1975 matches found
CVE-2026-49274
CVE-2026-49274 affects Kirby CMS prior to versions 4.9.4 and 5.4.4. When the pages field is used and a role has pages.access disabled, authenticated users could supply an inaccessible parent page or site to the page picker backend, enabling confirmation of page existence and retrieval of title fi...
CVE-2026-59225 Open WebUI: Arena task endpoints can bypass underlying model access controls
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.8.12 before 0.10.0, an authenticated non-admin user with read access to an arena wrapper model can reach a restricted underlying model through task endpoints such as /api/v1/tasks/moa/completions. The...
CVE-2026-50644
SOPlanning is vulnerable to SQL injection in the audit retention configuration. An attacker holding parametersall rights can inject SQL commands into the audit configuration form which is then saved. The execution is triggered when the audit functionality is accessed by the attacker or another...
CVE-2026-59723
Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. Prior to 3.0.30, the Cline Hub dashboard server launched by the cline dashboard command accepts WebSocket connections on the /browser endpoint without validating the Origin header, and when ROOMSECRET is unset for loc...
CVE-2026-54780 CoreWCF: WS-Security Reference DigestMethod Algorithm-Suite Bypass
CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, the CoreWCF WS-Security 1.0 receive pipeline validates ds:SignedInfo SignatureMethod against the configured SecurityAlgorithmSuite but does not validate each ds:Reference...
CVE-2026-57481
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.9.1-alpha.13 and 8.6.83, a LiveQuery subscriber could receive object field values they were not authorized to read when a single save changed both an object field and the subscriber'...
CVE-2026-35210
Summary: OpenCTI prior to version 7.260326.0 contains an authorization bypass via the synchronized-upsert: true HTTP header, exploitable by any authenticated user with KNOWLEDGE_KNUPDATE permission. This allows bypassing Confidence Level validation and Object Marking restrictions, enabling attack...
CVE-2026-59947
Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, when Composer is run with -vvv debug verbosity, it could print a credential embedded in the username slot of a repository or package URL, such as a GitHub Personal Access Token in https://TOKEN@host/, to debug outp...
CVE-2026-58210
NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, an unauthenticated MQTT client could cause the server to retain large incomplete MQTT CONNECT packets before authentication completed, consuming server memory while the...
CVE-2026-58211
CVE-2026-58211 affects NATS Server. A vulnerable path allows a client to be registered as the configured no_auth_user via a parser path when the first client operation is not CONNECT, bypassing user-level connection restrictions such as allowed_connection_types or proxy_required. This could enabl...
CVE-2026-58213 NATS Server: MQTT SUBSCRIBE Protocol Injection via Leaf Node/Route Forwarding allows arbitrary NATS command injection
NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.1 and 2.12.9, an MQTT client could include protocol control characters in subscription filters that were later forwarded as NATS protocol data to route or leafnode connections, corrupti...
CVE-2026-58250
CVE-2026-58250 affects NATS Server: an unauthenticated peer with access to a leafnode listener with compression enabled could crash the server during the pre-authentication leafnode handshake by sending repeated leafnode INFO messages. The issue is fixed in versions 2.12.8 and 2.11.17 . Exploitat...
CVE-2026-58251 NATS Server: Queue Subscribe Authz Bypass
NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, an authenticated user with subscription deny permissions could bypass a plain subject deny rule by using a queue subscription, because queue-specific deny...
CVE-2026-59947 Composer: URL-embedded HTTP-Basic username leaks to verbose logs (GitHub PAT exposure)
Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, when Composer is run with -vvv debug verbosity, it could print a credential embedded in the username slot of a repository or package URL, such as a GitHub Personal Access Token in https://TOKEN@host/, to debug outp...
CVE-2026-59947 Composer: URL-embedded HTTP-Basic username leaks to verbose logs (GitHub PAT exposure)
Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, when Composer is run with -vvv debug verbosity, it could print a credential embedded in the username slot of a repository or package URL, such as a GitHub Personal Access Token in https://TOKEN@host/, to debug outp...
EUVD-2026-42297
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. In versions 2.39.0 through 2.39.3 and 2.40.0 until 2.43.0, unauthenticated restore and administrator initialization...
PT-2026-56612
Name of the Vulnerable Software and Affected Versions etcd versions prior to 3.5.32 etcd versions prior to 3.6.13 Description etcd is a distributed key-value store for the data of a distributed system. When configured with --listen-client-http-urls to split HTTP and gRPC client endpoints onto...
PT-2026-56562
Name of the Vulnerable Software and Affected Versions NATS Server versions prior to 2.14.3 NATS Server versions prior to 2.12.12 Description An authenticated MQTT client can subscribe to the internal $MQTT.deliver.pubrel subject family. This action allows the client to bypass configured subscribe...
PT-2026-56506
Name of the Vulnerable Software and Affected Versions Hono versions 4.11.8 through 4.12.26 Description During server-side rendering, the hono/jsx module fails to isolate context values on a per-request basis. This allows data from a different in-flight request to be accessed after an await...
PT-2026-56583
Name of the Vulnerable Software and Affected Versions NATS Server versions prior to 2.14.3 NATS Server versions prior to 2.12.12 Description A flaw exists where a client can be registered as the configured no auth user via a parser path triggered when the initial client operation is not CONNECT...