CVE-2026-48877 WordPress GenerateBlocks plugin <= 2.1.0 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Tom GenerateBlocks allows Retrieve Embedded Sensitive Data. This issue affects GenerateBlocks: from n/a through 2.1.0...

WordPress plugin GenerateBlocks 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

CVE-2026-43827

CVE-2026-43827 affects Apache Shiro. In affected versions (1.0–2.1.0 and 3.0.0-alpha-1), an existing session is not invalidated nor a new session with a new ID issued after login, enabling session fixation. Upgraded fixes are available in 2.1.1 and 3.0.0-alpha-2 or later; apply the patch to mitig...

PT-2026-43118

Name of the Vulnerable Software and Affected Versions Apache Shiro versions 1.0 through 2.1.0 Apache Shiro version 3.0.0-alpha-1 Description Default configurations contain a session fixation issue. In the affected versions, when a session already exists, it is not invalidated upon successful logi...

CVE-2026-44063

An LDAP injection vulnerability in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to manipulate LDAP queries and obtain limited information or modify LDAP entries via crafted filter input...

CVE-2026-44074

Netatalk 2.1.0 through 4.4.2 combines multiple errno values using bitwise OR, resulting in incorrect error codes when multiple error conditions occur simultaneously, which may allow a remote attacker to cause a minor service disruption via conditions that trigger incorrect error-handling paths...

CVE-2026-44068

Incomplete sanitization of extended attribute EA path components in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to write to files outside the intended metadata namespace via crafted EA names...

CVE-2026-44067

Summary: CVE-2026-44067 affects Netatalk 2.1.0 through 4.4.2, where an EA (extended attribute) header parsing heap over-read can allow a remote, network-accessible attacker to cause information disclosure or a minor service disruption. The issue is fixed in Netatalk 4.5.0. Affected component/vers...

CVE-2026-44067 EA header parsing heap over-read

A heap over-read in extended attribute EA header parsing in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to obtain limited information or cause a minor service disruption via crafted EA data...

CVE-2026-44063

Netatalk LDAP filter injection vulnerability affects Netatalk 2.1.0–4.4.2. The flaw allows manipulation of LDAP queries (via crafted filter input) that could disclose limited information or modify LDAP entries. Root cause: insecure LDAP filter handling. Impact is limited to affected versions; rem...

CVE-2026-44052

CVE-2026-44052 affects Netatalk versions 2.1.0 through 4.4.2, where ldap simple-bind passwords are exposed in log output. The underlying issue is log exposure of LDAP credentials, enabling an attacker with log access to obtain credentials. The vulnerability is fixed in Netatalk 4.4.3. As per the ...

CVE-2026-44052 LDAP simple-bind password exposure in log output

Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain LDAP credentials...

Netatalk 路径遍历漏洞

Netatalk is an open-source software developed by Netatalk. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 2.1.0 to 4.4.2 of Netatalk contained a path traversal vulnerability. This vulnerability stemmed from incomplete cleanup of...

PT-2026-42419

Name of the Vulnerable Software and Affected Versions Netatalk versions 2.1.0 through 4.4.2 Description An LDAP injection allows a remote authenticated attacker to manipulate LDAP queries. By providing crafted filter input, an attacker can obtain limited information or modify LDAP entries. LDAP...

SUSE CVE-2026-44312

cssparser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle MITM attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with OpenSSL::SSL::VERIFYNONE, meaning...

CVE-2026-44312

cssparser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle MITM attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with OpenSSL::SSL::VERIFYNONE, meaning...

CVE-2026-44312

cssparser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle MITM attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with OpenSSL::SSL::VERIFYNONE, meaning...

CVE-2026-44312 css_parser allows to MITM included https css urls

cssparser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle MITM attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with OpenSSL::SSL::VERIFYNONE, meaning...

Ruby CSS Parser 信任管理问题漏洞

Ruby CSS Parser is an open-source tool developed by premailer, used for loading, parsing, and cascading CSS rule sets. Versions of Ruby CSS Parser prior to 2.1.0 and 1.22.0 had a trust management vulnerability. This vulnerability stemmed from unvalidated HTTPS connections, where connections were...

CVE-2026-42452

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, /users/login issues a temporary JWT temptoken for TOTP-enabled accounts. That token carries a pendingTOTP state and should only be valid for the second-factor flow...