1801 matches found
Cockpit Web Console < 360 - Remote Code Execution
Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects malicious SSH...
CVE-2026-39821 affecting package git-lfs for versions less than 3.6.1-3
CVE-2026-39821 affecting package git-lfs for versions less than 3.6.1-3. A patched version of the package is available...
CVE-2026-41918
A vulnerability has been identified in RUGGEDCOM RST2428P 6GK6242-6PA00 All versions V4.0. The affected applications stores sensitive information in the browser cache when an authenticated user modify specific configurations. This could allow an authenticated attacker to access sensitive data...
EUVD-2026-33914
A vulnerability has been identified in RUGGEDCOM RST2428P 6GK6242-6PA00 All versions V4.0. The affected applications stores sensitive information in the browser cache when an authenticated user modify specific configurations. This could allow an authenticated attacker to access sensitive data...
CVE-2026-29181 affecting package etcd for versions less than 3.5.30-2
CVE-2026-29181 affecting package etcd for versions less than 3.5.30-2. A patched version of the package is available...
CVE-2026-39835 affecting package kubernetes for versions less than 1.30.10-25
CVE-2026-39835 affecting package kubernetes for versions less than 1.30.10-25. A patched version of the package is available...
CVE-2026-39821 affecting package kubernetes for versions less than 1.30.10-25
CVE-2026-39821 affecting package kubernetes for versions less than 1.30.10-25. A patched version of the package is available...
CVE-2026-39821 affecting package moby-engine for versions less than 25.0.3-18
CVE-2026-39821 affecting package moby-engine for versions less than 25.0.3-18. A patched version of the package is available...
CVE-2026-39834 affecting package moby-engine for versions less than 25.0.3-18
CVE-2026-39834 affecting package moby-engine for versions less than 25.0.3-18. A patched version of the package is available...
CVE-2026-39827 affecting package moby-engine for versions less than 25.0.3-18
CVE-2026-39827 affecting package moby-engine for versions less than 25.0.3-18. A patched version of the package is available...
CVE-2026-39835 affecting package moby-engine for versions less than 25.0.3-18
CVE-2026-39835 affecting package moby-engine for versions less than 25.0.3-18. A patched version of the package is available...
CVE-2026-39830 affecting package kubernetes for versions less than 1.30.10-25
CVE-2026-39830 affecting package kubernetes for versions less than 1.30.10-25. A patched version of the package is available...
WordPress Support Board plugin < 3.8.9 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by Phat RiO in WordPress Plugin Support Board versions 3.8.9...
CVE-2026-40545 Reflected XSS in SOPlanning
SOPlanning is vulnerable to Reflected XSS via the taches parameter. An attacker can craft a malicious URL which, when opened by authenticated victim, results in arbitrary JavaScript execution in the victim’s browser. This issue affects SOPlanning version 1.55 and below...
WordPress HT Contact Form plugin <= 2.8.2 - Unauthenticated Stored Cross-Site Scripting via File Upload Field vulnerability
Unauthenticated Stored Cross-Site Scripting via File Upload Field vulnerability discovered by Azril Fathoni kiseki - Heroes Cyber Security in WordPress Plugin HT Contact Form 7 versions = 2.8.2...
PT-2026-45356
SOPlanning does not enforce authorization for backup functionalities. An unauthenticated attacker can directly query backup-related endpoints and retrieve backup archives containing user databases with usernames and password hashes, as well as the config.csv file, which includes additional...
CVE-2026-39828 affecting package kubevirt for versions less than 1.7.1-5
CVE-2026-39828 affecting package kubevirt for versions less than 1.7.1-5. A patched version of the package is available...
CVE-2026-39827 affecting package cert-manager for versions less than 1.12.15-8
CVE-2026-39827 affecting package cert-manager for versions less than 1.12.15-8. A patched version of the package is available...
CVE-2026-39829 affecting package packer for versions less than 1.9.5-14
CVE-2026-39829 affecting package packer for versions less than 1.9.5-14. A patched version of the package is available...
CVE-2026-39821 affecting package influxdb for versions less than 2.7.5-17
CVE-2026-39821 affecting package influxdb for versions less than 2.7.5-17. A patched version of the package is available...