20385 matches found
CVE-2026-35400
LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 20.0.0 to before 27.0.3 and 28.0.1, an endpoint in the publication module was incorrectly trusting the baseURL submitted by a user's PO...
CVE-2026-35400 LORIS incorrectly trusts user input in publication module
LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 20.0.0 to before 27.0.3 and 28.0.1, an endpoint in the publication module was incorrectly trusting the baseURL submitted by a user's PO...
CVE-2026-35400 LORIS incorrectly trusts user input in publication module
LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 20.0.0 to before 27.0.3 and 28.0.1, an endpoint in the publication module was incorrectly trusting the baseURL submitted by a user's PO...
CVE-2026-35400
LORIS (Longitudinal Online Research and Imaging System) is affected from 20.0.0 up to but not including 27.0.3 and 28.0.1 by a publication module flaw that trusts the baseURL submitted via a user’s POST request instead of the internal LORIS value. This could allow an attacker with publication-mod...
EUVD-2026-20576
LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 20.0.0 to before 27.0.3 and 28.0.1, an endpoint in the publication module was incorrectly trusting the baseURL submitted by a user's PO...
WordPress WP BASE Booking plugin <= 5.9.0 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin WP BASE Booking versions = 5.9.0...
RHSA-2026:6750 Red Hat Security Advisory: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, and gstreamer1-plugins-good security update
Bulletin has no description...
EUVD-2026-20264
Missing Authorization vulnerability in acmethemes Education Base education-base allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Education Base: from n/a through = 3.0.8...
CVE-2026-39622
Missing Authorization vulnerability in acmethemes Education Base education-base allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Education Base: from n/a through = 3.0.8...
CVE-2026-39622 WordPress Education Base theme <= 3.0.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in acmethemes Education Base education-base allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Education Base: from n/a through = 3.0.8...
CVE-2026-39622
Missing Authorization vulnerability in acmethemes Education Base education-base allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Education Base: from n/a through = 3.0.8...
CVE-2026-39622 WordPress Education Base theme <= 3.0.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in acmethemes Education Base education-base allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Education Base: from n/a through = 3.0.8...
CVE-2026-39622
The CVE-2026-39622 entry describes a Missing Authorization vulnerability in the acmethemes Education Base WordPress theme (education-base) affecting versions up to and including 3.0.8. The root cause is Incorrectly Configured Access Control Security Levels, enabling unauthorized access due to bro...
CVE-2026-20431
In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID:...
CVE-2026-20432
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation...
CVE-2026-20433
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation...
kernel: smc: Fix use-after-free in __pnet_find_base_ndev()
In the Linux kernel, the following vulnerability has been resolved: smc: Fix use-after-free in pnetfindbasendev. syzbot reported use-after-free of netdevice in pnetfindbasendev, which was called during connect. 0 smcpnetfindismresource fetches skdstgetsk-dev and passes down to pnetfindbasendev,...
coursevault-preview has a path traversal due to improper base-directory boundary validation
Summary coursevault-preview versions prior to 0.1.1 contain a path traversal vulnerability in the resolveSafe utility. The boundary check used String.prototype.startsWithbaseDir on a normalized path, which does not enforce a directory boundary. An attacker who controls the relativePath argument t...
GHSA-9H9M-RR67-9JPG coursevault-preview has a path traversal due to improper base-directory boundary validation
Summary coursevault-preview versions prior to 0.1.1 contain a path traversal vulnerability in the resolveSafe utility. The boundary check used String.prototype.startsWithbaseDir on a normalized path, which does not enforce a directory boundary. An attacker who controls the relativePath argument t...
EUVD-2026-19790
coursevault-preview has a path traversal due to improper base-directory boundary validation...