4428 matches found
CVE-2026-8204
Concrete CMS 9.5.0 and below is vulnerable to authorization Bypass in the Calendar Event Frontend Dialog which can allow cross-calendar data disclosure. A public calendar block can be used as a pivot point to access private calendar data. The Concrete CMS security team gave this vulnerability a...
CVE-2026-8204
Concrete CMS 9.5.0 and earlier versions are vulnerable to an authorization bypass in the Calendar Event Frontend Dialog, enabling potential cross-calendar data disclosure. A public calendar block can be used as a pivot to access private calendar data. The CVSS v4.0 base score is 6.3 (AV:N/AC:L/AT...
EUVD-2026-31348
Concrete CMS 9.5.0 and below is vulnerable to authorization Bypass in the Calendar Event Frontend Dialog which can allow cross-calendar data disclosure. A public calendar block can be used as a pivot point to access private calendar data. The Concrete CMS security team gave this vulnerability a...
CVE-2026-8204 Concrete CMS 9.5.0 and below is vulnerable to Authorization Bypass in the Calendar Event Frontend Dialog
Concrete CMS 9.5.0 and below is vulnerable to authorization Bypass in the Calendar Event Frontend Dialog which can allow cross-calendar data disclosure. A public calendar block can be used as a pivot point to access private calendar data. The Concrete CMS security team gave this vulnerability a...
CVE-2026-8204 Concrete CMS 9.5.0 and below is vulnerable to Authorization Bypass in the Calendar Event Frontend Dialog
Concrete CMS 9.5.0 and below is vulnerable to authorization Bypass in the Calendar Event Frontend Dialog which can allow cross-calendar data disclosure. A public calendar block can be used as a pivot point to access private calendar data. The Concrete CMS security team gave this vulnerability a...
CVE-2026-7860
A possible information disclosure vulnerability exists in the Vaadin Maven plugin and Vaadin Gradle plugin that exposes the full set of environment variables in build logs whenever the frontend build process exits with a non-zero status. Because the build environment may contain credentials...
PT-2026-42544
Concrete CMS 9.5.0 and below is vulnerable to authorization Bypass in the Calendar Event Frontend Dialog which can allow cross-calendar data disclosure. A public calendar block can be used as a pivot point to access private calendar data. The Concrete CMS security team gave this vulnerability a...
Malicious Package
Overview @limebike/frontend-core-api is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious code in @limebike/frontend-core-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36e6a8b7768f00cc5d468fe7a21f8792da1970b60e5ccbad17eefeda1a8d5b3d Package squats the @limebike npm scope and ships a preinstall/postinstall hook node index.js that, on npm install, collects hostname, non-internal...
MAL-2026-4187 Malicious code in @limebike/frontend-core-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36e6a8b7768f00cc5d468fe7a21f8792da1970b60e5ccbad17eefeda1a8d5b3d Package squats the @limebike npm scope and ships a preinstall/postinstall hook node index.js that, on npm install, collects hostname, non-internal...
Malicious code in @riskine-frontend/design-elements (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 307db7b976bd8c59b1e8e8247fee9f91ab6a353bf0ae6aa129ceb8e552d6814c @riskine-frontend/[email protected] is a near-empty package whose only effect on install is to pull an external dependency. index.js contains ju...
MAL-2026-4425 Malicious code in @riskine-frontend/design-elements (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 307db7b976bd8c59b1e8e8247fee9f91ab6a353bf0ae6aa129ceb8e552d6814c @riskine-frontend/[email protected] is a near-empty package whose only effect on install is to pull an external dependency. index.js contains ju...
Astra Linux - уязвимость в linux, linux-5.10
Rogue backends can cause Denial of Service DoS attacks on guests through high-frequency events. This CNA information record relates to multiple Common Vulnerabilities and Exposures CVEs; the text explains which aspects/vulnerabilities correspond to which CVEs. Xen allows for the execution of PV...
Astra Linux - уязвимость в puma
Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP requests comply with the RFC7230 standard, Puma and the frontend proxy may disagree about where the requests start and...
CVE-2026-8096
The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.6. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...
EUVD-2026-30971
The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.6. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...
CVE-2026-8096 Kirki <= 6.0.6 - Missing Authorization to Authenticated (Subscriber+) Sensitive Form Submission Data Exposure via 'kirki_wp_admin_get_apis' Action
The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.6. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...
CVE-2026-8096
The vulnerability CVE-2026-8096 affects the Kirki – Freeform Page Builder, Website Builder & Customizer WordPress plugin. All versions up to and including 6.0.6 are affected due to an authorization check failure in kirki_wp_admin_get_apis, allowing authenticated users with subscriber-level access...
GHSA-J8MX-J73W-9MXW Vaadin Build Plugins is Affected by a Possible Information Disclosure Vulnerability
A possible information disclosure vulnerability exists in the Vaadin Maven plugin and Vaadin Gradle plugin that exposes the full set of environment variables in build logs whenever the frontend build process exits with a non-zero status. Because the build environment may contain credentials...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure in the frontend build process when it exits with a non-zero status. An attacker can obtain sensitive environment variables, including credentials, by reviewing build logs or archived build artifacts generated during...