689 matches found
ionCube Tester Plus <= 1.3 - Local File Inclusion
The ionCube Tester Plus plugin for WordPress versions = 1.3 is vulnerable to unauthenticated arbitrary file read via path traversal. The 'ininame' parameter in loader-wizard.php is not properly sanitized, allowing attackers to read sensitive files such as wp-config.php and /etc/passwd without...
CVE-2026-59709 Ghostfolio - Unauthorized Portfolio Holding Tag Modification via Missing Permission Check
Ghostfolio's PUT /api/v1/portfolio/holding/:dataSource/:symbol/tags endpoint fails to verify Access.permissions field when processing the Impersonation-Id header, allowing read-only access grantees to modify portfolio holding tags. Attackers with valid read-only share tokens can assign or remove...
ROOT-OS-UBUNTU-2204-CVE-2026-43022 CVE-2026-43022 in rootio-linux - Patched by Root
Root has patched CVE-2026-43022 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...
PT-2026-55488
Name of the Vulnerable Software and Affected Versions PHP versions 8.2.0 through 8.2.31 PHP versions 8.3.0 through 8.3.31 PHP versions 8.4.0 through 8.4.22 PHP versions 8.5.0 through 8.5.7 Description The OpenSSL extension contains a buffer allocation flaw in the AES-WRAP-PAD algorithm...
CVE-2026-14046
creationtimestamp| type| source ---|---|--- 2026-07-01 21:26:56+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpmhgxkheu2y 2026-07-02 07:50:30+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260702 2026-07-06 07:23:26+00:00| seen|...
CVE-2026-57915 Apache Kerby: Kerberos Pre-Authentication Bypass
It is possible to bypass the Kerberos pre-authentication check in Apache Kerby by sending a PA-DATA with an unrecognized or unsupported type. Users are recommended to upgrade to version 2.1.2, which fixes this issue...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.18.45 packages and security update
Red Hat OpenShift Container Platform release 4.18.45 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a...
EUVD-2026-38550
CMS Cryptographic Message Syntax parsing in gpgsm in GnuPG through 2.5.20 mishandles the CMS format for AES-GCM because aes-ICVlen is supposed to be 12 bytes but 4 bytes is accepted. NOTE: this is related to CVE-2026-34182...
ai.agentican:agentican-framework-core (>=0.1.0-alpha.2 <=0.1.0-alpha.4), ai.agentican:agentican-quarkus-deployment (>=0.1.0-alpha.1 <=0.1.0-alpha.4) +19976 more potentially affected by CVE-2026-47244 via io.netty:netty-codec-http2 (>=4.1.0.Beta4 <=4.1.134.Final)
io.netty:netty-codec-http2 MAVEN version =4.1.0.Beta4, =0.1.0-alpha.2, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.3, =0.1.0-alpha.2, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.28.0 and more Source cves:...
CVE-2026-50214 Shared Secret Quota Inflation
The /v1/Plan service relies entirely on a shared global API token for full administrative management, allowing arbitrary creation of zero-cost network access plans...
CVE-2026-48726
A bug in Apache Airflow's auth manager logout handling left previously-issued JWT tokens valid after the user clicked logout in the UI: the logout flow for FabAuthManager and KeycloakAuthManager did not actually reach the underlying revoketoken call, so the JWT remained accepted by the API server...
Astra Linux – Vulnerability in libdbi-perl
A issue was discovered in the DBI module through version 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically specified via the fdir attribute in the data source name DSN. NOTE: This issue exists due to an incomplete fix for CVE-2014-10401...
RHEL 9 : PackageKit (RHSA-2026:19354)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:19354 advisory. PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way using a cross-distribution, cross-architectu...
@0xchain/telemetry (>=1.1.0-beta.8 <=1.1.0-beta.18), @20206205tech/nestjs-common (>=0.8.0 <=0.11.3) +958 more potentially affected by CVE-2026-44293 via protobufjs (>=8.0.0 <=8.0.1)
protobufjs NPM version =8.0.0, =1.1.0-beta.8, =0.8.0, =1.0.0, =1.1.4, =0.3.1, =0.3.1, =0.7.1, =0.7.0, =0.8.0 and more Source cves: CVE-2026-44293 Source advisory: SNYK:JS-PROTOBUFJS-16643421...
CVE-2026-45387
creationtimestamp| type| source ---|---|--- 2026-05-10 19:31:55+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-h2cw-7qw9-56xr...
0lever-utils (>=0.0.2 <=0.0.7), a12rta (=0.1.0) +1801 more potentially affected by CVE-2026-44405 via paramiko (>=1.15.0 <=4.0.0)
paramiko PYPI version =1.15.0, =0.0.2, =1.0.1, =0.0.15, =1.0.0, =0.15.0, =0.2.0, =1.0.1, =0.5.0, =2026.2.3, =0.0.0, =0.0.1, =0.1.1, =0.1.4 and more Source cves: CVE-2026-44405 Source advisory: SNYK:PYTHON-PARAMIKO-16425764...
ai-24sea (>=0.1.0 <=1.1.1), ai-documentation-writer (>=0.1.0 <=0.1.1) +31 more potentially affected by CVE-2026-7724 via prefect (>=3.0.0rc20 <=3.6.22)
prefect PYPI version =3.0.0rc20, =0.1.0, =0.1.0, =0.16.0, =0.6.1, =6.0.0, =1.0.1, =2.2.8, =2.25.0, =1.1.0, =1.3.0b5, =0.0.2, =0.1.11, =1.1.0, =2.3.0rc19 - mcp-prefect =0.1.0 and more Source cves: CVE-2026-7724 Source advisory: SNYK:PYTHON-PREFECT-16383760...
@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.5) +20 more potentially affected by CVE-2026-44117 via openclaw (>=2026.3.22 <=2026.4.2)
openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =27.2.5, =1.1.0, =2.1.3, =2026.3.24-3, =0.14.39, =0.1.0, =0.1.1, =0.2.18 - @xmoxmo/bncr =0.0.8 - morpho-vault-manager =0.1.0 and more Source cves: CVE-2026-44117 Source advisory: SNYK:JS-OPENCLAW-16298053...
CVE-2026-41170
creationtimestamp| type| source ---|---|--- 2026-04-22 23:20:48+00:00| seen| Telegram/bXcnMEVg4MqmghIUy-Ivhp7SDQD9oC-u5oUbMXpQMRT1SlU...
SUSE-SU-2026:21357-1 Security update for rust1.94
This update for rust1.94 fixes the following issues: Changes in rust1.94: - Don't force gcc-15 on SLE-16 and higher bsc1261876 Update to rust1.94.1: - Release notes can be found externally: https://github.com/rust-lang/rust/releases/tag/1.94.1 - Avoid unwrapping varint decoding during parameters...