580 matches found
EUVD-2026-33875
A security vulnerability has been detected in 1Panel-dev CordysCRM up to 1.4.1. This impacts the function Save of the file src/main/java/cn/cordys/crm/system/service/ModuleFormService.java of the component ModuleFormController. The manipulation of the argument Description leads to cross site...
CVE-2026-3279 Enable jQuery Migrate Helper <= 1.4.1 - Missing Authorization to Authenticated (Subscriber+) jQuery Version Downgrade
The Enable jQuery Migrate Helper plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the downgradejqueryversion function in all versions up to, and including, 1.4.1. This is due to the function only verifying a nonce without checking user...
WordPress Reisen theme <= 1.4.1 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Reisen versions = 1.4.1...
CVE-2026-41512
ai-scanner is an AI model safety scanner built on NVIDIA garak. From version 1.0.0 to before version 1.4.1, there is a remote code execution vulnerability via JavaScript injection in BrowserAutomation::PlaywrightService. This issue has been patched in version 1.4.1...
CVE-2026-41512 Remote code execution via JavaScript injection in `BrowserAutomation::PlaywrightService`
ai-scanner is an AI model safety scanner built on NVIDIA garak. From version 1.0.0 to before version 1.4.1, there is a remote code execution vulnerability via JavaScript injection in BrowserAutomation::PlaywrightService. This issue has been patched in version 1.4.1...
CVE-2026-41512
ai-scanner is an AI model safety scanner built on NVIDIA garak. From version 1.0.0 to before version 1.4.1, there is a remote code execution vulnerability via JavaScript injection in BrowserAutomation::PlaywrightService. This issue has been patched in version 1.4.1...
CVE-2026-41512
ai-scanner (built on NVIDIA garak) contains a remote code execution vulnerability in versions 1.0.0 up to before 1.4.1, caused by JavaScript injection in BrowserAutomation::PlaywrightService. A patch is available in v1.4.1. CVSSv3.1 metrics in the entry indicate a CRITICAL base score (9.9) with n...
Fedora 44 : pie (2026-7acc0ad1fc)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-7acc0ad1fc advisory. Version 1.4.1 - Update bundled Composer to 2.9.7 ---- Version 1.4.0 New features! - Prompt to install missing system dependencies - Prompt to install build...
WordPress Metro Magazine theme <= 1.4.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Theme Metro Magazine versions = 1.4.1...
[SECURITY] Fedora 43 Update: pie-1.4.1-1.fc43
PIE PHP Installer for Extensions. PIE can install an extension to any installed PHP version. A list of extensions that support PIE can be found on https://packagist.org/extensions. Documentation: /usr/share/doc/pie/docs/usage.md...
Fedora 43 : pie (2026-3f4283f831)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3f4283f831 advisory. Version 1.4.1 - Update bundled Composer to 2.9.7 ---- Version 1.4.0 New features! - Prompt to install missing system dependencies - Prompt to install build...
WordPress Eldon theme <= 1.4.1 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Eldon versions = 1.4.1...
Linux Distros Unpatched Vulnerability : CVE-2026-32726
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypas...
Linux Distros Unpatched Vulnerability : CVE-2026-32725
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypas...
SUSE CVE-2026-32725
SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass when processing path-based scopes in tokens. The library normalizes the scope path from the token before authorization and collapses "....
DEBIAN-CVE-2026-32725
SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass when processing path-based scopes in tokens. The library normalizes the scope path from the token before authorization and collapses "....
DEBIAN-CVE-2026-32726
SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass in path-based scope validation. The enforcer used a simple string-prefix comparison when checking whether a requested resource path was...
CVE-2026-32725
SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass when processing path-based scopes in tokens. The library normalizes the scope path from the token before authorization and collapses "....
CVE-2026-32726
SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass in path-based scope validation. The enforcer used a simple string-prefix comparison when checking whether a requested resource path was...
UBUNTU-CVE-2026-32726
SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass in path-based scope validation. The enforcer used a simple string-prefix comparison when checking whether a requested resource path was...