1708 matches found
CVE-2026-41154
CVE-2026-41154 : The issue affects the GPU DDK in the CMA Cleanup Path of AllocOSPages_Sparse. When indexing pages larger than 4kB in the sparse memory page-freeing logic, an incorrect buffer indexing leads to out-of-bounds (OOB) reads/writes in kernel memory, exposed to software running as a non...
AI SEO/GEO Analyzer - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-076
The AI SEO/GEO Analyzer module generates SEO/GEO analysis reports by sending content of an entity including its comments to an LLM, then converts the model's Markdown response to HTML and stores it for display to privileged users. The generated HTML was rendered without passing through Drupal's...
Ray Enterprise Translation - Moderately critical - Cross site request forgery - SA-CONTRIB-2026-071
The Lingotek Ray Enterprise Translation provides multilingual site management. The module fails to protect several state-changing administrative routes against Cross Site Request Forgery attacks. An attacker could trick a privileged user into visiting a crafted page that triggers actions such as...
PT-2026-56660
Name of the Vulnerable Software and Affected Versions Ray Enterprise Translation versions 0.0.0 through 4.0.4 Ray Enterprise Translation versions 4.1.0 through 4.1.4 Ray Enterprise Translation versions 11.0.0 through 11.0.4 Description Cross-Site Request Forgery CSRF occurs when a module fails to...
CVE-2026-48947
An improper access check allows privileged users to overwrite media files without editing permissions...
CVE-2026-48947
An improper access check allows privileged users to overwrite media files without editing permissions...
CVE-2026-48947 Joomla! Core - [20260701] - Incorrect Access Control in com_media webservice endpoints
An improper access check allows privileged users to overwrite media files without editing permissions...
CVE-2026-48947
An improper access check allows privileged users to overwrite media files without editing permissions...
EUVD-2026-42069
An improper access check allows privileged users to overwrite media files without editing permissions...
CVE-2026-48947 Joomla! Core - [20260701] - Incorrect Access Control in com_media webservice endpoints
An improper access check allows privileged users to overwrite media files without editing permissions...
PT-2026-56220
Name of the Vulnerable Software and Affected Versions Joomla! Core affected versions not specified Description An improper access check in the com media webservice endpoints allows privileged users to overwrite media files even if they lack the necessary editing permissions. Recommendations At th...
CVE-2026-13384
CVE-2026-13384 is an Out-of-bounds Write vulnerability in WatchGuard Fireware OS wgagent. An authenticated privileged user could remotely execute arbitrary code via specially crafted requests to the Management Web UI. Affected: Fireware OS 12.1–12.12 and 2025.1–2026.2. CVSS details indicate netwo...
CVE-2026-56149
Allocation of Resources Without Limits or Throttling CWE-770 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. A user with elevated privileges can submit a specially crafted machine learning request that causes excessive memory consumption, which may render the...
CVE-2026-58036 Users API leaks whether privileged users have their user groups disabled for lack of 2FA
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiQueryAllUsers.Php, includes/Api/ApiQueryUsers.Php, includes/Permissions/PermissionManager.Php,...
Linux Distros Unpatched Vulnerability : CVE-2026-53236
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tcp: restrict SOATTACHFILTER to priv users This patch restricts the use of SOATTACHFILTER cBPF on TCP sockets to users with CAPNETADMIN capability. This blocks...
tcp: restrict SO_ATTACH_FILTER to priv users
...
SUSE CVE-2026-53249
In the Linux kernel, the following vulnerability has been resolved: ipv4: restrict IPOPTSSRR and IPOPTLSRR options This patch restricts setting Loose Source and Record Route LSRR and Strict Source and Record Route SSRR IP options to users with CAPNETRAW capability. This prevents unprivileged...
CVE-2020-37256 Grav - Cross-Site Scripting in Admin Plugin Page Editor
Grav before 1.6.30 contains a cross-site scripting vulnerability in the Admin plugin page editor default security configuration. Privileged users with page editing capabilities can inject malicious scripts to execute arbitrary code and install malicious plugins for system access...
CVE-2026-53236
In the Linux kernel, the following vulnerability has been resolved: tcp: restrict SOATTACHFILTER to priv users This patch restricts the use of SOATTACHFILTER cBPF on TCP sockets to users with CAPNETADMIN capability. This blocks potential side-channel attack where an unprivileged application...
CVE-2026-53236
CVE-2026-53236 affects the Linux kernel where a patch restricts SO_ATTACH_FILTER (cBPF) usage on TCP sockets to CAP_NET_ADMIN, mitigating a potential side-channel leaking TCP sequence/ACK data. Debian/Ubuntu entries show patches across newer kernel builds (e.g., Linux 6.1 series with 6.1.176-1~de...