102807 matches found
EUVD-2026-41093
Insertion of Sensitive Information into Log File CWE-532 in Kibana can lead to information disclosure. When the optional application performance monitoring APM instrumentation is enabled, sensitive request header values could be recorded in application logs, where they may be accessible to...
CVE-2026-58029
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiChangeAuthenticationData.Php, includes/Api/ApiLinkAccount.Php, includes/Api/ApiRemoveAuthenticationData.Php, includes/Specials/SpecialLinkAccounts.Php,...
Important: Red Hat Security Advisory: Logging for Red Hat OpenShift - 6.4.6
Logging for Red Hat OpenShift - 6.4.6 Red Hat OpenShift Logging 6.4.6 is a cluster-wide logging solution for OpenShift that collects and manages applications, infrastructure, and audit logs...
CVE-2026-34097
CVE-2026-34097 concerns Guardian Language-System. The vulnerability arises because text_file.php fails to sanitize the GET parameter id before it is inserted into multiple HTML form action attributes (lines 94, 101, 323, 403, 826, 852). This allows an authenticated attacker to craft a URL that in...
CVE-2026-58029
CVE-2026-58029 affects Wikimedia Foundation MediaWiki and enables a full account takeover via BotPasswords and OAuth through action=changeauthenticationdata. Affected versions are MediaWiki: before 1.46.0, 1.45.4, 1.44.6, 1.43.9. The issue involves the API and Special pages: ApiChangeAuthenticati...
CVE-2026-58024 API identification of users on private wikis
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiUserrights.Php. This issue affects MediaWiki: from before 1.46.0, 1.45.4, 1.44.6, 1.43.9...
EUVD-2026-40892
The Visualizer – Tables & Charts Manager with Built-in AI Generator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.0.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...
EUVD-2026-40429
Capgo before 12.128.2 allows org admins to assign org-scoped RBAC roles at app scope without validating role scope compatibility, including to pending invitees. Attackers can pre-seed malformed high-privilege bindings that survive invite acceptance, enabling accepted low-privilege users to perfor...
UBUNTU-CVE-2026-58027
Hide hit count for private/protected filters in API...
CVE-2026-56350
n8n before 2.8.0 contains an authentication bypass vulnerability allowing authenticated SSO users to disable SSO enforcement through the API. Attackers can create local password credentials to authenticate directly, bypassing organizational SSO policies and identity-provider-enforced multi-factor...
CVE-2026-56300
Capgo before 12.128.2 contains unauthenticated security definer RPC functions getuserid and getorgpermforapikey that expose API key validity oracles and user UUID disclosure. Unauthenticated attackers using the public API key can validate leaked keys, enumerate users and apps, and determine...
CVE-2026-11541
IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are affected by an HTTP request smuggling vulnerability...
CVE-2026-56363
ImageMagick (before 7.1.2-22) is affected by a division-by-zero vulnerability in binomial kernel processing that can trigger a denial-of-service by supplying a large binomial kernel value, causing integer overflow and application crash. Affected component: binomial kernel processing in ImageMagic...
CVE-2026-56350 n8n - SSO Enforcement Bypass via API
n8n before 2.8.0 contains an authentication bypass vulnerability allowing authenticated SSO users to disable SSO enforcement through the API. Attackers can create local password credentials to authenticate directly, bypassing organizational SSO policies and identity-provider-enforced multi-factor...
CVE-2026-56300
Capgo before 12.128.2 is affected by CVE-2026-56300 due to unauthenticated security definer RPCs (get_user_id, get_org_perm_for_apikey) that expose API key validity and user UUIDs. Attackers with a public API key can validate leaked keys, enumerate users and apps, and infer permission levels, inc...
CVE-2026-11594
IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console...
CVE-2026-58449
txtai up to 9.10.0 is affected by an unauthenticated remote code execution via the /reindex API. The function body parameter is resolved through txtai.util.Resolver, which uses import and getattr on a user-supplied dotted path without an allowlist. If the API is exposed without a TOKEN and the in...
CVE-2026-11541
IBM WebSphere Application Server 9.0, 8.5 and IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.6 are affected by an HTTP request smuggling vulnerability tracked as CVE-2026-11541. The available connected sources consistently identify the affected products and the vulnerability cla...
EUVD-2026-40412
An unauthenticated attacker can crash the worklist server with a single crafted query when the server has a valid Called AE Title / storage directory, the expected lockfile, and at least one matching worklist record...
CVE-2026-44628
CVE-2026-44628 corresponds to an OFFIS DCMTK Toolkit Type Confusion issue. An unauthenticated attacker can crash the worklist server by sending a single crafted query when the server has a valid Called AE Title/storage directory, the expected lockfile, and at least one matching worklist record. T...