87011 matches found
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the pprof endpoint. An attacker can obtain sensitive authentication tokens by sending unauthenticated requests to the /debug/pprof/cmdline endpoint and subsequently use the leaked token to gain unauthorized...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the pprof endpoint. An attacker can obtain sensitive authentication tokens by sending unauthenticated requests to the /debug/pprof/cmdline endpoint and subsequently use the leaked token to gain unauthorized...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the pprof endpoint. An attacker can obtain sensitive authentication tokens by sending unauthenticated requests to the /debug/pprof/cmdline endpoint and subsequently use the leaked token to gain unauthorized...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the pprof endpoint. An attacker can obtain sensitive authentication tokens by sending unauthenticated requests to the /debug/pprof/cmdline endpoint and subsequently use the leaked token to gain unauthorized...
CVE-2026-40500 ProcessWire CMS SSRF via Add Module From URL
ProcessWire CMS version 3.0.255 and prior contain a server-side request forgery vulnerability in the admin panel's 'Add Module From URL' feature that allows authenticated administrators to supply arbitrary URLs to the module download parameter, causing the server to issue outbound HTTP requests t...
CVE-2026-40173
Dgraph is an open source distributed GraphQL database. Versions 25.3.1 and prior contain an unauthenticated credential disclosure vulnerability where the /debug/pprof/cmdline endpoint is registered on the default mux and reachable without authentication, exposing the full process command line...
CVE-2026-40173 Dgraph: Unauthenticated pprof endpoint leaks admin auth token
Dgraph is an open source distributed GraphQL database. Versions 25.3.1 and prior contain an unauthenticated credential disclosure vulnerability where the /debug/pprof/cmdline endpoint is registered on the default mux and reachable without authentication, exposing the full process command line...
CVE-2026-40173
Dgraph is an open source distributed GraphQL database. Versions 25.3.1 and prior contain an unauthenticated credential disclosure vulnerability where the /debug/pprof/cmdline endpoint is registered on the default mux and reachable without authentication, exposing the full process command line...
CVE-2026-40173 Dgraph: Unauthenticated pprof endpoint leaks admin auth token
Dgraph is an open source distributed GraphQL database. Versions 25.3.1 and prior contain an unauthenticated credential disclosure vulnerability where the /debug/pprof/cmdline endpoint is registered on the default mux and reachable without authentication, exposing the full process command line...
CVE-2026-40173
Dgraph (Open Source GraphQL DB) versions
CVE-2026-32893
Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, a Reflected Cross-Site Scripting XSS vulnerability in the exercise question list admin panel allows an attacker to execute arbitrary JavaScript in an authenticated teacher's browser. The pagination code merges all $GET parameters v...
CVE-2026-32196
Improper neutralization of input during web page generation 'cross-site scripting' in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network...
EUVD-2026-22973
A vulnerability in Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials. This vulnerabilit...
EUVD-2026-22963
A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to perform path traversal attacks on the underlying operating system and read arbitrary files. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is...
Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: tomcat10: tomcat10-10.1.54-1.hum1 noarch tomcat10-admin-webapps-10.1.54-1.hum1 noarch tomcat10-common-10.1.54-1.hum1 noarch tomcat10-docs-webapp-10.1.54-1.hum1 noarch...
CVE-2026-20180
A vulnerability in Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials. This vulnerabilit...
CVE-2026-20078
Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker must have valid administrative credentials. These vulnerabilities are due to improper sanitization o...
CVE-2026-20203
In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a low-privileged user that does not hold the admin or power Splunk roles, has write permission on...
CVE-2026-20180
Cisco Identity Services Engine (ISE) contains a remote code execution vulnerability (CVE-2026-20180) that can be exploited by an authenticated attacker with at least Read Only Admin credentials. The issue stems from insufficient validation of user-supplied input, allowing a crafted HTTP request t...
CVE-2026-20186 Cisco Identity Services Engine Multiple Authenticated Remote Code Execution Vulnerability
A vulnerability in Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials. This vulnerabilit...