23 matches found
CVE-2026-14794
A flaw has been found in Craft CMS up to 4.18.0.1. Affected by this vulnerability is the function actionGetNewUsersData of the file src/controllers/ChartsController.php of the component Charts Endpoint. This manipulation of the argument userGroupId causes improper authorization. The attack is...
CVE-2026-14793
A vulnerability was detected in Craft CMS up to 4.18.0.1. Affected is the function actionReorderSets of the file src/controllers/GlobalsController.php of the component reorder-sets Endpoint. The manipulation results in authorization bypass. The attack can be executed remotely. Upgrading to versio...
CVE-2026-14794 Craft CMS Charts Endpoint ChartsController.php actionGetNewUsersData improper authorization
A flaw has been found in Craft CMS up to 4.18.0.1. Affected by this vulnerability is the function actionGetNewUsersData of the file src/controllers/ChartsController.php of the component Charts Endpoint. This manipulation of the argument userGroupId causes improper authorization. The attack is...
CVE-2026-14794
A flaw has been found in Craft CMS up to 4.18.0.1. Affected by this vulnerability is the function actionGetNewUsersData of the file src/controllers/ChartsController.php of the component Charts Endpoint. This manipulation of the argument userGroupId causes improper authorization. The attack is...
CVE-2026-14794
Craft CMS vulnerability CVE-2026-14794 affects the Charts Endpoint (ChartsController.php, actionGetNewUsersData). The issue arises from input manipulation of userGroupId causing improper authorization, enabling a remote attack. Affected versions are Craft CMS up to 4.18.0.1; a fix is available in...
EUVD-2026-41804
A vulnerability was detected in Craft CMS up to 4.18.0.1. Affected is the function actionReorderSets of the file src/controllers/GlobalsController.php of the component reorder-sets Endpoint. The manipulation results in authorization bypass. The attack can be executed remotely. Upgrading to versio...
Critical: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.18.1 for Spring Boot release.
Red Hat build of Apache Camel 4.18.1 for Spring Boot patch release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
EUVD-2026-25806
The Camel-Mail component is vulnerable to Camel message header injection. The custom header filter strategy used by the component MailHeaderFilterStrategy only filters the 'out' direction via setOutFilterStartsWith, while it does not configure the 'in' direction via setInFilterStartsWith. As a...
Apache Camel 安全漏洞
Apache Camel is an open-source integration framework based on the Enterprise Integration Pattern EIP, developed by the Apache Foundation in the United States. This framework provides implementations of Java objects following the EIP pattern, and routing and mediation rules are configured through...
Arbitrary Code Injection
Overview lodash is a modern JavaScript utility library delivering modularity, performance, & extras. Affected versions of this package are vulnerable to Arbitrary Code Injection due the improper validation of options.imports key names in .template. An attacker can execute arbitrary code at templa...
Arbitrary Code Injection
Overview lodash-amd is a Lodash exported as AMD modules. Affected versions of this package are vulnerable to Arbitrary Code Injection due the improper validation of options.imports key names in .template. An attacker can execute arbitrary code at template compilation time by injecting malicious...
Arbitrary Code Injection
Overview lodash.template is a The Lodash method .template exported as a Node.js module. Affected versions of this package are vulnerable to Arbitrary Code Injection due the improper validation of options.imports key names in .template. An attacker can execute arbitrary code at template compilatio...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003365)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003365 advisory. arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks...
Improper Validation of Specified Quantity in Input
Overview pocketmine/pocketmine-mp is a highly customisable, open source server software for Minecraft: Bedrock Edition written in PHP Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input via improper validation in the handleNormalTransaction...
CVE-2023-7332
PocketMine-MP versions prior to 4.18.1 contain an improper input validation vulnerability in inventory transaction handling. A remote attacker with a valid player session can request that the server drop more items than are available in the player's hotbar, triggering a server crash and resulting...
EUVD-2025-4517
Malicious code in bioql PyPI...
SUSE CVE-2025-27088
oxyno-zeta/s3-proxy is an aws s3 proxy written in go. In affected versions a Reflected Cross-site Scripting XSS vulnerability enables attackers to create malicious URLs that, when visited, inject scripts into the web application. This can lead to session hijacking or phishing attacks on a trusted...
CVE-2025-27088
The CVE-2025-27088 issue affects oxyno-zeta/s3-proxy (Go) and is caused by rendering the Request.URL.Path into HTML in the folder-list template without proper sanitization, enabling reflected XSS via crafted URLs. Public advisories state that affected versions are vulnerable to script injection, ...
Fedora: Security Advisory (FEDORA-2023-8892fc09e9)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OPENSUSE-SU-2024:12831-1 ctdb-4.18.1+git.298.4ccf830b2a4-1.1 on GA media
These are all security issues fixed in the ctdb-4.18.1+git.298.4ccf830b2a4-1.1 package on the GA media of openSUSE Tumbleweed...