CVE-2026-23529

Summary: CVE-2026-23529 affects the Kafka Connect BigQuery Connector (Google BigQuery Sink) before version 2.11.0. The root cause is failure to validate externally-sourced credential configurations prior to passing them to Google authentication libraries during connector setup. An attacker can su...

CVE-2026-23529 Arbitrary File Read in Google BigQuery Sink connector

Kafka Connect BigQuery Connector is an implementation of a sink connector from Apache Kafka to Google BigQuery. Prior to 2.11.0, there is an arbitrary file read in Google BigQuery Sink connector. Aiven's Google BigQuery Kafka Connect Sink connector requires Google Cloud credential configurations...

GravCMS security vulnerabilities

GravCMS is a content management system developed by the Grav company. Version 1.10.7 of GravCMS has a security vulnerability. This vulnerability stems from unvalidated YAML configurations that can be written into the system, potentially allowing PHP code to be executed through the scheduler...

NETGATE Spy Emergency security vulnerability

NETGATE Spy Emergency is a Trojan virus detection and removal software developed by the Slovak company NETGATE. Version 25.0.650 of NETGATE Spy Emergency contains a security vulnerability. This vulnerability stems from the use of service paths without quotes in Windows service configurations, whi...

PT-2026-3269

Name of the Vulnerable Software and Affected Versions Kafka Connect BigQuery Connector versions prior to 2.11.0 Description The Kafka Connect BigQuery Connector, a sink connector from Apache Kafka to Google BigQuery, contains a flaw that could allow arbitrary file reads. This occurs because the...

MiracleLinux 4 : spice-server-0.12.4-16.AXS4.2 (AXSA:2018-3432:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2018-3432:01 advisory. spice: Possible buffer overflow via invalid monitor configurations CVE-2017-7506 Tenable has extracted the preceding description block directly from the...

GHSA-4WG4-P27P-5Q2R Pimcore Web2Print Tools Bundle "Favourite Output Channel Configuration" Missing Function Level Authorization

Summary The application fails to enforce proper server-side authorization checks on the API endpoint responsible for managing "Favourite Output Channel Configurations." Testing revealed that an authenticated backend user without explicitely lacking permissions for this feature was still able to...

CVE-2026-23496

Pimcore Web2Print Tools Bundle adds tools for web-to-print use cases to Pimcore. Prior to 5.2.2 and 6.1.1, the application fails to enforce proper server-side authorization checks on the API endpoint responsible for managing "Favourite Output Channel Configurations." Testing revealed that an...

EUVD-2026-2726

Pimcore Web2Print Tools Bundle adds tools for web-to-print use cases to Pimcore. Prior to 5.2.2 and 6.1.1, the application fails to enforce proper server-side authorization checks on the API endpoint responsible for managing "Favourite Output Channel Configurations." Testing revealed that an...

CVE-2026-23496

Pimcore Web2Print Tools Bundle adds tools for web-to-print use cases to Pimcore. Prior to 5.2.2 and 6.1.1, the application fails to enforce proper server-side authorization checks on the API endpoint responsible for managing "Favourite Output Channel Configurations." Testing revealed that an...

CVE-2026-23496 Pimcore Web2Print Tools Bundle "Favourite Output Channel Configuration" Missing Function Level Authorization

Pimcore Web2Print Tools Bundle adds tools for web-to-print use cases to Pimcore. Prior to 5.2.2 and 6.1.1, the application fails to enforce proper server-side authorization checks on the API endpoint responsible for managing "Favourite Output Channel Configurations." Testing revealed that an...

CVE-2026-23494 Pimcore is Missing Function Level Authorization on "Static Routes" Listing

Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the application fails to enforce proper server-side authorization checks on the API endpoint responsible for reading or listing static routes. In Pimcore, static routes are custom URL patterns defined vi...

CVE-2026-23494 Pimcore is Missing Function Level Authorization on "Static Routes" Listing

Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the application fails to enforce proper server-side authorization checks on the API endpoint responsible for reading or listing static routes. In Pimcore, static routes are custom URL patterns defined vi...

Pimcore security vulnerabilities

Pimcore is an open-source web content management platform developed by the Austrian company Pimcore. This platform integrates applications such as web content management, e-commerce frameworks, and product information management. Versions of Pimcore prior to 12.3.1 and 11.5.14 contained security...

Ambassador API Gateway Diagnostics Sensitive Information Disclosure

Ambassador API Gateway includes a diagnostics portal that provides detailed information about the API Gateway's configuration and operation. If this portal is accessible without proper authentication, it can expose sensitive information such as service mappings, API endpoints, routing...

PT-2026-3150

Name of the Vulnerable Software and Affected Versions Brother BRPrint Auditor version 3.0.7 Description The software contains an unquoted service path vulnerability in its Windows service configurations. This allows local attackers to potentially execute arbitrary code. Attackers can exploit...

PT-2026-4736

Summary The application fails to enforce proper server-side authorization checks on the API endpoint responsible for managing "Favourite Output Channel Configurations." Testing revealed that an authenticated backend user without explicitely lacking permissions for this feature was still able to...

PT-2026-3078

Pimcore Web2Print Tools Bundle adds tools for web-to-print use cases to Pimcore. Prior to 5.2.2 and 6.1.1, the application fails to enforce proper server-side authorization checks on the API endpoint responsible for managing "Favourite Output Channel Configurations." Testing revealed that an...

MadeForNet HTTP Debugger Pro code issues and vulnerabilities

MadeForNet HTTP Debugger Pro is an HTTP/HTTPS protocol packet capture and analysis tool developed by the American company MadeForNet. Version 9.11 of MadeForNet HTTP Debugger Pro contains a code vulnerability. This vulnerability stems from binary paths in service configurations that lack quotatio...

Pimcore access control vulnerability

Pimcore is an open-source web content management platform developed by the Austrian company Pimcore. This platform integrates applications such as web content management, e-commerce frameworks, and product information management. Pimcore has a security vulnerability related to access control, whi...