25 matches found
OPENSUSE-SU-2026:21231-1 Security update for python-pydata-sphinx-theme
This update for python-pydata-sphinx-theme fixes the following issues: Changes in python-pydata-sphinx-theme: - CVE-2026-13676: fast-uri: failure to canonicalize Unicode/IDN hostnames for HTTP-family URLs allows for bypass bsc1269597 revendor the vendored tarball with updated versions...
SUSE CVE-2026-13676
fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...
CVE-2026-13676
creationtimestamp| type| source ---|---|--- 2026-06-29 13:33:30+00:00| seen| https://bsky.app/profile/ulisesgascon.com/post/3mpgm2jo5sk2k 2026-06-29 16:05:22+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpguk3mdpl2d 2026-07-10 16:44:21+00:00| seen|...
EUVD-2021-13676
Malware in sbrugna...
CVE-2024-13676 Categorized Gallery Plugin <= 2.0 - Authenticated (Contributor+) SQL Injection
The Categorized Gallery Plugin plugin for WordPress is vulnerable to SQL Injection via the 'field' attribute of the 'imagegallery' shortcode in all versions up to, and including, 2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
CVE-2024-13676
CVE-2024-13676 affects the WordPress plugin Categorized Gallery Plugin (
CVE-2024-13676 Categorized Gallery Plugin <= 2.0 - Authenticated (Contributor+) SQL Injection
The Categorized Gallery Plugin plugin for WordPress is vulnerable to SQL Injection via the 'field' attribute of the 'imagegallery' shortcode in all versions up to, and including, 2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
CVE-2019-13676
creationtimestamp| type| source ---|---|--- 2024-02-27 09:46:10+00:00| seen| https://t.me/ctinow/194150...
CVE-2020-13676
The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data. Sites are only affected if the QuickEdit module which comes with the Standard profile is installed...
CVE-2020-13676
The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data. Sites are only affected if the QuickEdit module which comes with the Standard profile is installed...
CVE-2020-13676
The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data. Sites are only affected if the QuickEdit module which comes with the Standard profile is installed...
CVE-2020-13676
CVE-2020-13676 involves the Drupal QuickEdit module (Standard profile) failing to properly enforce access to fields, potentially leading to unintended disclosure of field data. The issue affects sites where QuickEdit is installed; the vulerability description indicates a partial confidentiality i...
CVE-2021-31511
This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
Design/Logic Flaw
This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
CVE-2021-31511
OpenText Brava! Desktop (Build 16.6.4.55) is affected. The vulnerability lies in PDF parsing where insufficient validation allows a write past the end of an allocated buffer, enabling remote code execution. Exploitation requires user interaction (visit a malicious page or open a malicious file). ...
CVE-2019-13676
Insufficient policy enforcement in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page...
DEBIAN-CVE-2019-13676
Insufficient policy enforcement in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page...
CVE-2019-13676
Insufficient policy enforcement in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page...
CVE-2019-13676
CVE-2019-13676 affects Chromium/Google Chrome and is described as an error in a certificate warning, contributing to domain spoofing scenarios. Public sources in the connected docs tie this to the Chromium/Chrome 78 updates that fixed this issue (e.g., CVEs tracked in Fedora/Debian advisories). T...
Fedora 31 : chromium (2019-9a5e81214f)
Chromium update to 77.0.3865.120. For the upstream announcement see https://chromereleases.googleblog.com/2019/10/stable-channel-update-fo r-desktop.html. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has...