48706 matches found
CVE-2026-53099
A flaw was found in the Linux kernel. The issue arises from an incorrect configuration option for Control-Flow Integrity CFI, a security mechanism designed to prevent certain types of attacks. Due to a naming change, the CFI code was not properly compiled, leading to its intended protections not...
Mitel MiCollab - Authentication Bypass
A vulnerability in the NuPoint Unified Messaging NPM component of Mitel MiCollab through 9.8 SP1 FP2 9.8.1.201 could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the...
PT-2026-52517
Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.34.0 pnpm versions prior to 11.4.0 Description The tarball extraction worker in the pnpm package manager fails to perform integrity verification when the integrity field is missing from the lockfile resolution. This...
PT-2026-52602
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description PKCS12 MAC verification uses a comparison length controlled by an attacker, which weakens the integrity check on the Message Authentication Code MAC and allows a...
PT-2026-52518
Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.34.0 pnpm versions prior to 11.4.0 Description When running pnpm install in non-frozen mode, the package manager may accept new remote package content even after detecting that the downloaded tarball does not match th...
DEBIAN-CVE-2026-39894
Cacti is an open source performance and fault management framework. In versions 1.2.30 and below, the locale-dependent decimal formatting in rrdtoolfunctionupdate can corrupt RRDtool metric values. The rrdtoolfunctionupdate function checks metric values with isnumeric and concatenates them into t...
CVE-2026-39894
Cacti is an open source performance and fault management framework. In versions 1.2.30 and below, the locale-dependent decimal formatting in rrdtoolfunctionupdate can corrupt RRDtool metric values. The rrdtoolfunctionupdate function checks metric values with isnumeric and concatenates them into t...
UBUNTU-CVE-2026-39894
Cacti is an open source performance and fault management framework. In versions 1.2.30 and below, the locale-dependent decimal formatting in rrdtoolfunctionupdate can corrupt RRDtool metric values. The rrdtoolfunctionupdate function checks metric values with isnumeric and concatenates them into t...
CVE-2026-39894
CVE-2026-39894 affects Cacti (≤ 1.2.30). Locale-dependent decimal formatting in rrdtool_function_update() uses PHP string interpolation for metric values after is_numeric(), so a value like 1.5 may be rendered as 1,5 under LC_NUMERIC with a comma decimal. RRDtool expects a dot, causing metric dat...
CVE-2026-39894 Cacti: RRDtool metric shift via LC_NUMERIC locale comma decimal formatting
Cacti is an open source performance and fault management framework. In versions 1.2.30 and below, the locale-dependent decimal formatting in rrdtoolfunctionupdate can corrupt RRDtool metric values. The rrdtoolfunctionupdate function checks metric values with isnumeric and concatenates them into t...
CVE-2026-39894
Cacti is an open source performance and fault management framework. In versions 1.2.30 and below, the locale-dependent decimal formatting in rrdtoolfunctionupdate can corrupt RRDtool metric values. The rrdtoolfunctionupdate function checks metric values with isnumeric and concatenates them into t...
CVE-2026-12770
A flaw was found in BerriAI litellm. A remote attacker could exploit an improper authorization vulnerability within the Admin Key Handler component. This could allow the attacker to perform unauthorized actions, leading to limited impacts on data integrity and service availability...
EUVD-2026-38967
In the Linux kernel, the following vulnerability has been resolved: bpf: Switch CONFIGCFICLANG to CONFIGCFI This was renamed in commit 23ef9d439769 "kcfi: Rename CONFIGCFICLANG to CONFIGCFI" as it is now a compiler-agnostic option. Using the wrong name results in the code getting compiled out...
Astra Linux – Vulnerability in grub2
A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory use-after-free issue, occurs because the normalexit command is not properly unregistered when its related module is unloaded. An attacker can exploit this condition by invoking the command after...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: BPF: crypto: Use the correct destructor kfunc type With CONFIGCFI enabled, the kernel strictly ensures that indirect function calls use a function pointer type that matches the target function. I encountered the following type...
CVE-2026-56351
n8n before version 2.4.0 contains a sql injection vulnerability in MySQL, PostgreSQL, and Microsoft SQL nodes that allows authenticated users to inject arbitrary SQL through unescaped identifier values in node configuration parameters. Attackers with workflow creation permissions can supply...
CVE-2026-56244
CVE-2026-56244 (Capgo) affects Capgo prior to 12.128.2. The issue arises because non-admin API keys can read webhook signing secrets via Supabase REST due to insufficient row-level security on the webhooks table. This enables attackers to retrieve the webhook secret and forge valid X-Capgo-Signat...
LibreOffice: LibreOffice: Denial of Service via crafted OOXML documents
A flaw was found in LibreOffice. A remote attacker could exploit this out-of-bounds write vulnerability by tricking a user into opening a specially crafted OOXML Office Open XML document with mismatched encryption salt parameters. This could lead to a denial of service DoS, making the application...
EUVD-2026-38631
Fortra File Integrity Monitoring FIM, formerly Tripwire Enterprise, versions prior to 9.4.0.1 contain a stored cross-site scripting XSS vulnerability in the Asset View UI component. An authenticated user with sufficient privileges to create or modify affected node or database configuration fields...
EUVD-2026-38636
Fortra File Integrity Monitoring FIM, formerly Tripwire Enterprise, versions prior to 9.4.0 may assign incorrect or elevated effective permissions to users created by the tetool import command while FIM is running, particularly when the import also creates or changes roles or role-permission...