10155 matches found
CVE-2026-6530
DCP-ETSI protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...
yggdrasil security update
0.4.8-4 - Bump release for rebuild...
CentOS 9 : sudo-1.9.17p2-4.el9
The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the sudo-1.9.17p2-4.el9 build changelog. - Privilege escalation due to failure in privilege drop calls CVE-2026-35535 Note that Nessus has not tested for this issue but has instead relied...
CVE-2025-62104 WordPress ACF Galerie 4 plugin <= 1.4.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Navneil Naicker ACF Galerie 4 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ACF Galerie 4: from n/a through 1.4.2...
WordPress ACF Galerie 4 plugin <= 1.4.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin ACF Galerie 4 versions = 1.4.2...
CVE-2026-41130 Craft CMS has a host header injection leading to SSRF via resource-js endpoint
Craft CMS is a content management system CMS. In versions on the 4.x branch through 4.17.8 and the 5.x branch through 5.9.14, the resource-js endpoint in Craft CMS allows unauthenticated requests to proxy remote JavaScript resources. When trustedHosts is not explicitly restricted default...
Photon OS 4.0: Openssl PHSA-2026-4.0-0993
An update of the openssl package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-0993. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
CVE-2025-67030 affecting package plexus-utils for versions less than 3.3.0-4
CVE-2025-67030 affecting package plexus-utils for versions less than 3.3.0-4. A patched version of the package is available...
Important: Red Hat Security Advisory: HawtIO 4.3.1 for Red Hat build of Apache Camel 4 Release and security update.
HawtIO 4.3.1 for Red Hat build of Apache Camel 4 GA Release is now available. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. Red Hat Product Security has rated this update ...
CVE-2019-25695
R 3.4.4 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by injecting malicious input into the GUI Preferences language field. Attackers can craft a payload with a 292-byte offset and JMP ESP instruction to execute commands like calc.exe when the...
CVE-2026-40188
goshs is a Go-based SimpleHTTPServer. From 1.0.7 to before 2.0.0-beta.4, the SFTP rename logic sanitizes only the source path, not the destination, allowing writes outside the root directory of the SFTP. This could enable writing outside the intended sandbox. The issue is fixed in 2.0.0-beta.4 . ...
PT-2026-32005
Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.5, 1.5.5, and 1.6.0-beta.4, the POST /sync/offline changes endpoint allows an unauthenticated attacker to create arbitrary directories and write a changes.json file with attacker-controlled JSON content...
EUVD-2026-20484
CI4MS has stored XSS via Unescaped Blacklist Note in Admin User List...
EUVD-2026-20483
CI4MS has stored XSS via srcdoc attribute bypass in Google Maps iframe setting...
CVE-2026-25645 affecting package python-requests for versions less than 2.31.0-4
CVE-2026-25645 affecting package python-requests for versions less than 2.31.0-4. A patched version of the package is available...
CVE-2026-34569
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when creating or editing blog categories. An attacker can injec...
CVE-2026-33950
SignalK server (signalk-server) is affected. Before version 2.24.0-beta.4, there is a privilege escalation via Admin Role Injection through /enableSecurity. An unauthenticated attacker can gain full Administrator access to the server, potentially modifying vessel routing data, server configuratio...
CVE-2026-33950 signalk-server: Privilege Escalation by Admin Role Injection via /enableSecurity
Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.4, there is a privilege escalation vulnerability by Admin Role Injection via /enableSecurity. An unauthenticated attacker can gain full Administrator access to the SignalK server at any time...
CVE-2026-33950
Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.4, there is a privilege escalation vulnerability by Admin Role Injection via /enableSecurity. An unauthenticated attacker can gain full Administrator access to the SignalK server at any time...
CVE-2026-33950 signalk-server: Privilege Escalation by Admin Role Injection via /enableSecurity
Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.4, there is a privilege escalation vulnerability by Admin Role Injection via /enableSecurity. An unauthenticated attacker can gain full Administrator access to the SignalK server at any time...