327 matches found
ROS-20260529-73-0009
The vulnerability in Portainer-Ce is related to deficiencies in the authentication process. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...
CVE-2026-5434
...
Next.js Framework 12.2.x < 15.5.16 / 16.x < 16.2.5 Information Disclosure
The Next.js Framework on the remote host is affected by an information disclosure vulnerability: - Applications using the Pages Router with i18n configured and middleware/proxy-based authorization can allow unauthorized access to protected page data through locale-less /next/data//.json requests...
ROS-20260515-73-0011
A vulnerability in the correlation function of the Grafana monitoring and surveillance platform is related to insufficient access controls. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to protected information...
CVE-2026-44573
Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, Applications using the Pages Router with i18n configured and middleware/proxy-based authorization can allow unauthorized access to protected page data through locale-less...
CVE-2026-44573 Next.js: Middleware / Proxy bypass in Pages Router applications using i18n
Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, Applications using the Pages Router with i18n configured and middleware/proxy-based authorization can allow unauthorized access to protected page data through locale-less...
CVE-2026-44573
CVE-2026-44573 affects Next.js (Pages Router with i18n). From 12.2.0 up to but not including 15.5.16 and 16.2.5, middleware/proxy-based authorization can be bypassed for locale-less /_next/data//.json requests, allowing retrieval of SSR JSON for protected pages without authorization checks. The u...
CVE-2026-44573 Next.js: Middleware / Proxy bypass in Pages Router applications using i18n
Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, Applications using the Pages Router with i18n configured and middleware/proxy-based authorization can allow unauthorized access to protected page data through locale-less...
CVE-2026-43652
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.5. An app may be able to access protected user data...
CVE-2025-9987
The Broadstreet plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.53.1 via the getsponsoredmeta AJAX action. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract data from password protect...
ROS-20260512-73-0022
A vulnerability in the Core component of the Oracle VM VirtualBox virtual machine is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker to gain access to read, modify, or delete protected information...
ROS-20260512-73-0021
A vulnerability in the Core component of the Oracle VM VirtualBox virtual machine is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker to gain access to read, modify, or delete protected information...
CVE-2026-28930
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.5. An app may be able to access protected user data...
CVE-2026-43652
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.5. An app may be able to access protected user data...
CVE-2026-43652
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.5. An app may be able to access protected user data...
CVE-2026-28930
CVE-2026-28930 affects macOS Tahoe; a permissions issue allowed an app to access protected user data. The RedHat/NCSC/EUVD/NVD/Nessus entries and related feeds confirm the root cause as a permissions restriction, with the resolution being the macOS Tahoe 26.5 security update that applies addition...
CVE-2026-28930
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.5. An app may be able to access protected user data...
CVE-2026-28930
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.5. An app may be able to access protected user data...
Next.js has a Middleware / Proxy bypass in Pages Router applications using i18n
Impact Applications using the Pages Router with i18n configured and middleware/proxy-based authorization can allow unauthorized access to protected page data through locale-less /next/data//.json requests. In affected configurations, middleware does not run for the unprefixed data route, allowing...
ROS-20260507-73-0001
Vulnerability in roundcubemail related to lack of validation of received requests. Exploitation of the vulnerability could allow a remote attacker to disclose protected information...