12988 matches found
CVE-2026-13199
EEPROM firmware on Raspberry Pi 5 and Compute Module 5 devices produced non-random KASLR and RNG seed values. This resulted in consistent kernel addresses across boots and devices, potentially making it easier to exploit other vulnerabilities. Additionally, the low-quality RNG seed may affect the...
EUVD-2026-42015
Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers. This issue affects Ontime: through 04052026...
CVE-2026-13245
The MaxButtons – Create buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'view' parameter in all versions up to, and including, 9.8.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
GHSA-45GG-VH54-H5M9 vulnerabilities
Vulnerabilities for packages: kaf, gitlab-workhorse-ce-fips, kubernetes, argo-workflows, rancher, zarf-fips, omnictl-multiarch-fips, flux-fips, tigera-operator, telegraf, prometheus-operator, kubevela-fips, kyverno-fips, minio-fips, knative-serving, istio, nemo, trivy-operator,...
CVE-2026-9698 affecting package perl-DBI for versions less than 1.643-5
CVE-2026-9698 affecting package perl-DBI for versions less than 1.643-5. A patched version of the package is available...
CVE-2026-8643 affecting package python-virtualenv for versions less than 20.36.1-5
CVE-2026-8643 affecting package python-virtualenv for versions less than 20.36.1-5. A patched version of the package is available...
EUVD-2026-36540
parse-server: Endpoints /login and /verifyPassword disclose MFA secrets and protected fields when User get is denied...
Siemens SIPROTEC 5 Small Space of Random Values (CVE-2024-54017)
Affected devices do not use sufficiently random values to create session identifiers. This could allow an unauthenticated remote attacker to brute force a session identifier and gain read access to limited information from the web server without authorization. This plugin only works with...
CVE-2024-27928
CVE-2024-27928 (Vantage6) describes a vulnerability in Vantage6 prior to 5.0.0 where an attacker with access to a user’s email can first reset the account password, then reset the 2FA token via email, effectively reducing 2FA to 1FA. This is tied to emails being used as a recovery vector and reli...
CVE-2026-53606
ApostropheCMS is an open-source Node.js content management system, and sanitize-html provides a simple HTML sanitizer with a clear API. Versions of sanitize-html prior to 2.17.5 use allowedSchemesAppliedToAttributes default: 'href', 'src', 'cite' to gate the naughtyHref function that blocks...
SUSE CVE-2026-11850
An integer underflow vulnerability was found in MIT krb5 in the berval2tldata function in plugins/kdb/ldap/libkdbldap/ldapprincipal2.c. The function performs an unsigned subtraction bvlen - 2 without a prior bounds check. When bvlen is 0 or 1, the subtraction wraps to a large value which is then...
PT-2026-48961
Name of the Vulnerable Software and Affected Versions Parse Server versions 9.8.0 through 9.9.1-alpha.4 Description Applications that enable Multi-Factor Authentication MFA and restrict the get permission on the User class via Class-Level Permissions CLP may expose sensitive user data. The issue...
Critical Photon OS Security Update - PHSA-2026-5.0-0876
Updates of 'bindutils' packages of Photon OS have been released...
QNAP file station 缓冲区错误漏洞
QNAP Systems File Station 5 is a file management system developed by QNAP Systems, a company based in Taiwan, China. QNAP Systems File Station 5 has a security vulnerability that stems from a buffer overflow issue. This vulnerability could allow remote attackers to modify memory after obtaining...
PT-2026-48372
Name of the Vulnerable Software and Affected Versions File Station 5 versions prior to 5.5.6.5208 Description A buffer overflow occurs when a program writes more data to a memory buffer than it can hold, potentially overwriting adjacent memory. A remote attacker with a user account can exploit th...
Anthropic Offers Mythos Upgrade for Cyber Partners and a ‘Safe’ Version for the Rest of You
Anthropic is releasing Claude Mythos 5 to trusted organizations and Claude Fable 5 to the public, a version it says can’t be used for cyberattacks...
CVE-2026-49975 affecting package nginx for versions less than 1.28.3-5
CVE-2026-49975 affecting package nginx for versions less than 1.28.3-5. A patched version of the package is available...
CVE-2026-7790 affecting package rabbitmq-server for versions less than 3.13.7-5
CVE-2026-7790 affecting package rabbitmq-server for versions less than 3.13.7-5. A patched version of the package is available...
CVE-2026-29181 affecting package ignition-flatcar for versions less than 2.22.0-5
CVE-2026-29181 affecting package ignition-flatcar for versions less than 2.22.0-5. A patched version of the package is available...
CVE-2026-43968 affecting package rabbitmq-server for versions less than 3.13.7-5
CVE-2026-43968 affecting package rabbitmq-server for versions less than 3.13.7-5. A patched version of the package is available...