2918 matches found
rConfig <=3.9.4 - SQL Injection
rConfig 3.9.4 and prior has unauthenticated snippets.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. id: CVE-2020-10549 info: name: rConfig 3.9.4 or apply th...
JLSEC-2026-672
An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSLclear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct...
CVE-2026-45073
CVE-2026-45073 affects Symfony’s PHP framework, specifically the PdoAdapter::doClear() path. Prior to versions 5.4.52, 6.4.40, 7.4.12, and 8.0.12, the code builds a DELETE with a namespace derived from caller-supplied prefix without binding or escaping it, allowing an attacker who controls the pr...
Security update for the Linux Kernel (Live Patch 10 for SUSE Linux Enterprise 15 SP7)
This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.34 fixes various security issues The following security issues were fixed: CVE-2026-23393: bridge: cfm: Fix race condition in peermep deletion bsc1260524. CVE-2026-31505: iavf: fix out-of-bounds writes in iavfgetethtoolstats...
CVE-2026-1832 ThriveDesk <= 2.1.7 - Missing Authorization to Authenticated (Subscriber+) Cache Deletion
The ThriveDesk – Live Chat, AI Chatbot, Helpdesk & Knowledge Base plugin for WordPress is vulnerable to unauthorized cache deletion due to a missing capability check on the 'thrivedeskclearcache' AJAX action in all versions up to, and including, 2.1.7. This makes it possible for authenticated...
EUVD-2026-43146
The ThriveDesk – Live Chat, AI Chatbot, Helpdesk & Knowledge Base plugin for WordPress is vulnerable to unauthorized cache deletion due to a missing capability check on the 'thrivedeskclearcache' AJAX action in all versions up to, and including, 2.1.7. This makes it possible for authenticated...
CVE-2026-6803 AI Chatbot & Workflow Automation by AIWU <= 1.4.12 - Missing Authorization to Unauthenticated Arbitrary Data Deletion via AJAX Actions 'removeGroup' and 'clear'
The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.4.12. This is due to missing capability checks and nonce verification on AJAX actions registered under both wpajax and wpajaxnopriv hooks, as the base...
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues The following security issues were fixed: CVE-2026-31771: Bluetooth: hcievent: move wake reason storage into validated event handlers bsc1264145. CVE-2026-43038: ipv6: icmp: clear skb2-cb in ip6errgenicmpv6unrea...
PT-2026-56039
Name of the Vulnerable Software and Affected Versions FOSSBilling versions 0.5.6 through 0.7.2 Description When a ClientPasswordReset record already exists for a client from a previous unexpired request, subsequent calls to the reset password guest API endpoint reuse the existing token instead of...
CVE-2026-9546
A vulnerability in libcurl caused the HTTP Referer: header to persist even when explicitly cleared. While the documentation states that passing NULL to CURLOPTREFERER suppresses the header, the option failed to clear the internal state. As a result the previous referrer string was erroneously...
ALPINE-CVE-2026-9546
A vulnerability in libcurl caused the HTTP Referer: header to persist even when explicitly cleared. While the documentation states that passing NULL to CURLOPTREFERER suppresses the header, the option failed to clear the internal state. As a result the previous referrer string was erroneously...
CVE-2026-9546 sending old referer
A vulnerability in libcurl caused the HTTP Referer: header to persist even when explicitly cleared. While the documentation states that passing NULL to CURLOPTREFERER suppresses the header, the option failed to clear the internal state. As a result the previous referrer string was erroneously...
SUSE CVE-2026-53355
In the Linux kernel, the following vulnerability has been resolved: net: rds: clear isends on setup unwind The RDS IB connection teardown path is written so it can run during partial startup and on repeated shutdown attempts. It uses NULL pointers to distinguish resources that are still owned fro...
signal: clear JOBCTL_PENDING_MASK for caller in zap_other_threads()
...
CVE-2026-53355
In the Linux kernel, the following vulnerability has been resolved: net: rds: clear isends on setup unwind The RDS IB connection teardown path is written so it can run during partial startup and on repeated shutdown attempts. It uses NULL pointers to distinguish resources that are still owned fro...
CVE-2026-53355
In the Linux kernel, the following vulnerability has been resolved: net: rds: clear isends on setup unwind The RDS IB connection teardown path is written so it can run during partial startup and on repeated shutdown attempts. It uses NULL pointers to distinguish resources that are still owned fro...
CVE-2025-12530
IBM watsonx.data intelligence 5.2.2, 5.3.0, 5.3.1, 5.3.1 through patch-1 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques...
EUVD-2025-210384
IBM watsonx.data intelligence 5.2.2, 5.3.0, 5.3.1, 5.3.1 through patch-1 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques...
CVE-2025-12530 Vulnerabilities found in Watson Data Intelligence
IBM watsonx.data intelligence 5.2.2, 5.3.0, 5.3.1, 5.3.1 through patch-1 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques...
CVE-2025-36336
CVE-2025-36336 affects IBM watsonx.data intelligence versions 5.2.0, 5.2.1, 5.2.2, and 5.3.0. The issue is that data is transmitted in clear text, which an attacker could exploit via man-in-the-middle techniques to obtain sensitive information. The base metrics show a moderate network attack with...