500 matches found
PT-2026-57268
Name of the Vulnerable Software and Affected Versions Snipe-IT versions prior to 8.6.0 Description An authenticated user can silently cancel pending asset requests of another user due to insufficient authorization. This occurs when the system processes the cancel by admin URL path segment in the...
EUVD-2026-41995
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, terminal websocket bootstrap routes only check authentication and do not enforce terminal authorization, allowing a low-privileged team member to connect to terminal routes...
PT-2026-56279
Name of the Vulnerable Software and Affected Versions Cap affected versions not specified Description The 'GET /api/video/ai' endpoint fails to validate user ownership or membership. This allows authenticated attackers to provide arbitrary video IDs to access private AI metadata, such as titles,...
Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure
Threat actors have been observed attempting to exploit a recently patched critical security flaw in Gitea Docker images, according to Sysdig. The vulnerability in question is CVE-2026-20896 CVSS score: 9.8, a vulnerability that stems from the DevOps platform trusting the "X-WEBAUTH-USER" header...
UBUNTU-CVE-2026-14790
A flaw has been found in GPAC 26.02.0. This affects the function nhmldumpsendframe of the file src/filters/writenhml.c of the component Media File Handler. Executing a manipulation can lead to null pointer dereference. The attack requires local access. The exploit has been published and may be...
CVE-2026-57352
Unauthenticated Broken Authentication in ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce = 2.2.0 versions...
CVE-2026-54262
Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, a low-level user with the "Can submit translation" permission can create translations for any page, including those they do not have permissions for. This issue has been fixed in...
CVE-2026-53903
MCO is vulnerable to an Insecure Direct Object Reference IDOR vulnerability in the /customer/servlet/mco/webapi/trading-document/fetchPdfStatement endpoint. The application does not properly validate whether an authenticated user is authorized to access a requested document, allowing direct...
CVE-2026-11779
Technical details about CVE-2026-11779 are not publicly available in the provided documents. Monitor for updates.
PT-2026-52205
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 13.6 through 18.11.5 GitLab CE/EE versions 19.0 through 19.0.2 GitLab CE/EE versions 19.1 through 19.1.0 Description Incorrect authorization checks in the group packages feature allow an authenticated user with...
Dell Wyse Management Suite < 2605 Multiple Vulnerabilities (DSA-2026-247)
The version of Dell Wyse Management Suite installed on the remote host is prior to 2605. It is, therefore, affected by multiple vulnerabilities, including: - Dell Wyse Management Suite WMS, versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command...
RHEL 9 : redis (RHSA-2026:28139)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28139 advisory. Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and...
PT-2026-51208
Name of the Vulnerable Software and Affected Versions BerriAI litellm versions prior to 1.82.3 Description An authentication bypass exists in the SSO Debug Flow component. A remote attacker can manipulate the json.dumps function within the file litellm/proxy/management endpoints/ui sso.py, which...
xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: out-of-bounds heap write in DRI2 DRIGetBuffers/DRIGetBuffersWithFormat
An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft can trigger an out-of-bounds heap write. This may be used to crash the server, or for...
CVE-2026-39518
Subscriber Insecure Direct Object References IDOR in EventPrime = 4.3.0.0 versions...
ROS-20260615-73-0021
The vulnerability of the xfAppUpdateWindowFromSurface function in the RDP client FreeRDP relates to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information...
EUVD-2026-35804
Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issu...
CVE-2026-47352
Authenticated backend users were able to retrieve file metadata via several Backend API routes without proper permission checks, allowing access to files outside their permitted file mounts or storages. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.50, 12.0.0-12.4.45,...
Dell Inventory Collector Client 安全漏洞
Dell Inventory Collector Client is a terminal asset inventory tool developed by the American company Dell. Versions of Dell Inventory Collector Client prior to version 13.8.0 contained security vulnerabilities. These vulnerabilities were caused by improper link resolution before file access, whic...
CVE-2026-11191
An out of bounds memory access flaw was found in the ANGLE component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=503392431...