3209 matches found
CVE-2026-54733
creationtimestamp| type| source ---|---|--- 2026-07-16 16:15:41+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqrn26pxli2a 2026-07-16 16:48:04+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqrou4dsoi2o 2026-07-17 17:12:45+00:00| seen|...
CVE-2016-5181
creationtimestamp| type| source ---|---|--- 2026-07-16 13:00:04+00:00| seen| https://t.me/KaitNews/312 2026-07-17 00:00:51+00:00| seen| https://t.me/KaitNews/312...
openSUSE 16: helm / helm-bash-completion / helm-fish-completion / etc (openSUSE-SU-2026:21331-1)
The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:21331-1 advisory. This update for helm fixes the following issue - CVE-2026-48978: oras.land/oras-go/v2/registry/remote/auth: malicious registry can hijack Bearer token...
CVE-2026-54560
Cloudreve is a self-hosted file management and sharing system. From 4.12.0 until 4.16.1, Cloudreve's OAuth access tokens are issued without the OAuth clientid claim, so the JWT verifier does not load token scopes into request context and RequiredScopes treats the request like non-scoped session...
EUVD-2026-44689
Cloudreve is a self-hosted file management and sharing system. From 4.12.0 until 4.16.1, Cloudreve's OAuth access tokens are issued without the OAuth clientid claim, so the JWT verifier does not load token scopes into request context and RequiredScopes treats the request like non-scoped session...
CVE-2026-54560 Cloudreve: OAuth access tokens bypass scope enforcement due to missing client_id claim
Cloudreve is a self-hosted file management and sharing system. From 4.12.0 until 4.16.1, Cloudreve's OAuth access tokens are issued without the OAuth clientid claim, so the JWT verifier does not load token scopes into request context and RequiredScopes treats the request like non-scoped session...
EUVD-2026-44687
Cloudreve is a self-hosted file management and sharing system. Prior to 4.16.1, Cloudreve's remote download workflow accepts user-supplied URLs at POST /api/v4/workflow/download and passes them to the configured downloader without blocking loopback, localhost, IPv6 localhost, or...
CVE-2026-54562
Cloudreve CVE-2026-54562 affects the self-hosted file management system. Prior to version 4.16.1, the remote download workflow at POST /api/v4/workflow/download passes user-supplied URLs to the downloader without blocking loopback/localhost/IPv6 localhost or redirect-to-loopback targets. This all...
Oracle Linux 10 : postgresql16 (ELSA-2026-19010)
The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19010 advisory. 16.13-1.0.1 - Replace upstream reference Orabug: 37044148 Tenable has extracted the preceding description block directly from the Oracle Linux securi...
CVE-2026-58475 Sustainable Irrigation Platform 5.2.16 Stored XSS via Program Name
Sustainable Irrigation Platform SIP through version 5.2.16 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject arbitrary JavaScript by supplying malicious script payloads within program names submitted via HTTP requests. Attackers can exploit the...
openSUSE 16 Security Update : tiff (openSUSE-SU-2026:21289-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:21289-1 advisory. This update for tiff fixes the following issues - CVE-2026-12912: heap-based buffer overflow when processing crafted PixarLog-compressed TIFF...
openSUSE 16 Security Update : perl-DBI (openSUSE-SU-2026:21293-1)
The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:21293-1 advisory. This update for perl-DBI fixes the following issues - CVE-2026-14380: unvalidated string eval interpolation of the Profile package name can lead...
openSUSE 16: apache2-mod_php8 / php8 / php8-bcmath / php8-bz2 / php8-calendar / etc (openSUSE-SU-2026:21308-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:21308-1 advisory. This update for php8 fixes the following issues - Update to versio 8.4.23 - CVE-2026-14355: The AES-WRAP-PAD algorithm implementation in OpenSSL...
openSUSE 16 Security Update : python-cryptography (openSUSE-SU-2026:21294-1)
The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:21294-1 advisory. This update for python-cryptography fixes the following issues - CVE-2026-41676: openssl: Deriver:derive and PkeyCtxRef:derive can overflow shor...
openSUSE 16: agama / agama-autoinstall / agama-cli / agama-cli-bash-completion / etc (openSUSE-SU-2026:21292-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:21292-1 advisory. This update for agama fixes the following issues - CVE-2026-41677: openssl: out-of-bounds read in PEM password callback when returning an...
CVE-2026-13221 Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perl_study_chunk
Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perlstudychunk. When such branches are combined into a trie, the delta between the first branch and the shared tail is stored ...
Security update for agama (important)
openSUSE security update: security update for agama ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21292-1 Rating: important References: bsc1270526 bsc1270602 bsc1270678 bsc1270784 bsc1270850 bsc1270891 bsc1270992 Cross-References: CVE-2026-41677...
openSUSE 16 Security Update : rust-keylime (openSUSE-SU-2026:21274-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:21274-1 advisory. Update to version 0.2.9+49. Security issues fixed: - CVE-2026-41676: openssl: Deriver:derive and PkeyCtxRef:derive can overflow short buffers on...
CVE-2026-58503
Frappe is a full-stack web application framework. Prior to 16.16.0 and 15.106.0, user enumeration could be performed via the resetpassword endpoint. This issue is fixed in versions 16.16.0 and 15.106.0...
CVE-2026-42219 Frappe: Path Traversal via /backups Route
Frappe is a full-stack web application framework. Prior to 16.19.0 and 15.109.0, path traversal via downloadbackups was possible due to lack of hardening. This issue is fixed in versions 16.19.0 and 15.109.0...