56872 matches found
CVE-2026-42051 Kirby: System API endpoint leaks license data and installed version to authenticated users
Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, the system API endpoint leaks license data and installed version to authenticated users. This issue has been patched in versions 4.9.0 and 5.4.0...
CVE-2026-30496
The Optoma CinemaX P2 projector firmware TVOS-04.24.010.04.01, Android 8.0.0 exposes an HTTP API on TCP port 2345 that allows full unauthenticated remote control of the device. The API supports both reading configuration 74 endpoints and writing/modifying settings including volume, mute,...
CVE-2026-8115
A security flaw has been discovered in gyoridavid short-video-maker up to 1.3.4. This affects an unknown part of the file src/server/routers/rest.ts of the component REST API. The manipulation of the argument req.params.tmpFile results in path traversal. The attack can be launched remotely. The...
CVE-2025-69691
Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.execphp. NOTE: the Supplier disputes this because the API call is only available to admins and they are intentionally allowed to execute PHP code...
GHSA-P9H5-JM8X-MJM5 vulnerabilities
Vulnerabilities for packages: containerd, external-dns, rabbitmq-cluster-operator, teleport, istio, conftest, tkn, cilium-certgen, kubernetes, nfpm, hubble, tekton-chains, buildah, grafana-alloy, opencost, skopeo, atlantis, goreleaser, undock, cluster-autoscaler, kubernetes-dashboard, prometheus,...
GHSA-QC64-M6C2-V4X7 vulnerabilities
Vulnerabilities for packages: sftpgo-plugin-auth, authservice, containerd, external-dns, rabbitmq-cluster-operator, teleport, gosu, tw, mods, configmap-reload, renovate, istio, apko, gcp-compute-persistent-disk-csi-driver, prometheus-pushgateway, terraform-provider-acme, sops, haproxy-ingress,...
GHSA-2283-WF8C-RW8R vulnerabilities
Vulnerabilities for packages: sftpgo-plugin-auth, authservice, containerd, external-dns, rabbitmq-cluster-operator, teleport, istio, apko, gcp-compute-persistent-disk-csi-driver, prometheus-pushgateway, terraform-provider-acme, sops, conftest, tkn, terraform-provider-pagerduty, step,...
CVE-2026-42501 vulnerabilities
Vulnerabilities for packages: sftpgo-plugin-auth, authservice, containerd, external-dns, rabbitmq-cluster-operator, teleport, gosu, tw, mods, configmap-reload, renovate, istio, apko, gcp-compute-persistent-disk-csi-driver, prometheus-pushgateway, terraform-provider-acme, sops, haproxy-ingress,...
CVE-2026-39823 vulnerabilities
Vulnerabilities for packages: sftpgo-plugin-auth, authservice, containerd, external-dns, rabbitmq-cluster-operator, teleport, istio, apko, gcp-compute-persistent-disk-csi-driver, prometheus-pushgateway, terraform-provider-acme, sops, conftest, tkn, terraform-provider-pagerduty, step,...
CVE-2026-39817 vulnerabilities
Vulnerabilities for packages: sftpgo-plugin-auth, authservice, containerd, external-dns, rabbitmq-cluster-operator, teleport, gosu, tw, mods, configmap-reload, renovate, istio, apko, gcp-compute-persistent-disk-csi-driver, prometheus-pushgateway, terraform-provider-acme, sops, haproxy-ingress,...
GHSA-XQ5J-9R39-C3VF vulnerabilities
Vulnerabilities for packages: containerd, external-dns, rabbitmq-cluster-operator, teleport, istio, conftest, tkn, cilium-certgen, kubernetes, nfpm, hubble, tekton-chains, buildah, grafana-alloy, opencost, skopeo, atlantis, goreleaser, undock, cluster-autoscaler, kubernetes-dashboard, prometheus,...
CVE-2026-39820 vulnerabilities
Vulnerabilities for packages: containerd, external-dns, rabbitmq-cluster-operator, teleport, istio, conftest, tkn, cilium-certgen, kubernetes, nfpm, hubble, tekton-chains, buildah, grafana-alloy, opencost, skopeo, atlantis, goreleaser, undock, cluster-autoscaler, kubernetes-dashboard, prometheus,...
GHSA-QF3Q-3H68-MMH2 vulnerabilities
Vulnerabilities for packages: sftpgo-plugin-auth, authservice, containerd, external-dns, rabbitmq-cluster-operator, teleport, gosu, tw, mods, configmap-reload, renovate, istio, apko, gcp-compute-persistent-disk-csi-driver, prometheus-pushgateway, terraform-provider-acme, sops, haproxy-ingress,...
CVE-2026-42499 vulnerabilities
Vulnerabilities for packages: containerd, external-dns, rabbitmq-cluster-operator, teleport, istio, conftest, tkn, cilium-certgen, kubernetes, nfpm, hubble, tekton-chains, buildah, grafana-alloy, opencost, skopeo, atlantis, goreleaser, undock, cluster-autoscaler, kubernetes-dashboard, prometheus,...
CVE-2026-39836 vulnerabilities
Vulnerabilities for packages: sftpgo-plugin-auth, authservice, containerd, external-dns, rabbitmq-cluster-operator, teleport, mods, configmap-reload, istio, apko, gcp-compute-persistent-disk-csi-driver, prometheus-pushgateway, terraform-provider-acme, sops, haproxy-ingress, conftest,...
Kirby 安全漏洞
Kirby is a set of open-source content management systems based on files. Versions of Kirby prior to 4.9.0 and 5.4.0 have security vulnerabilities. These vulnerabilities stem from insufficient checks for consistency in permissions for functions like Panel and REST API’s pages.access/list and...
PT-2026-39406
Plainpad is a self hosted note taking app. Prior to version 1.1.1, Plainpad allows a low-privilege authenticated user to self-escalate to administrator by submitting admin=true in PUT /api.php/v1/users/id. The endpoint directly persists the admin attribute from user input, and the escalated accou...
Important: java-21-amazon-corretto
Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalV...
Important: java-17-amazon-corretto
Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalV...
CVE-2026-41432
New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.12.10, a vulnerability exists in the Stripe webhook handler that allows an unauthenticated attacker to forge webhook events and credit arbitrary quota to their account without...