27418 matches found
GitLab CE/EE - Information Disclosure
GitLab CE/EE is susceptible to information disclosure. An attacker can access runner registration tokens using quick actions commands, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. Affected versions are from 12.10 before 14.6.5,...
CVE-2026-12622
The GridTime 3000 GNSS Time Server presents an open redirect vulnerability in its password change form submission affecting versions 1.0r0.03 through 1.1r0.0. The issue is described as an open redirect in the password change flow; no further exploitation details, impact scope, or remediation are ...
CVE-2026-12619
The CVE-2026-12619 entry concerns Microchip GridTime 3000 GNSS Time Server, where an improper neutralization during web page generation enables Cross-Site Scripting (XSS). A CSRF-to-XSS chain affects GridTime 3000 versions 1.0r0.03–1.1r0.0. Exploit maturity is listed as ATTACKED, indicating in-th...
EUVD-2026-37747
undici WebSocket client vulnerable to denial of service via fragment count bypass...
CVE-2026-49230
Improper Validation of Integrity Check Value vulnerability in Apache APISIX. The jwe-decrypt plugin under default configuration is vulnerable to authentication bypass. This issue affects Apache APISIX: from 3.8.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0, which fixes the...
CVE-2026-49872
Improper Authentication vulnerability in Apache APISIX. When the cas-auth plugin is used in a route, an attacker can possibly authenticate itself with credentials from a different source. This issue affects Apache APISIX: from 3.0.0 through 3.16.0. Users are recommended to upgrade to version...
CVE-2026-9143
CVE-2026-9143 describes an incorrect conversion between numeric types in NI grpc-device due to missing range checks in CodeGen, potentially discarding high bits when a size value exceeds the target type’s range. Affected: NI grpc-device ≤ 2.17.0. Metrics: CVSSv3.1 base 3.7 (LOW); CVSSv4.0 base 6....
EUVD-2026-38025
Cross-Site Request Forgery CSRF vulnerability in the cas-auth plugin under default configurations. This defect allows a remote attacker that manages to send a victim to a webpage controlled by them can cause the victim's browser to become authenticated as a different identity. Actions the victim...
EUVD-2026-38023
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Apache APISIX. The attacker could manipulate some client headers to perform an open-redirect, to potentially expose the session token. This issue affects Apache APISIX: from 3.0.0 through 3.16.0. Users are recommended to upgrade t...
EUVD-2026-38017
Insufficient Verification of Data Authenticity vulnerability in Apache APISIX. The openid-connect plugin under default configuration has an attack surface that allows the attacker to spoof identity headers allowing the attacker to get unauthorized access the protected resources. This issue affect...
CVE-2026-39999 Apache APISIX: JWT Algorithm Confusion allows authentication bypass
Authentication Bypass by Spoofing vulnerability in Apache APISIX. The attacker can completely bypass authentication capitalising on certain configurations of jwt-auth plugin. This issue affects Apache APISIX: from v2.2 through v3.16.0. Users are recommended to upgrade to version v3.17.0, which...
CVE-2026-39999
CVE-2026-39999 affects Apache APISIX (v2.2–v3.16.0) via the jwt-auth plugin. The issue enables an authentication bypass by spoofing due to a JWT algorithm confusion/configuration, allowing a network attacker with no privileges to bypass auth (NONE -> HIGH impact on confidentiality/integrity). ...
CVE-2026-56142
In JetBrains Hub, prior to 2026.1.13757, and across versions 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429, there is a privilege escalation vulnerability described as: attaching authentication details to accounts enables elevation of privileges. The sources (NVD, CVE l...
EUVD-2026-38007
In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.148429 privilege escalation by attaching authentication details to accounts was possible...
Citrix ADC and Citrix NetScaler Gateway - Remote Code Injection
Citrix ADC and NetScaler Gateway are susceptible to remote code injection. An attacker can potentially execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. Affected versions are before 13.0-58.30,...
LiteSpeed Cache <= 5.7 - Unauthenticated Stored XSS
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache- from n/a through 5.7. id: CVE-2023-40000 info: name: LiteSpeed Cache = 5.7 - Unauthenticated Stored XSS...
CVE-2026-8296
CVE-2026-8296 affects Octopus Server. Affected versions permit embedding a Cross-Site Scripting (XSS) payload via artifacts when an attacker has high privileges and certain access levels; exploitation requires user interaction. CVSSv4 base score 5.6 (MEDIUM); attack vector NETWORK; attack complex...
EUVD-2026-37987
The Avada Fusion Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the maybedeletefiles function in all versions up to, and including, 3.15.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the...
PT-2026-50898
Name of the Vulnerable Software and Affected Versions Apache APISIX versions 3.0.0 through 3.16.0 Description A Cross-Site Request Forgery CSRF issue exists in the cas-auth plugin under default configurations. This allows a remote attacker to trick a victim into visiting a malicious webpage,...
CVE-2026-45696
CVE-2026-45696 affects OpenEXR 3.4.0–3.4.11, where the HTJ2K decoder’s ht_undo_impl() can perform a heap-buffer-overflow READ due to a width mismatch between the EXR codestream and the declared line width. The decoder copies 32-bit samples from cur_line->i32[] without validating the OpenJPH li...