82222 matches found
CVE-2026-13083
A flaw was found in the Pen Drive report generator. Cluster-sourced data is rendered into HTML reports without proper escaping or sanitization. An attacker with cluster administrator privileges can inject a stored cross-site scripting XSS payload into cluster objects such as ClusterVersion...
CVE-2026-13083
CVE-2026-13083 concerns the Pen Drive report generator, where cluster-sourced data is rendered into HTML reports without proper escaping or sanitization, enabling stored XSS. An attacker with cluster administrator privileges can inject XSS payloads into cluster objects (e.g., ClusterVersion spec....
DEBIAN-CVE-2026-40084
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal through the Report formatfile Parameter, causing arbitrary file read. This vulnerability occurs in two stages. In the first stage stored injection, lib/htmlreports.php at...
CVE-2026-40084
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal through the Report formatfile Parameter, causing arbitrary file read. This vulnerability occurs in two stages. In the first stage stored injection, lib/htmlreports.php at...
CVE-2026-40084 Cacti: Arbitrary File Read via Path Traversal in Report `format_file` Parameter
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal through the Report formatfile Parameter, causing arbitrary file read. This vulnerability occurs in two stages. In the first stage stored injection, lib/htmlreports.php at...
GO-2026-5409 Grafana: SQL Expressions Read File From Disk in github.com/grafana/grafana
Grafana: SQL Expressions Read File From Disk in github.com/grafana/grafana. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please...
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 15, 2026 to June 21, 2026)
Last week, there were 147 vulnerabilities disclosed in 127 WordPress Plugins and 2 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 85 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities...
CVE-2026-28701
creationtimestamp| type| source ---|---|--- 2026-06-25 17:15:07+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-176-04 2026-06-26 23:55:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpa5fuicyu2l 2026-06-27 00:00:43+00:00| seen|...
CVE-2026-11379
creationtimestamp| type| source ---|---|--- 2026-06-25 05:45:29+00:00| seen| https://www.hkcert.org/security-bulletin/gitlab-multiple-vulnerabilities20260625 2026-06-25 06:01:01+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mp3qvr4vl42z 2026-06-25 12:00:27+00:00| seen|...
PT-2026-52627
Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.31 Description Cacti is an open source performance and fault management framework. A path traversal issue allows for arbitrary file read through the Report format file parameter. The process occurs in two stages:...
PT-2026-52630
Name of the Vulnerable Software and Affected Versions Pen Drive report generator affected versions not specified Description An issue exists where cluster-sourced data is rendered into HTML reports without proper escaping or sanitization. This allows an attacker with cluster administrator...
Malicious code in rstreams-shard-util (npm)
The rstreams-shard-util npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the...
CVE-2026-45677
creationtimestamp| type| source ---|---|--- 2026-06-24 22:31:15+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mp2xrisplq2o...
UBUNTU-CVE-2026-2050
GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...
CVE-2026-2050
GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...
CVE-2026-52966
In the Linux kernel, the following vulnerability has been resolved: drm: Replace old pointer to new idr Commit 5e28b7b94408 introduced a logical error by failing to replace the newly generated IDR pointer to old id's pointer at the correct location within the "change handle" logic; this resulted ...
CVE-2026-52959
The CVE-2026-52959 issue affects the Linux kernel SEV guest module. During an extended guest request (SVM_VMGEXIT_EXT_GUEST_REQUEST), get_ext_report() allocates a buffer for a host certificate blob and stores its size in report_req->certs_len. The host may return SNP_GUEST_VMM_ERR_INVALID_LEN ...
CVE-2026-52950 drm/xe/dma-buf: fix UAF with retry loop
In the Linux kernel, the following vulnerability has been resolved: drm/xe/dma-buf: fix UAF with retry loop Retry doesn't work here, since bo will be freed on error, leading to UAF. However, now that we do the alloc & init before the attach, we can now combine this as one unit and have the init d...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: net: dsa: Free routing table on probe failure If complete is set to true in dsatreesetup, it means that we are the last switch in the tree that is being probed successfully. We should then set up all switches along our probe path...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: dm: fixed the unlocked test for dmsuspendedmd. The function dmblkreportzones checks whether the device is suspended using the dmsuspendedmd call. However, this function is called without holding any locks, so the device may be...