Linux Distros Unpatched Vulnerability : CVE-2026-44825

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Hardcoded credentials in the Basic Authentication setup tool bin/solr auth enable in Apache Solr versions 9.4.0 through 9.10.1 and 10.0.0 allows a remote attack...

CVE-2026-44848

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, The Docker plugin management endpoints /plugins/ were not registered...

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management via improper handling of user roles in the api process. An attacker can gain unauthorized administrative privileges by sending crafted requests after authenticating as a regular user. Remediation Upgrade...

CVE-2026-9614

An Improper Access Control vulnerability in Ivanti Neurons for ITSM cloud and on-premises allows a remote authenticated attacker to gain administrative access...

CVE-2026-9614

An Improper Access Control vulnerability in Ivanti Neurons for ITSM cloud and on-premises allows a remote authenticated attacker to gain administrative access...

CVE-2026-9614

An Improper Access Control vulnerability in Ivanti Neurons for ITSM cloud and on-premises allows a remote authenticated attacker to gain administrative access...

CVE-2026-45279

Nextcloud Server versions 31.0.0–31.0.13 and 32.0.0–32.0.3 are affected when {lang} is used in the template directory config value. Non-admin users can in some cases copy arbitrary files into their own Nextcloud directory via a path traversal, depending on Unix permissions. Impact is described as...

Security Advisory Ivanti Neurons for ITSM (CVE-2026-9614)

Ivanti has released updates for Ivanti Neurons for ITSM which addresses one high severity vulnerability. Successful exploitation could lead to authenticated privilege escalation to an administrator. We are not aware of any customers being exploited by this vulnerability at the time of disclosure...

Insecure Default Initialization of Resource

Overview org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene Affected versions of this package are vulnerable to Insecure Default Initialization of Resource in the Basic Authentication setup bin/solr auth enable tool. An attacker can gain full...

CVE-2026-25600 Credential Exposure Vulnerability in Trac PDBM

The PDBM application relies on a static, hard‑coded secret embedded in the PDBM.exe executable. This secret is used by the application’s encryption routines, including the function responsible for decrypting credentials stored in the product’s configuration file. Because the secret is constant...

CVE-2026-49157

Incorrect Default Permissions vulnerability in Apache ActiveMQ. This issue affects Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6. The default Jolokia authorization settings granted non-admin low-privilege web-login accounts access to Jolokia operations which allowed executing broker...

CVE-2026-44825 Apache Solr: Enabling BasicAuth using bin/solr CLI configures additional insecure users

Hardcoded credentials in the Basic Authentication setup tool bin/solr auth enable in Apache Solr versions 9.4.0 through 9.10.1 and 10.0.0 allows a remote attacker to gain full administrative access to the cluster via publicly known default credentials installed silently alongside the user-specifi...

CVE-2026-44825

Hardcoded credentials in the Basic Authentication setup tool bin/solr auth enable in Apache Solr versions 9.4.0 through 9.10.1 and 10.0.0 allows a remote attacker to gain full administrative access to the cluster via publicly known default credentials installed silently alongside the user-specifi...

EUVD-2026-33574

Incorrect Default Permissions vulnerability in Apache ActiveMQ. This issue affects Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6. The default Jolokia authorization settings granted non-admin low-privilege web-login accounts access to Jolokia operations which allowed executing broker...

PT-2026-45381

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ versions prior to 5.19.7 Apache ActiveMQ versions 6.0.0 through 6.2.5 Description Incorrect default permissions in Jolokia authorization settings allow authenticated low-privilege web-login accounts to access operations intende...

Apache ActiveMQ 安全漏洞

Apache ActiveMQ is an open-source messaging middleware developed by the Apache Foundation in the United States. It supports Java Message Service, clustering, Spring Framework, etc. There is a security vulnerability in Apache ActiveMQ, which stems from improper default Jolokia authorization...

Apache Solr 安全漏洞

Apache Solr is a search server based on Lucene, developed by the Apache Foundation in the United States. This product supports faceted searching, vertical searching, and highlighting search results. Vulnerabilities exist in Apache Solr versions 9.4.0 through 9.10.1, as well as 10.0.0, due to...

CVE-2026-41859 - Missing TLS in NATS sync | Cloud Foundry

CVSS Score: High 7.1 CVSSv4: High 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:H/SI:H/SA:H CVSSv3: High 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Vendor Cloudfoundry Foundation / BOSH Versions Affected Severity is High unless otherwise noted. BOSH – All versions prior to v282.1....

Malicious Package

Overview Sicoob-Cooperativa.Sicoob.Investimentos is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organizatio...

Malicious Package

Overview Sicoob-Cooperativa.Sicoob.PagamentosPix is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organizatio...