17441 matches found
CVE-2026-6873
An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.http.HttpRequest.getsignedcookie in Django uses a non-injective salt derivation concatenating the cookie name and salt argument, which allows a remote attacker to use a cookie in a context different from the one wher...
CVE-2026-47325
ProjectsAndPrograms school-management-system uses predictable credentials by generating student's and teacher's passwords solely from the user’s date of birth e.g., 12072000 for 12 July 2000. The application does not require or prompt users to change the password upon first login. This behavior...
ROOT-APP-MAVEN-CVE-2026-40973 CVE-2026-40973 in io.root.org.springframework.boot:spring-boot - Patched by Root
Root has patched CVE-2026-40973 in the io.root.org.springframework.boot:spring-boot package for Root:Maven. Multiple fixed versions available...
vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass
A flaw was found in Vim's zip.vim plugin. A local user could be tricked into opening a specially crafted zip archive, which would allow a path traversal bypass. This vulnerability enables an attacker to overwrite arbitrary files on the system, potentially leading to data integrity issues or furth...
ROOT-OS-UBUNTU-2404-CVE-2026-43069 CVE-2026-43069 in rootio-linux - Patched by Root
Root has patched CVE-2026-43069 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2404-CVE-2025-68172 CVE-2025-68172 in rootio-linux - Patched by Root
Root has patched CVE-2025-68172 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2404-CVE-2026-43220 CVE-2026-43220 in rootio-linux - Patched by Root
Root has patched CVE-2026-43220 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2404-CVE-2026-23413 CVE-2026-23413 in rootio-linux - Patched by Root
Root has patched CVE-2026-23413 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2404-CVE-2025-38565 CVE-2025-38565 in rootio-linux - Patched by Root
Root has patched CVE-2025-38565 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2404-CVE-2025-39677 CVE-2025-39677 in rootio-linux - Patched by Root
Root has patched CVE-2025-39677 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2404-CVE-2026-23164 CVE-2026-23164 in rootio-linux - Patched by Root
Root has patched CVE-2026-23164 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2404-CVE-2026-43194 CVE-2026-43194 in rootio-linux - Patched by Root
Root has patched CVE-2026-43194 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2404-CVE-2026-43471 CVE-2026-43471 in rootio-linux - Patched by Root
Root has patched CVE-2026-43471 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
USN-8375-1: nginx vulnerabilities
It was discovered that the nginx ngxmailsmtpmodule module incorrectly handled certain memory operations when doing SMTP authentication. This could possibly result in sensitive information being sent to the authentication server. CVE-2025-53859 It was discovered that nginx incorrectly handled...
Navidrome <=0.54.5 - Authentication Bypass in Subsonic API
Navidrome is an open source web-based music collection server and streamer. Starting in version 0.52.0 and prior to version 0.54.5, in certain Subsonic API endpoints, a flaw in the authentication check process allows an attacker to specify any arbitrary username that does not exist on the system,...
WordPress Toolbar <= 2.2.6 - Open Redirect
The plugin redirects to any URL via the "wptbto" parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. id: CVE-2023-6389 info: name: WordPress Toolbar = 2.2.6 - Open Redirect...
WooCommerce Ultimate Gift Card ≤ 2.6.0 - Arbitrary File Upload
The WooCommerce Ultimate Gift Card plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'mwbwgmpreviewmail' and 'mwbwgmwoocommerceaddcartitemdata' functions in all versions up to, and including, 2.6.0. This makes it possible for...
Stable Diffusion Webui 1.10.0 - Open Redirect
An open redirect vulnerability exists in Stable-Diffusion-Webui 1.10.0, where the file parameter in the /file= endpoint can be manipulated to redirect users to malicious websites. This could facilitate phishing attacks by tricking users into visiting attacker-controlled URLs. id: CVE-2024-11044...
CVE-2025-14774
creationtimestamp| type| source ---|---|--- 2026-06-03 06:01:01+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/control-systems-abb-security-advisory-av26-545 2026-06-03 13:20:55+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnf77v6mex2u...
PT-2026-45947
An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.http.HttpRequest.get signed cookie in Django uses a non-injective salt derivation concatenating the cookie name and salt argument, which allows a remote attacker to use a cookie in a context different from the one...