4437 matches found
PT-2026-38892
Name of the Vulnerable Software and Affected Versions User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration versions prior to 4.3.2 Description Insufficient input validation and type checking on the wpuf files parameter during form submission, combine...
Important: Red Hat Security Advisory: General availability of the satellite/iop-host-inventory-frontend-rhel9 container image
A new satellite/iop-host-inventory-frontend-rhel9 container image is now generally available in the Red Hat container registry. Red Hat Lightspeed in Satellite analyzes system health and configuration by applying predefined rules to a small set of local data, such as installed packages, running...
Important: Red Hat Security Advisory: General availability of the satellite/iop-advisor-frontend-rhel9 container image
A new satellite/iop-advisor-frontend-rhel9 container image is now generally available in the Red Hat container registry. Red Hat Lightspeed in Satellite analyzes system health and configuration by applying predefined rules to a small set of local data, such as installed packages, running services...
MAL-2026-3363 Malicious code in mrdaa-frontend (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 757aca74d8d75ecde7421f2c632969a5b34c11a279d9d28b75755c2ca0825ceb The package mrdaa-frontend was found to contain malicious code. Source: ghsa-malware 0b6c586cd7adad52516658de8bbb3eb18f166350414f223fd73fe34a240d6948...
SUSE CVE-2026-43249
In the Linux kernel, the following vulnerability has been resolved: 9p/xen: protect xen9pfsfrontfree against concurrent calls The xenwatch thread can race with other back-end change notifications and call xen9pfsfrontfree twice, hitting the observed general protection fault due to a double-free...
GHSA-Q98M-7W8C-W388 Kyverno policy-reporter-ui has XSS via Stored Property Values in PropertyCard Component
Summary Vue 3's v-html directive is the framework-documented mechanism for injecting raw HTML, and it intentionally disables the auto-escaping that interpolation provides. The PropertyCard.vue component uses v-html for the else branch of the URL check, meaning any non-URL string value flows...
CVE-2026-43249 9p/xen: protect xen_9pfs_front_free against concurrent calls
In the Linux kernel, the following vulnerability has been resolved: 9p/xen: protect xen9pfsfrontfree against concurrent calls The xenwatch thread can race with other back-end change notifications and call xen9pfsfrontfree twice, hitting the observed general protection fault due to a double-free...
CVE-2026-43249
In the Linux kernel, the following vulnerability has been resolved: 9p/xen: protect xen9pfsfrontfree against concurrent calls The xenwatch thread can race with other back-end change notifications and call xen9pfsfrontfree twice, hitting the observed general protection fault due to a double-free...
sse-channel: SSE Injection via unsanitized event fields
Impact Implementations that allows user-provided values to be passed to event, retry or id fields would be susceptible to event spoofing, where an attacker could inject arbitrary messages into the stream. - Event Spoofing: Attacker can inject arbitrary SSE events into the stream - Client-side...
CLSA-2026-1777944610 grafana: Fix of CVE-2026-27877
CVE-2026-27877: fix exposure of direct data-source passwords via public dashboards by limiting frontend settings to data sources actually used by the dashboard - Note: upstream test additions in pkg/api/frontendsettingstest.go are not backported. The %check stage only runs the Jest frontend suite...
CVE-2026-5337
During the analysis, it was identified that authenticated attackers with Subscriber-level access or higher are able to perform an Insecure Direct Object Reference IDOR attack. This vulnerability exists because the Frontend File Manager Plugin WordPress plugin through 23.6 does not properly valida...
CVE-2026-7733 funadmin Frontend Chunked Upload Endpoint UploadService.php chunkUpload unrestricted upload
A flaw has been found in funadmin up to 7.1.0-rc6. This affects the function UploadService::chunkUpload of the file app/common/service/UploadService.php of the component Frontend Chunked Upload Endpoint. This manipulation of the argument File causes unrestricted upload. The attack is possible to ...
CVE-2026-7733 funadmin Frontend Chunked Upload Endpoint UploadService.php chunkUpload unrestricted upload
A flaw has been found in funadmin up to 7.1.0-rc6. This affects the function UploadService::chunkUpload of the file app/common/service/UploadService.php of the component Frontend Chunked Upload Endpoint. This manipulation of the argument File causes unrestricted upload. The attack is possible to ...
FunAdmin 访问控制错误漏洞
FunAdmin is an open-source backend development system developed using ThinkPHP6 and Layui. Versions of FunAdmin 7.1.0-rc6 and earlier contain an access control vulnerability. This vulnerability stems from the UploadService::chunkUpload function in the Frontend Chunked Upload Endpoint, where the...
Malicious code in @breezeai-frontend/i18n-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6ac9fdcbcce08cc6f8e7c4cef2e5fee0a6d39a79341be57b71f5bb219743e05 The package @breezeai-frontend/i18n-config was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3293 Malicious code in @breezeai-frontend/i18n-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6ac9fdcbcce08cc6f8e7c4cef2e5fee0a6d39a79341be57b71f5bb219743e05 The package @breezeai-frontend/i18n-config was found to contain malicious code. Source: ghsa-malware...
CVE-2026-5337
During the analysis, it was identified that authenticated attackers with Subscriber-level access or higher are able to perform an Insecure Direct Object Reference IDOR attack. This vulnerability exists because the Frontend File Manager Plugin WordPress plugin through 23.6 does not properly valida...
EUVD-2026-26818
During the analysis, it was identified that authenticated attackers with Subscriber-level access or higher are able to perform an Insecure Direct Object Reference IDOR attack. This vulnerability exists because the Frontend File Manager Plugin WordPress plugin through 23.6 does not properly valida...
CVE-2026-5337
During the analysis, it was identified that authenticated attackers with Subscriber-level access or higher are able to perform an Insecure Direct Object Reference IDOR attack. This vulnerability exists because the Frontend File Manager Plugin WordPress plugin through 23.6 does not properly valida...
CVE-2026-5337 Frontend File Manager Plugin <= 23.6 - Subscriber+ Arbitrary Download Access via IDOR
During the analysis, it was identified that authenticated attackers with Subscriber-level access or higher are able to perform an Insecure Direct Object Reference IDOR attack. This vulnerability exists because the Frontend File Manager Plugin WordPress plugin through 23.6 does not properly valida...