5987 matches found
CVE-2026-49204
Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploitation...
CVE-2026-49204
Technical details about CVE-2026-49204 are not publicly available in the provided documents; monitor for updates.
CVE-2026-49204 Hard-coded AWS Cognito Testing Accounts
Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploitation...
EUVD-2026-34216
Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploitation...
PT-2026-46155
Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploitation...
CVE-2026-40495
FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 leak the exact system version through asset cache buster parameters in HTML output, bypassing the hideversionpublic security setting. The FOSSBilling version is embedded in the query string of every a...
CVE-2026-40495 FOSSBilling version exposed via asset cache buster
FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 leak the exact system version through asset cache buster parameters in HTML output, bypassing the hideversionpublic security setting. The FOSSBilling version is embedded in the query string of every a...
EUVD-2026-34175
FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 leak the exact system version through asset cache buster parameters in HTML output, bypassing the hideversionpublic security setting. The FOSSBilling version is embedded in the query string of every a...
CVE-2026-40495
FOSSBilling prior to 0.8.0 leaks the exact system version via asset cache buster parameters in HTML output. The version is embedded in the query string of every [removed] and tag created by the script_tag and stylesheet_tag Twig filters, making it visible to all visitors, including unauthenticat...
CVE-2026-40495 FOSSBilling version exposed via asset cache buster
FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 leak the exact system version through asset cache buster parameters in HTML output, bypassing the hideversionpublic security setting. The FOSSBilling version is embedded in the query string of every a...
CVE-2026-42321
GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technician can store an XSS payload in the asset locked tab. Upgrade to 10.0.25 or 11.0.7 to receive a patch...
CVE-2026-44281
GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, an authenticated user with config READ permission can read a specific asset object. Upgrade to 11.0.7 or 10.0.25 to receive a patch...
CVE-2026-42318
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 10.0.25 and 11.0.7, low privilege users with access to planning can delete any object in GLPI. Upgrade to 11.0.7 or 10.0.25 to receive a patch. As a workaround, disable delete rights for User'...
CVE-2026-42321
GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technician can store an XSS payload in the asset locked tab. Upgrade to 10.0.25 or 11.0.7 to receive a patch...
CVE-2026-42321 GLPI has stored XSS in asset locks
GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technician can store an XSS payload in the asset locked tab. Upgrade to 10.0.25 or 11.0.7 to receive a patch...
CVE-2026-42321 GLPI has stored XSS in asset locks
GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technician can store an XSS payload in the asset locked tab. Upgrade to 10.0.25 or 11.0.7 to receive a patch...
EUVD-2026-34097
GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technician can store an XSS payload in the asset locked tab. Upgrade to 10.0.25 or 11.0.7 to receive a patch...
CVE-2026-42321
CVE-2026-42321 affects GLPI before 10.0.25 and 11.0.7, where a technician can store a stored XSS payload in the asset locked tab. The vulnerability is mitigated by upgrading to GLPI 10.0.25 or 11.0.7, which contain the patch. The connected sources confirm the affected versions and the fix version...
CVE-2026-42320 GLPI vulnerable to arbitrary file access
GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 10.0.25 and 11.0.7, a technician can read arbitrary files inside the GLPIDOCDIR. Upgrade to 10.0.25 or 11.0.7 to receive a patch...
EUVD-2026-34096
GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 10.0.25 and 11.0.7, a technician can read arbitrary files inside the GLPIDOCDIR. Upgrade to 10.0.25 or 11.0.7 to receive a patch...