851 matches found
PT-2026-38281
Name of the Vulnerable Software and Affected Versions azureauthextension versions 0.124.0 through 0.150.0 Description A server-side authentication bypass exists in the azureauthextension when used by an OpenTelemetry receiver with auth: azure auth. The Authenticate function fails to validate...
RHCOS 3 : OpenShift Container Platform 3.11.685 (RHSA-2022:1420)
The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1420 advisory. - xstream: Injecting highly recursive collections or maps can cause a DoS CVE-2021-43859 - workflow-cps: OS command execution throug...
exiftool-vendored vulnerable to argument injection via newline characters in tag names
Impact exiftool-vendored starts ExifTool in -stayopen True -@ - mode, where arguments are read from stdin one per line. In affected versions, several caller-supplied strings were interpolated into ExifTool arguments without rejecting line delimiters. A newline or carriage return inside one of tho...
Linux Distros Unpatched Vulnerability : CVE-2026-40706
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in ntfsbuildpermissionsposix in acls.c that allows an attacker to corrupt heap memory in th...
Mobatek MobaXterm 安全漏洞
Mobatek MobaXterm is a terminal software developed by the French company Mobatek. It integrates an enhanced terminal, X servers, and Unix command sets GNU/Cygwin. The Mobatek MobaXterm Home Edition 26.1 and earlier versions have security vulnerabilities. These vulnerabilities stem from an unknown...
External Control of File Name or Path
Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the adapterConfig.instructionsFilePath configuration field, which is processed by the server during agent execution. An attacker can access sensitive files on the host filesystem by supplying...
External Control of File Name or Path
Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the adapterConfig.instructionsFilePath configuration field, which is processed by the server during agent execution. An attacker can access sensitive files on the host filesystem by supplying...
CVE-2026-34370
Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the notebook module contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated student to read the private course notes of any other user on the platform by manipulating t...
CVE-2026-34370
Chamilo LMS is affected in versions prior to 2.0.0-RC.3 by an IDOR in the Notebook module. An authenticated student can read another user’s private notes by altering notebook_id in the editnote action. The read path get_note_information() does not verify ownership, while write paths have ownershi...
CVE-2026-4913
Improper protection of an alternate path in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to retain access when their account has been disabled...
CVE-2025-65135
CVE-2025-65135 affects manikandan580 School-management-system 1.0. The issue is a time-based blind SQL injection in /studentms/admin/between-date-reprtsdetails.php exploitable via the fromdate POST parameter. According to the data, the vulnerability has CVSS v3.1: Critical (Base Score 9.8) with n...
ClearanceKit 安全漏洞
ClearanceKit is a macOS file system access control tool developed by Craig J. Bass. Versions of ClearanceKit prior to 5.0.4-beta-1f46165 contained security vulnerabilities. These vulnerabilities stemmed from the endpoint security event handler only checking the source path for double-path...
Insufficient Session Expiration
Overview Affected versions of this package are vulnerable to Insufficient Session Expiration through the logout handler in airflow-core/src/airflow/apifastapi/coreapi/routes/public/auth.py and the token validation path in airflow-core/src/airflow/apifastapi/auth/managers/baseauthmanager.py. An...
Security update for python-poetry
This update for python-poetry fixes the following issue: CVE-2026-34591: From version 1.4.0 to before version 2.3.3, a crafted wheel can contain ../ paths that Poetry writes to disk without containment checks, allowing arbitrary file write bsc1261383. Patch Instructions: To install this SUSE upda...
CVE-2026-35463
Pyload/pyload-ng (CVE-2026-35463) exposes a remote code execution path when the AntiVirus plugin’s executable path (avfile) and arguments are user-configurable. The ADMIN_ONLY_OPTIONS protection applies to core config but not to plugin config, allowing a non-admin user with SETTINGS permission to...
Endian Firewall remark parameter cross-site scripting vulnerability
Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall remark parameter, which stems from improper handling of the remark parameter in /manage/password/web/, and can be exploited by an attacker to inject malicious scri...
CVE-2026-34787 Emlog: Local File Inclusion in plugin.php via unsanitized plugin parameter
Emlog is an open source website building system. In versions 2.6.2 and prior, a Local File Inclusion LFI vulnerability exists in admin/plugin.php at line 80. The $plugin parameter from the GET request is directly used in a requireonce path without proper sanitization. If the CSRF token check can ...
Permissive Regular Expression
Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...
EUVD-2026-17679
Claude SDK for TypeScript: Memory Tool Path Validation Allows Sandbox Escape to Sibling Directories...
Amazon Linux 2023 : runfinch-finch (ALAS2023-2026-1507)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1507 advisory. Fulcio is a certificate authority for issuing code signing certificates for an OpenID Connect OIDC identity. Prior to 1.8.5, Fulcio's metaRegex function uses unanchored regex, allowing attacke...