7058 matches found
BIT-DISCOURSE-2026-27570 Discourse Vulnerable to Stored XSS via Shared AI Conversation Onebox
Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, the onebox method in the SharedAiConversation model renders the conversation title directly into HTML without proper sanitization. Versions 2026.3.0, 2026.2.1, and 2026.1.2 contain a patch. As a...
Cleartext Storage of Sensitive Information
Overview Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information via the /status/config endpoint. An attacker can obtain plaintext S3 Server-Side Encryption with Customer-Provided Keys by sending a request to this endpoint, potentially allowing unauthorized...
CVE-2026-4270
Improper Protection of Alternate Path exists in the no-access and workdir feature of the AWS API MCP Server versions = 0.2.14 and 1.3.9 on all platforms may allow the bypass of intended file access restriction and expose arbitrary local file contents in the MCP client application context. To...
UBUNTU-CVE-2026-33413
etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, unauthorized users may bypass authentication or authorization checks and call certain etcd functions in clusters that expose the gRPC API to untrusted or partially trusted...
CVE-2026-33413 etcd: Authorization bypasses in multiple APIs
etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, unauthorized users may bypass authentication or authorization checks and call certain etcd functions in clusters that expose the gRPC API to untrusted or partially trusted...
PT-2026-28400
Name of the Vulnerable Software and Affected Versions Daylight Studio FuelCMS version 1.5.2 Description FuelCMS version 1.5.2 contains a SQL injection issue through the /controllers/Login.php component. The vulnerability is located in the /controllers/Login.php component and allows for potential...
SUSE CVE-2026-25963
Fleet is open source device management software. In versions prior to 4.80.1, a broken authorization check in Fleet's certificate template deletion API could allow a team administrator to delete certificate templates belonging to other teams within the same Fleet instance. Fleet supports...
CVE-2026-32879 New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure
New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Starting in version 0.10.0, a logic flaw in the universal secure verification flow allows an authenticated user with a registered passkey to satisfy secure verification without completing a WebAut...
CVE-2026-33025
AVideo is a video-sharing Platform. Versions prior to 8.0 contain a SQL Injection vulnerability in the getSqlFromPost method of Object.php. The $POST'sort' array keys are used directly as SQL column identifiers inside an ORDER BY clause. Although realescapestring was applied, it only escapes...
Out-of-Bounds Slice Access in free5GC CHF Leading to DoS
Impact This is an out-of-bounds slice access vulnerability in the CHF nchf-convergedcharging service. A valid authenticated request to PUT /nchf-convergedcharging/v3/recharging/:ueId?ratingGroup=... can trigger a server-side panic in github.com/free5gc/chf/internal/sbi.Server.RechargePut... due t...
EUVD-2026-12474
AWS API MCP File Access Restriction Bypass...
Microsoft Windows 11 Build 26200 File Explorer Auditor
This Metasploit module provides a defensive pre-execution assessment for the Windows vulnerability where File Explorer fails to properly restrict access to sensitive system locations...
CVE-2026-32123 OpenEMR: Therapy Group Sensitivity ACL No Longer Enforced
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, sensitivity checks for group encounters are broken because the code only consults formencounter for sensitivity, while group encounters store sensitivity in...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the REST and WebSocket endpoints due to lack of authentication enforcement. An attacker can gain unauthorized access and interact with sensitive server functionality by sending requests...
PT-2026-22498
Name of the Vulnerable Software and Affected Versions Tenda F453 version 1.0.0.3 Description A flaw exists in the fromqossetting function of the /goform/qossetting file. Manipulation of the qos argument can lead to a buffer overflow. The attack can be launched remotely. Recommendations Update to ...
CVE-2026-27700
Hono is a Web application framework that provides support for any JavaScript runtime. In versions 4.12.0 and 4.12.1, when using the AWS Lambda adapter hono/aws-lambda behind an Application Load Balancer ALB, the getConnInfo function incorrectly selected the first value from the X-Forwarded-For...
CVE-2026-27700 Hono is Vulnerable to Authentication Bypass by IP Spoofing in AWS Lambda ALB conninfo
Hono is a Web application framework that provides support for any JavaScript runtime. In versions 4.12.0 and 4.12.1, when using the AWS Lambda adapter hono/aws-lambda behind an Application Load Balancer ALB, the getConnInfo function incorrectly selected the first value from the X-Forwarded-For...
ALPINE-CVE-2026-21863
Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious actor with access to the Valkey clusterbus port can send an invalid packet that may cause an out bound read, which might result in the system crashing. The Valkey clusterbus packet processin...
PT-2026-21518
Name of the Vulnerable Software and Affected Versions UTT HiPER 810G versions up to 1.7.7-171114 Description A buffer overflow issue exists in UTT HiPER 810G due to the manipulation of the except argument within the strcpy function located in the file /goform/formP2PLimitConfig. Remote exploitati...
CVE-2026-24126
Weblate is a web based localization tool. Prior to 5.16.0, the SSH management console did not validate the passed input while adding the SSH host key, which could lead to an argument injection to ssh-add. Version 5.16.0 fixes the issue. As a workaround, properly limit access to the management...