@burger-editor/blocks (>=4.0.0-alpha.1 <=4.0.0-alpha.7), @burger-editor/client (>=4.0.0-alpha.1 <=4.0.0-alpha.7) +4 more potentially affected by unknown CVE via trix (>=2.0.10 <=2.1.15)

trix NPM version =2.0.10, =4.0.0-alpha.1, =4.0.0-alpha.1, =4.0.0-alpha.1, =4.0.0-alpha.5, =4.0.0-alpha.1, =1.0.1, =1.0.3 Source cves: unknown CVE Source advisory: SNYK:JS-TRIX-15813061...

CVE-2026-31801

zot is ancontainer image/artifact registry based on the Open Container Initiative Distribution Specification. From 1.3.0 to 2.1.14, zot’s dist-spec authorization middleware infers the required action for PUT /v2/name/manifests/reference as create by default, and only switches to update when the t...

SUSE CVE-2026-31801

zot is ancontainer image/artifact registry based on the Open Container Initiative Distribution Specification. From 1.3.0 to 2.1.14, zot's dist-spec authorization middleware infers the required action for PUT /v2/name/manifests/reference as create by default, and only switches to update when the t...

EUVD-2026-10890

zot’s create-only policy allows overwrite attempts of existing latest tag update permission not required...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the DistSpecAuthzHandler process. An attacker can overwrite an existing latest tag without the required update permission by exploiting the authorization logic that incorrectly treats overwrite attempts as...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the DistSpecAuthzHandler process. An attacker can overwrite an existing latest tag without the required update permission by exploiting the authorization logic that incorrectly treats overwrite attempts as...

CVE-2026-31801

zot is ancontainer image/artifact registry based on the Open Container Initiative Distribution Specification. From 1.3.0 to 2.1.14, zot’s dist-spec authorization middleware infers the required action for PUT /v2/name/manifests/reference as create by default, and only switches to update when the t...

CVE-2026-31801 zot create-only policy allows overwrite attempts of existing latest tag (update permission not required)

zot is ancontainer image/artifact registry based on the Open Container Initiative Distribution Specification. From 1.3.0 to 2.1.14, zot’s dist-spec authorization middleware infers the required action for PUT /v2/name/manifests/reference as create by default, and only switches to update when the t...

CVE-2026-31801 zot create-only policy allows overwrite attempts of existing latest tag (update permission not required)

zot is ancontainer image/artifact registry based on the Open Container Initiative Distribution Specification. From 1.3.0 to 2.1.14, zot’s dist-spec authorization middleware infers the required action for PUT /v2/name/manifests/reference as create by default, and only switches to update when the t...

CVE-2026-31801

Summary : CVE-2026-31801 affects zot, an OCI distribution registry, where the dist-spec authorization middleware misclassifies PUT /v2/{name}/manifests/{reference} as create and only switches to update when the tag exists and reference != "latest". As a result, a user allowed to create (but not u...

PT-2026-24461

Name of the Vulnerable Software and Affected Versions zot versions 1.3.0 through 2.1.14 Description zot is a container image/artifact registry based on the Open Container Initiative Distribution Specification. The dist-spec authorization middleware incorrectly infers the required action for PUT...

MiracleLinux 7 : mailman-2.1.15-26.el7.1 (AXSA:2018-2615:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2018-2615:01 advisory. mailman: Cross-site scripting XSS vulnerability in web UI CVE-2018-5950 Tenable has extracted the preceding description block directly from the MiracleLinux...

CVE-2025-14574

The weDocs plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.15 via the /wp-json/wp/v2/docs/settings REST API endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including third party services API ke...

WordPress weDocs plugin <= 2.1.15 - Unauthenticated Sensitive Information Exposure vulnerability

Unauthenticated Sensitive Information Exposure vulnerability discovered by DityaRA in WordPress Plugin weDocs versions = 2.1.15...

WordPress IDonate - Blood Donation, Request And Donor Management System plugin <= 2.1.15 - Missing Authorization to Unauthenticated Arbitrary Post Deletion vulnerability

WordPress IDonate - Blood Donation, Request And Donor Management System plugin = 2.1.15 - Missing Authorization to Unauthenticated Arbitrary Post Deletion vulnerability discovered by Varakorn Chanthasri iCreaM in WordPress Plugin IDonate versions = 2.1.14...

CVE-2025-36437

CVE-2025-36437 affects IBM Planning Analytics Local (IBM Planning Analytics Workspace) versions 2.1.0–2.1.15. The vulnerability allows disclosure of sensitive information about server architecture (CWE-209: Generation of Error Message Containing Sensitive Information), with CVSS v3.1 base score 4...

CVE-2025-67583

Missing Authorization vulnerability in ThemeAtelier IDonate idonate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IDonate: from n/a through = 2.1.15...

CVE-2025-67583

Missing Authorization vulnerability in Foysal Imran IDonate idonate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IDonate: from n/a through = 2.1.15...

Security Bulletin: IBM Planning Analytics Local is vulnerable to disclosing sensitive information (CVE-2025-36437)

Summary A sensitive information disclosure vulnerability was addressed in the File manager component of IBM Planning Analytics Local - IBM Planning Analytics Workspace 2.1.16. Vulnerability Details CVEID:CVE-2025-36437 DESCRIPTION: IBM Planning Analytics Local could disclose sensitive information...

PT-2025-49957

Name of the Vulnerable Software and Affected Versions IDonate versions through 2.1.15 Description A missing authorization issue exists in ThemeAtelier IDonate, allowing exploitation of incorrectly configured access control security levels. Recommendations Update IDonate to a version greater than...