617 matches found
CVE-2026-57798
CVE-2026-57798 affects the WordPress plugin NewsPlus Shortcodes (<= 4.2.0). The issue is described as an Improper Control of Filename for Include/Require Statement in PHP (PHP Remote File Inclusion) vulnerability that allows PHP Local File Inclusion (LFI) . Root cause: improper filename handli...
EUVD-2026-43063
Missing Authorization vulnerability in Drupal WissKI allows Forceful Browsing. This issue affects WissKI versions: from 0.0.0 to 4.2.0...
CVE-2026-13239
Missing Authorization vulnerability in Drupal WissKI allows Forceful Browsing. This issue affects WissKI versions: from 0.0.0 to 4.2.0...
CVE-2026-13239
Summary: CVE-2026-13239 describes a Missing Authorization vulnerability in WissKI, enabling forceful browsing via the wisski mirador submodule. Affected software: WissKI versions 0.0.0 through 4.2.0. Root cause (per documents): insufficient access checks when parameters are submitted through a ro...
PT-2026-56838
Name of the Vulnerable Software and Affected Versions libmbedtls23 affected versions not specified libeverest affected versions not specified Description Security issues were identified and subsequently fixed in the libmbedtls23 and libeverest packages within the openSUSE Tumbleweed GA media...
PT-2026-56845
Name of the Vulnerable Software and Affected Versions libmbedtls2 affected versions not specified libeverest affected versions not specified Description Security issues were identified and subsequently fixed in the libmbedtls23-4.2.0-1.1 and libeverest-3.6.7-1.1 packages on the GA media of openSU...
PT-2026-56849
Name of the Vulnerable Software and Affected Versions libmbedtls2 affected versions not specified libeverest affected versions not specified Description Security issues were identified in the libmbedtls2 and libeverest packages within the openSUSE Tumbleweed GA media. Recommendations Update...
OPENSUSE-SU-2026:11215-1 libmbedtls23-4.2.0-1.1 on GA media
These are all security issues fixed in the libmbedtls23-4.2.0-1.1 package on the GA media of openSUSE Tumbleweed...
EUVD-2026-37813
Steeltoe's sensitive actuators heapdump/env only require Restricted permission...
WordPress NewsPlus Shortcodes plugin <= 4.2.0 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin NewsPlus Shortcodes versions = 4.2.0...
CVE-2026-53550
js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0 and 3.15.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing by repeating the same alias many times in a merge sequence. This causes quadratic parse-time behavior relative to input size an...
UBUNTU-CVE-2026-53550
js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0 and 3.15.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing by repeating the same alias many times in a merge sequence. This causes quadratic parse-time behavior relative to input size an...
CVE-2026-53550 js-yaml: Quadratic-complexity DoS in merge key handling via repeated aliases
js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0 and 3.15.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing by repeating the same alias many times in a merge sequence. This causes quadratic parse-time behavior relative to input size an...
Cleartext Storage of Sensitive Information
Overview Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information in the process that handles service bindings from VCAPSERVICES containing TLS client credentials. An attacker can access sensitive private key material by reading temporary files created with...
Exposure of Resource to Wrong Sphere
Overview Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere in the TokenKeyResolver function. An attacker can bypass authentication and gain unauthorized access by exploiting the shared static JWKS cache across multiple schemes, allowing a key fetched for one...
CVE-2026-50194
Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. When Steeltoe management endpoints versions 3.2.2 through 3.3.0 and 4.1.0 are configured to listen on an alternate port Management:Endpoints:Port is configured, the...
CVE-2026-50194 Steeltoe vulnerable to management-port isolation bypass via spoofed Host header
Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. When Steeltoe management endpoints versions 3.2.2 through 3.3.0 and 4.1.0 are configured to listen on an alternate port Management:Endpoints:Port is configured, the...
PT-2026-50568
Name of the Vulnerable Software and Affected Versions Steeltoe.Configuration.Encryption versions 4.0.0 through 4.1.0 Description Steeltoe is an open source project providing libraries for building cloud-native applications. An issue exists where configuring the encrypt:rsa:algorithm variable with...
Inefficient Algorithmic Complexity
Overview js-yaml is a human-friendly data serialization language. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in the storeMappingPair function in loader.js when handling repeated aliases in merge sequences. An attacker can exhaust CPU resources and...
Inefficient Algorithmic Complexity
Overview org.webjars.npm:js-yaml is a human-friendly data serialization language. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in the storeMappingPair function in loader.js when handling repeated aliases in merge sequences. An attacker can exhaust CPU...