CVE-2026-3260 vulnerabilities

Vulnerabilities for packages: wildfly...

CVE-2026-3260 vulnerabilities

Vulnerabilities for packages: wildfly...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the Undertow web server library

Summary Due to use of the Undertow web server library, DevOps Test Performance and Rational Performance Tester contain a potential Denial of Service DoS vulnerability. Vulnerability Details CVEID:CVE-2026-3260 DESCRIPTION: A flaw was found in Undertow. A remote attacker could exploit this...

CVE-2026-3260

creationtimestamp| type| source ---|---|--- 2026-03-25 03:00:14+00:00| seen| https://access.redhat.com/security/cve/CVE-2026-3260...

africa.absa:inception-application (>=1.0.0 <=1.2.0), app.fmgp:scala-did-docs_3 (>=0.1.0-M16 <=0.1.0-M33) +4528 more potentially affected by CVE-2026-3260 via io.undertow:undertow-core (>=1.0.0.Alpha1 <=2.4.0.Alpha1)

io.undertow:undertow-core MAVEN version =1.0.0.Alpha1, =1.0.0, =0.1.0-M16, =0.5.0, =0.10.0, =0.0.1, =1.0.0, =1.0.6, =1.0.6, =1.0.6, =2.0.1, =1.0.6, =1.0.6, =2.1.1 and more Source cves: CVE-2026-3260 Source advisory: OSV:GHSA-3X3V-W654-M28M...

africa.absa:inception-application (>=1.0.0 <=1.2.0), app.fmgp:scala-did-docs_3 (>=0.1.0-M16 <=0.1.0-M33) +3536 more potentially affected by CVE-2026-3260 via io.undertow:undertow-core (>=2.0.0.Alpha1 <=2.4.0.Alpha1)

io.undertow:undertow-core MAVEN version =2.0.0.Alpha1, =1.0.0, =0.1.0-M16, =0.5.0, =0.10.0, =0.0.1, =1.0.0, =1.0.6, =1.0.6, =1.0.6, =2.0.1, =1.0.6, =1.0.6, =2.1.1 and more Source cves: CVE-2026-3260 Source advisory: SNYK:JAVA-IOUNDERTOW-15809269...

DEBIAN-CVE-2026-3260

A flaw was found in Undertow. A remote attacker could exploit this vulnerability by sending an HTTP GET request containing multipart/form-data content. If the underlying application processes parameters using methods like getParameterMap, the server prematurely parses and stores this content to...

CVE-2026-2564

A security flaw has been discovered in Intelbras VIP 3260 Z IA 2.840.00IB005.0.T. Affected by this vulnerability is an unknown functionality of the file /OutsideCmd. The manipulation results in weak password recovery. It is possible to launch the attack remotely. Attacks of this nature are highly...

CVE-2026-2564

A security flaw has been discovered in Intelbras VIP 3260 Z IA 2.840.00IB005.0.T. Affected by this vulnerability is an unknown functionality of the file /OutsideCmd. The manipulation results in weak password recovery. It is possible to launch the attack remotely. Attacks of this nature are highly...

CVE-2026-2564 Intelbras VIP 3260 Z IA OutsideCmd password recovery

A security flaw has been discovered in Intelbras VIP 3260 Z IA 2.840.00IB005.0.T. Affected by this vulnerability is an unknown functionality of the file /OutsideCmd. The manipulation results in weak password recovery. It is possible to launch the attack remotely. Attacks of this nature are highly...

CVE-2026-2564

The CVE-2026-2564 entry affects Intelbras VIP 3260 Z IA (2.840.00IB005.0.T). The vulnerability concerns an unknown functionality in the /OutsideCmd file, enabling weak password recovery and permitting remote exploitation. Exploitation is described across sources as remote, with high complexity an...

Intelbras VIP 3260 Z IA 授权问题漏洞

The Intelbras VIP 3260 Z IA is an IP surveillance camera produced by the Brazilian company Intelbras. Version 2.840.00IB005.0.T of the Intelbras VIP 3260 Z IA has an authorization issue vulnerability. This vulnerability stems from incorrect handling of files/OutsideCmd, which may lead to the...

PT-2026-8305

Name of the Vulnerable Software and Affected Versions Intelbras VIP 3260 Z IA version 2.840.00IB005.0.T Description A security flaw exists in Intelbras VIP 3260 Z IA, impacting an unknown functionality within the /OutsideCmd file. This flaw allows for weak password recovery and remote attack...

CVE-2017-3260 vulnerabilities

Vulnerabilities for packages: openjdk-17-openj9, openjdk-11-openj9, openjdk-26-openj9, openjdk-21-openj9, openjdk-25-openj9, openjdk-8-openj9...

RockyLinux 8 : kernel (RLSA-2025:3260)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:3260 advisory. kernel: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array CVE-2025-21785 Tenable has extracted the preceding description block directly from the...

Grafana Labs < 11.6.1+security-01 Authorization Bypass (CVE-2025-3260)

The version of Grafana Labs installed on the remote host is affected by a vulnerability as referenced in the CVE-2025-3260 advisory. Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could...

CVE-2025-3260

A security vulnerability in the /apis/dashboard.grafana.app/ endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions v0alpha1, v1alpha1, v2alpha1. Impact: - Viewers can view all dashboards/folders regardless of permissions -...

CVE-2025-3260

A security vulnerability in the /apis/dashboard.grafana.app/ endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions v0alpha1, v1alpha1, v2alpha1. Impact: - Viewers can view all dashboards/folders regardless of permissions -...

CVE-2010-3260

oxf/xml/xerces/XercesSAXParserFactoryImpl.java in the xforms-server component in the XForms service in Orbeon Forms before 3.9 does not properly restrict DTDs in Ajax requests, which allows remote attackers to read arbitrary files or send HTTP requests to intranet servers via an entity declaratio...

CVE-2025-3260

A flaw was found in Grafana. This vulnerability allows users with Viewer or Editor roles to access or modify dashboards without proper permissions. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria...