11418 matches found
CVE-2026-22734 - UAA SAML 2.0 Signature Bypass | Cloud Foundry
Severity 8.8 / High CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:N 8.6 / HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Vendor CloudFoundry Foundation Description Cloud Foundry UAA versions v77.21.0 through v78.8.0 are vulnerable to a bypass that allows an attacker to obtain a...
Security Bulletin: IBM WebSphere Application Server Liberty is affected by server-side request forgery (CVE-2026-1561)
Summary IBM WebSphere Application Server Liberty is affected by server-side request forgery with the samlWeb-2.0 feature enabled. Vulnerability Details CVEID:CVE-2026-1561 DESCRIPTION: IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery SSRF. This may allow remot...
Security Bulletin:IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a vulnerability that could provide weaker than expected security (CVE-2025-14917)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a vulnerability that could provide weaker than expected security when administering security settings with the appSecurity-1.0, appSecurity-2.0, appSecurity-3.0, appSecurity-4.0 or...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a server-side request forgery vulnerability (CVE-2026-1561)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a server-side request forgery vulnerability with the samlWeb-2.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes secti...
@tinacms/app (>=0.0.0-0a1049d-20260309051347 <=2.4.0), @tinacms/cli (>=0.0.0-0a1049d-20260309051347 <=2.2.0) +4 more potentially affected by CVE-2026-34603 via @tinacms/graphql (>=2.0.0 <=2.2.1)
@tinacms/graphql NPM version =2.0.0, =0.0.0-0a1049d-20260309051347, =0.0.0-0a1049d-20260309051347, =2.0.0, =0.0.0-0b7103c-20251216023146, =0.0.0-0a1049d-20260309051347, =0.0.0-0a1049d-20260309051347, =3.7.0 Source cves: CVE-2026-34603 Source advisory: SNYK:JS-TINACMSGRAPHQL-15870346...
CBL Mariner 2.0 Security Update: CBL-Mariner Releases (CVE-2026-33343)
The version of CBL-Mariner Releases installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-33343 advisory. - etcd is a distributed key-value store for the data of a distributed system. Prior to versions...
CBL Mariner 2.0 Security Update: CBL-Mariner Releases (CVE-2026-33413)
The version of CBL-Mariner Releases installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-33413 advisory. - etcd is a distributed key-value store for the data of a distributed system. Prior to versions...
CBL Mariner 2.0 Security Update: CBL-Mariner Releases (CVE-2025-69720)
The version of CBL-Mariner Releases installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-69720 advisory. - The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow...
CVE-2024-44722
SysAK v2.0 and before is vulnerable to command execution via aaa;cat /etc/passwd...
CVE-2026-2496 Ed's Font Awesome <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The Ed's Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's edsfontawesome shortcode in all versions up to, and including, 2.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
appscanstandard-integration:ibm-security-appscanstandard-scanner (>=1.0 <=2.8), au.com.versent.jenkins.plugins:ignore-committer-strategy (>=55.v51410e712e0c <=57.v0756db_b_f6926) +668 more potentially affected by CVE-2026-33001 via org.jenkins-ci.main:jenkins-core (>=2.0 <=2.554)
org.jenkins-ci.main:jenkins-core MAVEN version =2.0, =1.0, =55.v51410e712e0c, =4.1.0.506.v619d63bec9d8, =66.v12c841920f7d, =109.v2c51a117a7b4, =1.155.v3d884c1bdee1, =1.281.v331e3f5a05a9, =4050.v8ba69b587c39, =4050.v8ba69b587c39, =1.0.5, =2.0.0, =2.0, =1.0.2, =1.0.0, =1.0.6 and more Source...
EulerOS 2.0 SP11 : haproxy (EulerOS-SA-2026-1580)
According to the versions of the haproxy package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON...
EulerOS 2.0 SP12 : util-linux (EulerOS-SA-2026-1383)
According to the versions of the util-linux packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the...
EulerOS 2.0 SP12 : net-snmp (EulerOS-SA-2026-1375)
According to the versions of the net-snmp packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : net-snmp is a SNMP application library, tools and daemon. Prior to versions 5.9.5 and 5.10.pre2, a specially crafted packet to an net-snmp...
EulerOS 2.0 SP10 : libtasn1 (EulerOS-SA-2026-1343)
According to the versions of the libtasn1 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in...
EulerOS 2.0 SP10 : python-urllib3 (EulerOS-SA-2026-1322)
According to the versions of the python-urllib3 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by...
EulerOS 2.0 SP12 : python-ldap (EulerOS-SA-2026-1377)
According to the versions of the python-ldap packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method...
EulerOS 2.0 SP10 : libarchive (EulerOS-SA-2026-1340)
According to the versions of the libarchive package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libarchive bsdtar before version 3.8.1 in function applysubstitution in file tar/subst.c when processing crafted -s...
EulerOS 2.0 SP10 : rsync (EulerOS-SA-2026-1349)
According to the versions of the rsync package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array...
EulerOS 2.0 SP11 : ruby (EulerOS-SA-2026-1593)
According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : URI is a module providing classes to handle Uniform Resource Identifiers. In versions prior to 0.12.5, 0.13.3, and 1.0.4, a bypass exists for the fi...