157 matches found
PT-2026-32439
Occasional URL redirection to untrusted Site 'Open Redirect' vulnerability in Apache Tomcat via the LoadBalancerDrainingValve. This issue affects Apache Tomcat: from 11.0.0 through 11.0.18, from 10.1.0 through 10.1.52, from 9.0.0 through 9.0.115, from 8.5.30 through 8.5.100. Other, unsupported...
Apache Tomcat Missing Encryption of Sensitive Data vulnerability
Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the...
Missing Authorization
Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Missing Authorization in the admin changelist forms using ModelAdmin.listeditable. An attacker can gain unauthorized access to...
PT-2026-30827
Name of the Vulnerable Software and Affected Versions Apache Kafka versions 3.9.1 and earlier, 4.0.1 and earlier, and 4.1.1 and earlier Description A race condition in the Apache Kafka Java producer client’s buffer pool management can cause messages to be silently delivered to incorrect topics...
CVE-2025-65114
Apache Traffic Server allows request smuggling if chunked messages are malformed. This issue affects Apache Traffic Server: from 9.0.0 through 9.2.12, from 10.0.0 through 10.1.1. Users are recommended to upgrade to version 9.2.13 or 10.1.2, which fix the issue...
CLEANSTART-2026-FQ05951 Security fixes for CVE-2025-0913, CVE-2025-15558, CVE-2025-4673, CVE-2025-47907, CVE-2025-58181, CVE-2025-62156, CVE-2025-62157, CVE-2026-24051, CVE-2026-25934, CVE-2026-27141, ghsa-2x5j-vhc8-9cwm, ghsa-37cx-329c-33x3, ghsa-c2hv-4pfj-mm2r, ghsa-cfpf-hrx2-8rv6, ghsa-p436-gjf2-799p, ghsa-p84v-gxvw-73pf applied in versions: 3.6.13-r0, 3.6.15-r1, 3.6.18-r0, 3.6.19-r0, 3.6.19-r1, 3.7.0-r0, 3.7.3-r0
Multiple security vulnerabilities affect the argo-workflows-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
Incorrect Authorization
Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Incorrect Authorization. Adobe Vulnerability Report:This vulnerability could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass...
Incorrect Authorization
Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Incorrect Authorization. Adobe Vulnerability Report:This vulnerability could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass...
PT-2026-21791
Name of the Vulnerable Software and Affected Versions Mautic versions prior to 4.4.19 Mautic versions prior to 5.2.10 Mautic versions prior to 6.0.8 Mautic versions prior to 7.0.1 Description A SQL injection issue exists in the API endpoint used for retrieving contact activities. The vulnerabilit...
CVE-2025-65995
When a DAG failed during parsing, Airflow’s error-reporting in the UI could include the full kwargs passed to the operators. If those kwargs contained sensitive values such as secrets, they might be exposed in the UI tracebacks to authenticated users who had permission to view that DAG. The issue...
Security update for rekor
This update for rekor fixes the following issues: Security fixes: CVE-2025-58058: Fixed github.com/ulikunitz/xz leaks memory bsc1248910 CVE-2025-29923: Fixed potential out of order responses when CLIENT SETINFO times out during connection establishment bsc1241153 Other fixes: Update to version...
Open Redirect
Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Open Redirect via insufficient validation of redirect parameters in the OAuth login flow. An attacker can redirect authenticated users to malicious sites by crafting a specially designed URL...
Security update for postgresql17, postgresql18
This update for postgresql17, postgresql18 fixes the following issues: Changes in postgresql18: Fix build with uring for post SLE15 code streams. Update to 18.1: https://www.postgresql.org/about/news/p-3171/ https://www.postgresql.org/docs/release/18.1/ bsc1253332, CVE-2025-12817: Missing check f...
SUSE-SU-2026:20357-1 Security update for elemental-toolkit, elemental-operator
This update for elemental-toolkit, elemental-operator fixes the following issues: elemental-operator: - Update to v1.7.4: Bump github.com/rancher-sandbox/go-tpm and its dependencies This bump includes few CVE fixes: bsc1241826 CVE-2025-22872 bsc1241857 CVE-2025-22872 bsc1251511 CVE-2025-47911...
File Inclusion tar-fs Dependency in Confluence Data Center and Server
This High severity File Inclusion vulnerability known as CVE-2025-59343 was introduced in version 7.19 of Confluence Data Center and Server. This File Inclusion vulnerability, with a CVSS Score of 8.7 and a CVSS Vector of CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N allows an...
CVE-2025-66169
Cypher Injection vulnerability in Apache Camel camel-neo4j component. This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0 Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0...
CVE-2025-66169 Apache Camel Neo4j: Cypher injection vulnerability in Camel-Neo4j component
Cypher Injection vulnerability in Apache Camel camel-neo4j component. This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0 Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0...
PT-2026-2216
Name of the Vulnerable Software and Affected Versions Ghost versions 5.105.0 through 5.130.5 Ghost versions 6.0.0 through 6.10.3 Description Ghost is a Node.js content management system. A flaw in Ghost’s 2FA mechanism permits staff users to bypass email 2FA. The issue affects the two-factor...
CVE-2025-15437
LigeroSmart (up to 6.1.24) has a cross-site scripting vulnerability in the Environment Variable Handler, triggered by manipulation of the REQUEST_URI argument. The attack can be initiated remotely and an exploit has been publicly disclosed. Remediation: upgrade to LigeroSmart 6.1.26 or 6.3; patch...
CVE-2025-68113
ALTCHA is privacy-first software for captcha and bot protection. A cryptographic semantic binding flaw in ALTCHA libraries allows challenge payload splicing, which may enable replay attacks. The HMAC signature does not unambiguously bind challenge parameters to the nonce, allowing an attacker to...