3464 matches found
GNUnet P2P Framework 0.26.2
GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP IPv4 and IPv6, TCP IPv4 and IPv6, HTTP, o...
Drupal Core - Anonymous SQL Injection via PostgreSQL Entity Query
Drupal core from 8.9.0 before 10.4.10, 10.5.0 before 10.5.10, 10.6.0 before 10.6.9, 11.0.0 before 11.1.10, 11.2.0 before 11.2.12, and 11.3.0 before 11.3.10 contains an SQL injection caused by improper neutralization of special elements in SQL commands, letting attackers execute arbitrary SQL...
Microsoft FrontPage Extensions - Information Disclosure
Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /vtibin/ virtual directory. id: CVE-2000-0114 info: name: Microsoft FrontPage Extensions - Information Disclosure author: r3naissance,matejsmycka severity...
MiracleLinux 8 : cups-2.2.6-68.el8_10 (AXSA:2026-1240:09)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-1240:09 advisory. cups: OpenPrinting CUPS: Shared PostScript queue lets anonymous Print-Job requests reach lp code execution over the network CVE-2026-34980 Tenable has...
CVE-2026-49256
Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, restricted tag and tag-group names attached to publicly readable categories as allowedtags, allowedtaggroups, or required tag groups could leak to anonymous and unauthorized users through categor...
AlmaLinux 8 : cups (ALSA-2026:36733)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:36733 advisory. cups: OpenPrinting CUPS: Shared PostScript queue lets anonymous Print-Job requests reach lp code execution over the network CVE-2026-34980 Tenable has extracted t...
RHEL 8 : cups (RHSA-2026:36733)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:36733 advisory. The Common UNIX Printing System CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. Security Fixes: cups:...
PT-2026-56997
Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.6.0 Discourse versions prior to 2026.5.1 Discourse versions prior to 2026.4.2 Discourse versions prior to 2026.1.5 Description Restricted tag and tag-group names attached to publicly readable categories as...
RockyLinux 8 : cups (RLSA-2026:36733)
The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:36733 advisory. cups: OpenPrinting CUPS: Shared PostScript queue lets anonymous Print-Job requests reach lp code execution over the network CVE-2026-34980 Tenable has extracted...
Moderate: Red Hat Security Advisory: cups security update
An update for cups is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...
PYSEC-2026-1689 Nautobot may allows uploaded media files to be accessible without authentication
Impact Files uploaded by users to Nautobot's MEDIAROOT directory, including DeviceType image attachments as well as images attached to a Location, Device, or Rack, are served to users via a URL endpoint that was not enforcing user authentication. As a consequence, such files can be retrieved by...
PYSEC-2026-2076 Access control vulnerable to user data deletion by anonynmous users
Impact Anonymous users can delete the user data maintained by an AccessControl.userfolder.UserFolder which may prevent any privileged access. Patches The problem is fixed in version 7.2. Workarounds The problem can be fixed by adding dataroles = to AccessControl.userfolder.UserFolder. References...
PYSEC-2026-1687 Unauthenticated views may expose information to anonymous users
Impact A number of Nautobot URL endpoints were found to be improperly accessible to unauthenticated anonymous users, including the following: - /api/graphql/ 1 - /api/users/users/session/ Nautobot 2.x only; the only information exposed to an anonymous user is which authentication backend classes...
PYSEC-2026-1494 Kinto Attachment's attachments can be replaced on read-only records
Impact The attachment file of an existing record can be replaced if the user has "read" permission on one of the parent collection or bucket. And if the "read" permission is given to "system.Everyone" on one of the parent, then the attachment can be replaced on a record using an anonymous request...
Linux Distros Unpatched Vulnerability : CVE-2025-71385
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netdata before 2.3.1 reflects the user-supplied love query parameter of the api/v2/ilove.svg and api/v3/ilove.svg endpoints verbatim into the generated SVG...
CVE-2025-71385
Netdata before 2.3.1 reflects the user-supplied love query parameter of the api/v2/ilove.svg and api/v3/ilove.svg endpoints verbatim into the generated SVG document into a text element without HTML or XML escaping, and serves the response with Content-Type image/svg+xml. An attacker can craft a U...
EUVD-2025-210409
Netdata before 2.3.1 reflects the user-supplied love query parameter of the api/v2/ilove.svg and api/v3/ilove.svg endpoints verbatim into the generated SVG document into a text element without HTML or XML escaping, and serves the response with Content-Type image/svg+xml. An attacker can craft a U...
CVE-2025-71385
Netdata before 2.3.1 reflects the user-supplied love query parameter of the api/v2/ilove.svg and api/v3/ilove.svg endpoints verbatim into the generated SVG document into a text element without HTML or XML escaping, and serves the response with Content-Type image/svg+xml. An attacker can craft a U...
PT-2026-55285
Name of the Vulnerable Software and Affected Versions Netdata versions prior to 2.3.1 Description Reflected cross-site scripting occurs when the application reflects the user-supplied love query parameter of the 'api/v2/ilove.svg' and 'api/v3/ilove.svg' endpoints verbatim into a generated SVG...
EUVD-2026-40442
Capgo before 12.128.2 lacks an UPDATE row-level security policy for the buildrequests table, preventing API-key and anonymous access from persisting builder status updates. Attackers can exploit this missing policy to cause build status and error details to remain unpersisted, leaving buildreques...