CVE-2026-33157 Craft CMS: Potential authenticated Remote Code Execution via malicious attached Behavior

Craft CMS is a content management system CMS. From version 5.6.0 to before version 5.9.13, a Remote Code Execution RCE vulnerability exists in Craft CMS, it can be exploited by any authenticated user with control panel access. This is a bypass of a previous fix. The existing patches add...

CVE-2026-32267

Craft CMS vulnerable to privilege escalation via UsersController->actionImpersonateWithToken. From 4.0.0-RC1 up to 4.17.5 and 5.0.0-RC1 up to 5.9.11, a low-privilege or unauthenticated user with a shared URL can escalate to admin. Patch versions: 4.17.6 and 5.9.12. CVSS 4.0 base score 9.2 (CRI...

PT-2026-25806

Name of the Vulnerable Software and Affected Versions Craft CMS versions 4.0.0-RC1 through 4.17.5 Craft CMS versions 5.0.0-RC1 through 5.9.11 Description Craft CMS contains a flaw in the UsersController-actionImpersonateWithToken function that allows a low-privilege user, or an unauthenticated us...

Moderate: Red Hat Security Advisory: Logging for Red Hat OpenShift - 5.9.12

Logging for Red Hat OpenShift - 5.9.12 Logging for Red Hat OpenShift - 5.9.12 logging-fluentd-container: Possible Log Injection in Rack::CommonLogger openshift-logging-5.9...

strongSwan 5.3.x < 5.9.12 RCE Vulnerability

strongSwan is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

AZL-35287 CVE-2023-41913 affecting package strongswan for versions less than 5.9.12-1

strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKESAINIT message...

CVE-2023-41913

strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKESAINIT message...

CVE-2021-23271 TIBCO EBX Cross Site Scripting (XSS)

The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Stored Cross Site Scripting XSS attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX:...

Atlassian Confluence 5.9.12 Cross Site Scripting

===== Tempest Security Intelligence - ADV-3/2016 CVE-2016-6283 ============== Persisted Cross-Site Scripting XSS in Confluence Jira Software ---------------------------------------------------------------- Authors: - Jodson Santos - [email protected] Tempest Security Intelligence -...

Atlassian Confluence &lt; 5.10.6 - Persistent Cross-Site Scripting

===== Tempest Security Intelligence - ADV-3/2016 CVE-2016-6283 ============== Persisted Cross-Site Scripting XSS in Confluence Jira Software ---------------------------------------------------------------- Authors: - Jodson Santos - [email protected] Tempest Security Intelligence -...