CVE-2026-39428

CubeCart is an ecommerce software solution. Prior to 6.6.0, a Stored Cross-Site Scripting XSS vulnerability exists in CubeCart v6.x. An attacker with administrative privileges can inject malicious JavaScript payloads into multiple fields during the creation or modification of a product. These...

CVE-2026-39428 CubeCart: Stored Cross-Site Scripting (XSS)

CubeCart is an ecommerce software solution. Prior to 6.6.0, a Stored Cross-Site Scripting XSS vulnerability exists in CubeCart v6.x. An attacker with administrative privileges can inject malicious JavaScript payloads into multiple fields during the creation or modification of a product. These...

PT-2026-40265

Name of the Vulnerable Software and Affected Versions FortiAuthenticator versions 8.0.0 through 8.0.2 FortiAuthenticator versions 6.6.0 through 6.6.8 FortiAuthenticator versions 6.5.0 through 6.5.6 Description An improper access control issue in API endpoints allows an unauthenticated remote...

CVE-2026-27960

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. In versions 6.6.0 through 6.9.12, there is a privilege escalation vulnerability that can be exploited by unauthenticated attackers to query the API as any existing user, including the default admi...

CVE-2026-27960

OpenCTI suffers a privilege escalation in versions 6.6.0–6.9.12 that allows unauthenticated attackers to query the API as any existing user, including the default admin account. The issue has been fixed in version 6.9.13. As a temporary mitigation, the default admin can be disabled via APP__ADMIN...

CVE-2026-27960 OpenCTI privilege escalation and unauthenticated access via default admin account

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. In versions 6.6.0 through 6.9.12, there is a privilege escalation vulnerability that can be exploited by unauthenticated attackers to query the API as any existing user, including the default admi...

OpenCTI 授权问题漏洞

OpenCTI is an open-source network threat intelligence platform developed by OpenCTI. Versions 6.6.0 to 6.9.12 of OpenCTI have vulnerabilities related to authorization. Attackers can exploit these vulnerabilities to access the API as any existing user, including the default administrator account...

Astra Linux - уязвимость в bcel

Apache Commons BCEL includes several APIs that typically only allow modifying specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to generate arbitrary bytecode. This could lead to abuse in applications that send attacker-controllable data to tho...

CVE-2026-21719

An OS command injection vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to execute an arbitrary OS command...

CVE-2026-35496

A path traversal vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to access higher-level directories that should not be accessible...

CVE-2026-35496

A path traversal vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to access higher-level directories that should not be accessible...

CVE-2026-34018

CubeCart

CVE-2026-34018

An SQL injection vulnerability exists in CubeCart prior to 6.6.0, which may allow an attacker to execute an arbitrary SQL statement on the product...

PT-2026-33409

An SQL injection vulnerability exists in CubeCart prior to 6.6.0, which may allow an attacker to execute an arbitrary SQL statement on the product...

Uncontrolled Recursion

Overview Scriban.Signed is a fast, powerful, safe and lightweight scripting language and engine for .NET, which was primarily developed for text templating with a compatibility mode for parsing liquid templates. Affected versions of this package are vulnerable to Uncontrolled Recursion due to the...

Uncontrolled Recursion

Overview Scriban is a Scriban is a fast, powerful, safe and lightweight scripting language and engine for .NET, which was primarily developed for text templating with a compatibility mode for parsing liquid templates. Today, not only Scriban can be used in text templating scenarios, but also can ...

EUVD-2026-11170

External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via network access...

Open Redirect

Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Open Redirect via the redirecttotarget function in the OAuth flow, which accepts an unvalidated targeturl query parameter. An attacker can redirect...

Server-side Request Forgery (SSRF)

Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the gr.load function. An attacker can access internal services, cloud metadata endpoints, and private networks b...

PYSEC-2026-63

Gradio is an open-source Python package designed for quick prototyping. Starting in version 4.16.0 and prior to version 6.6.0, Gradio applications running outside of Hugging Face Spaces automatically enable "mocked" OAuth routes when OAuth components e.g. gr.LoginButton are used. When a user visi...