1085329 matches found
CGA-PPCM-JCWG-GWM4
Bulletin has no description...
EUVD-2026-38053
PhpWeasyPrint vulnerable to PHAR deserialization via output filename CVE-2023-28115 case-insensitive bypass...
EUVD-2026-31658
Cargo crates in third party registries can override the cached source of other crates...
CVE-2026-49869
Kestra OSS contains an unauthenticated RCE flaw in the AuthenticationFilter prior to versions 1.0.45 and 1.3.21. The whitelist uses a suffix check (request.getPath().endsWith("/configs")) to bypass Basic Auth, so any API path ending in configs bypasses authentication. An unauthenticated attacker ...
CVE-2026-53576
Kestra prior to versions 1.0.45 and 1.3.21 contained an authentication filter bypass on the REST API. Requests whose path ends in /configs were treated as the public instance-config endpoint and forwarded without credential checks, allowing anonymous access to resources such as /api/v1/{tenant}/f...
GHSA-MPWR-8VM7-H73F vulnerabilities
Vulnerabilities for packages: x509-certificate-exporter, nuclei, goreleaser, splunk-otel-collector, cert-manager, nfpm...
CVE-2026-48778
Notepad++ prior to 8.9.6.1 is affected by an RCE in config.xml: the value is read without validation and passed to ShellExecute when triggering File → Open Containing Folder → cmd, enabling attacker-controlled executable paths. The issue stems from NppXml::value() storing the value in _nppGUI._c...
CVE-2026-52780
OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, cache store poisoning leads to Remote Code Execution RCE. This vulnerability is fixed in 17.3.3 and 17.4.1...
CVE-2026-48800
Notepad++ prior to 8.9.6.1 is affected by CVE-2026-48800 where the content inside in shortcuts.xml is read without validation and used to build a Run menu item that ShellExecute() executes. The attacker-controlled string becomes the executable path when the user clicks the Run menu entry, enabl...
EUVD-2026-39862
Cudy LT300 3.0 running firmware prior to version 2.5.12 contains an OS command injection vulnerability that allows authenticated attackers to execute arbitrary commands by injecting shell metacharacters into the cbid.system.ntp.current POST parameter in the system time configuration interface...
EUVD-2026-39897
In the Linux kernel, the following vulnerability has been resolved: net: phonet: do not BUGON in pnsocketautobind on failed bind syzbot reported a kernel BUG triggered from pnsocketsendmsg via pnsocketautobind: kernel BUG at net/phonet/socket.c:213! RIP: 0010:pnsocketautobind...
Weekly Metasploit Update: Modules for Audiobookshelf, LiteLLM, Next.js, Dalfox and more
Help shape the future of Metasploit Framework We are planning future work in relation to the evasion capabilities present in Metasploit Framework, and how they function/are presented to users. We are currently accepting responses to our feedback form, which means that you can shape the future of...
CVE-2026-46386
OpenProject’s official docker image ships SECRET_KEY_BASE=OVERWRITE_ME and cookies_serializer = :marshal, creating a deterministic Marshal-deserialization path reachable via the /my/two_factor_devices cookie reader. This enables potential pre-authentication remote code execution, as noted in the ...
CVE-2026-52780
OpenProject (open-source, web-based project management software) is affected by a cache store poisoning vulnerability that can lead to Remote Code Execution (RCE) before versions 17.3.3 and 17.4.1. The issue is resolved in 17.3.3 and 17.4.1. Affected component details and underlying root cause ar...
CVE-2026-52780 OpenProject: Cache store poisoning leads to Remote Code Execution (RCE)
OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, cache store poisoning leads to Remote Code Execution RCE. This vulnerability is fixed in 17.3.3 and 17.4.1...
CVE-2026-56132
A flaw was found in libexpat, a library used for parsing XML data. An attacker could exploit a heap-based buffer overflow, a type of memory error, by providing specially crafted XML input. This vulnerability occurs when the library mishandles memory reallocation while processing XML, particularly...
CVE-2026-48706
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, a vulnerability exists in Envoy's TCP StatsD sink TcpStatsdSink, where the thread-local flusher buffer can be overflowed by exceptionally long statistic...
CVE-2026-47775
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, the OAuth2 HTTP filter's encrypt/decrypt functions use AES-256-CBC without an authentication tag no HMAC, no AEAD. The /callback endpoint returns HTTP 302 on...
CGA-33HM-G9CG-GPC8
Bulletin has no description...
CGA-Q99C-PQQ6-C969
Bulletin has no description...