control. CWE-99 Description Hitachi Vantara Pentaho Data Integration &...

CVE-2025-0756

creationtimestamp| type| source ---|---|--- 2025-04-16 22:57:42+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/12163 2025-04-17 00:48:20+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114350548547803347 2025-04-17 02:06:36+00:00| seen| https://t.me/cvedetector/23199...

CVE-2025-0756 Hitachi Vantara Pentaho Data Integration & Analytics - Improper Control of Resource Identifiers ('Resource Injection')

Overview The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control. CWE-99 Description Hitachi Vantara Pentaho Data Integration &...

CVE-2025-0756 Hitachi Vantara Pentaho Data Integration & Analytics - Improper Control of Resource Identifiers ('Resource Injection')

Overview The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control. CWE-99 Description Hitachi Vantara Pentaho Data Integration &...

CVE-2025-0756

Hitachi Vantara Pentaho Data Integration & Analytics versions prior to 10.2.0.2 (including 9.3.x and 8.3.x) do not restrict JNDI identifiers when creating platform data sources, enabling untrusted input to be used as resource identifiers. This can lead to access to, or modification of, sensitive ...

CVE-2024-0756

The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 lacks validation of URLs when adding iframes, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page...

CVE-2024-0756

The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 lacks validation of URLs when adding iframes, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page...

CVE-2024-0756

CVE-2024-0756 concerns the WordPress plugin Insert or Embed Articulate Content into WordPress, affected through v4.3000000023. The issue stems from insufficient URL validation when adding iframes, enabling an attacker to inject an iframe and load arbitrary content from any page. Public references...

CVE-2024-0756 Insert or Embed Articulate Content into WordPress <= 4.3000000023 - Iframe Injection

The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 lacks validation of URLs when adding iframes, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page...

CVE-2024-0756 Insert or Embed Articulate Content into WordPress <= 4.3000000023 - Iframe Injection

The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 lacks validation of URLs when adding iframes, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page...

Important: Red Hat Security Advisory: runc security update

An update for runc is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

CVE-2023-0756

creationtimestamp| type| source ---|---|--- 2023-05-04 02:36:39+00:00| seen| https://t.me/cibsecurity/63271...

CVE-2023-0756

An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The main branch of a repository with a specially crafted name allows an attacker to create repositories with malicious cod...