33 matches found
[SECURITY] Fedora 44 Update: netatalk-4.4.3-1.fc44
Netatalk is a freely-available Open Source AFP file server. A NIX/BSD system running Netatalk is capable of serving many Macintosh clients simultaneously as an AppleShare file server AFP. In addition to the AFP file server daemon, the following utility programs are also included: ad - AppleDouble...
CVE-2026-32114
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, there is an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access metadata about AI personas, features, and LLM models by providing their...
CVE-2026-32114 Discourse's unscoped status lookups leak restricted metadata
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, there is an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access metadata about AI personas, features, and LLM models by providing their...
CVE-2026-32114
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, there is an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access metadata about AI personas, features, and LLM models by providing their...
EUVD-2026-13526
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, there is an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access metadata about AI personas, features, and LLM models by providing their...
CVE-2026-32114 Discourse's unscoped status lookups leak restricted metadata
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, there is an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access metadata about AI personas, features, and LLM models by providing their...
CVE-2026-1371 Tutor LMS <= 3.9.5 - Authenticated (Subscriber+) Information Disclosure in Coupon Details via 'tutor_coupon_details' AJAX Action
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.9.5. This is due to missing authorization checks in the ajaxcoupondetails function, which only validates nonces but does not verify use...
EUVD-2002-2036
Malware in sbrugna...
CVE-2025-10499
The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.12.0. This is due to missing or incorrect nonce validation on the maybeoptin function. This makes it possible for unauthenticated...
CVE-2025-10499
The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.12.0. This is due to missing or incorrect nonce validation on the maybeoptin function. This makes it possible for unauthenticated...
CVE-2025-10499 Ninja Forms – The Contact Form Builder That Grows With You <= 3.12.0 - Cross-Site Request Forgery to Plugin Settings Update
The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.12.0. This is due to missing or incorrect nonce validation on the maybeoptin function. This makes it possible for unauthenticated...
CVE-2025-10499 Ninja Forms – The Contact Form Builder That Grows With You <= 3.12.0 - Cross-Site Request Forgery to Plugin Settings Update
The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.12.0. This is due to missing or incorrect nonce validation on the maybeoptin function. This makes it possible for unauthenticated...
PT-2025-39706
Name of the Vulnerable Software and Affected Versions Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress versions prior to 3.12.1 Description The software is susceptible to a Cross-Site Request Forgery CSRF issue. This is caused by inadequate or missing nonce validati...
PT-2025-26600 · Jetbrains · Teamcity
Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2025.03.3 Description: The issue allows for reflected XSS on the "diskUsageBuildsStats" page. Recommendations: For versions prior to 2025.03.3, update to version 2025.03.3 or later to resolve the issue...
CVE-2002-2058
TeeKai Tracking Online 1.0 uses weak encryption of web usage statistics in data/userlog/log.txt, which allows remote attackers to identify IP's visiting the site by dividing each octet by the MD5 hash of '20'...
com.airbus-cyber-security.graylog:graylog-plugin-aggregation-count (>=1.1.0 <=4.1.1), com.airbus-cyber-security.graylog:graylog-plugin-alert-wizard (>=1.0.0 <=5.2.1) +12 more potentially affected by CVE-2025-46827 via org.graylog2:graylog2-server (>=1.0.0-beta.3 <=6.0.13)
org.graylog2:graylog2-server MAVEN version =1.0.0-beta.3, =1.1.0, =1.0.0, =1.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.1, =2.2.0, =1.1.0, =2.2.0, =2.2.0, =1.0.3, =1.0.0, =1.2.0, =1.3.4 Source cves: CVE-2025-46827 Source advisory: OSV:GHSA-76VF-MPMX-777J...
Important: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2.5 (collectd-libpod-stats) security update
An update for collectd-libpod-stats is now available for Red Hat OpenStack Platform 16.2.5 Train. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...
Important: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (collectd-libpod-stats) security update
An update for collectd-libpod-stats is now available for Red Hat OpenStack Platform 16.2 Train. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Lark Technologies: Normal User is able to EXPORT Feature Usage Statistics
A vulnerability was found where certain Lark endpoints did not properly validate user permissions, allowing a low-privileged user to generate and download usage statistics information. We thank @aishkendle for reporting this to our team...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure. The site-admin area can be accessed by regular users. Unprivileged users can have access to daily usage statistics and code intelligence uploads and indexes. It is not possible to alter the information, nor interac...