EUVD-2026-34208

Unchecked public access permissions on a core Broadcast Receiver allow unauthorized local software components to invoke administrative operations...

Kirby CMS's content locks disclose IDs and emails of inaccessible users from `users.access/list` permissions

TL;DR This vulnerability affects all Kirby sites that restrict the visibility of users for certain roles via the users.access or users.list permissions. A site is affected if users of a particular role are not allowed to see other users in the Panel, for example because the role's blueprint sets...

PT-2026-43161

The GDPR cookies module for Backdrop CMS before 1.x-1.3.5 doesn't sufficiently protect visitors from Cross Site Scripting XSS if a malicious value has been provided for the optional 'Info content' field for the YouTube service. This is mitigated by the fact that an attacker must have a role with...

Astra Linux - уязвимость в zabbix

When exporting media types, the passwords are exported in plain text within the YAML file. This appears to be a best practices issue and may not actually have any significant impact. The user must have permissions to access the media types, and therefore it is expected that they will have access ...

CVE-2026-32684

Technical details are not publicly available in the provided documents. Monitor for updates.

PT-2026-40005

The application does not impose strict enough restrictions on directory access permissions, posing a risk that other malicious applications could obtain sensitive information...

SilverStripe Assets Module 安全漏洞

The SilverStripe Assets Module is an asset component of the SilverStripe framework developed by the New Zealand-based company SilverStripe. Versions of the SilverStripe Assets Module prior to 2.4.5, as well as versions 3.0.0-rc1 to 3.1.2, contained security vulnerabilities. These vulnerabilities...

MCPHub 安全漏洞

MCPHub is a server management tool developed by Samanhappy as an individual project. Versions of MCPHub prior to 0.11.0 contained security vulnerabilities. These vulnerabilities stemmed from authentication bypasses, allowing unauthenticated attackers to execute operations under the identities of...

InvenTree 授权问题漏洞

InvenTree is an open-source inventory management system developed by InvenTree. It provides robust low-level inventory control and parts tracking capabilities. Versions of InvenTree prior to 1.2.7 and 1.3.0 contained authorization vulnerabilities. These vulnerabilities stemmed from improper...

CVE-2026-1497

Incorrect resolving of namespaces in composite databases in Neo4j Enterprise edition prior to versions 2026.02 and 5.26.22 can lead to the following scenario: an admin that intends to give a user an access to a remote database constituent "namespace.name" will inadvertently grant access to any...

CVE-2026-28267

Multiple i-フィルター products are configured with improper file access permission settings. Files may be created or overwritten in the system directory or backup directory by a non-administrative user...

refinance-poc

Refi-Ready POC This project is a Proof-of-Concept for a serve...

CVE-2026-27100

Jenkins 2.550 and earlier, LTS 2.541.1 and earlier accepts Run Parameter values that refer to builds the user submitting the build does not have access to, allowing attackers with Item/Build and Item/Configure permission to obtain information about the existence of jobs, the existence of builds,...

PT-2026-6049

Name of the Vulnerable Software and Affected Versions Neo4j Enterprise and Community editions versions prior to 2026.01.3 and versions prior to 5.26.21 Description The obfuscate literals option in query logs does not redact error information, potentially exposing unredacted data when a query fail...

CVE-2026-24413

Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prior to versions 2.13.14, 2.14.8, and 2.15.2, the Icinga 2 MSI did not set appropriate permissions for the %ProgramData%\icinga2\var folder on Windows. This resulted in the its contents - including the private key of the...

Gitea security vulnerabilities

Gitea is a lightweight Git service developed using Go language in the Gitea community. There is a security vulnerability in Gitea, which stems from the notification API not revalidating the repository access permissions when returning notification details. This allows users to still view issues a...

CVE-2018-1000148

An exposure of sensitive information vulnerability exists in Jenkins Copy To Slave Plugin version 1.4.4 and older in CopyToSlaveBuildWrapper.java that allows attackers with permission to configure jobs to read arbitrary files from the Jenkins master file system...

CVE-2022-42707

In Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0, embedded images are accessible without a sufficient permission check under certain conditions...

CVE-1999-0777

IIS FTP servers may allow a remote attacker to read or delete files on the server, even if they have "No Access" permissions...

CVE-2025-67637

Jenkins 2.540 and earlier, LTS 2.528.2 and earlier stores build authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...