CVE-2026-39449

Unauthenticated Cross Site Scripting XSS in Contact Form to Any API = 3.0.3 versions...

@bicou/directus-extension-imagga (>=1.6.3 <=1.6.6), @deconz-community/directus-extension-ddf-store (=0.1.0) +7 more potentially affected by CVE-2026-26185 via @directus/api (>=10.0.0 <=32.1.1)

@directus/api NPM version =10.0.0, =1.6.3, =1.2.2, =10.0.0, =1.0.0, =2.0.0 - directus-extension-blog-year-filter =1.0.0 Source cves: CVE-2026-26185 Source advisory: OSV:GHSA-JR94-GJ3H-C8RF...

CVE-2026-0713

...

CVE-2026-0713

...

CVE-2026-0713

The Red Hat/CIRCL/EUVD/PTSecurity entries confirm a security issue in Grafana’s API at /apis/dashboard.grafana.app/* affecting all API versions (v0alpha1, v1alpha1, v2alpha1). Root cause: authenticated users can bypass dashboard and folder permissions, allowing Viewer role to access all dashboard...

CVE-2025-66573

Solstice Pod API version 5.5, 6.2 contains an unauthenticated API endpoint /api/config that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the policy evaluation process when egress.toGroups.aws.securityGroupsIds references AWS security group IDs that do not exist or are not attached to any network interface. An attacker can gain broader outbound...

@bicou/directus-extension-imagga (>=1.6.3 <=1.6.6), @deconz-community/directus-extension-ddf-store (=0.1.0) +7 more potentially affected by CVE-2025-64749 via @directus/api (>=10.0.0 <=31.0.0)

@directus/api NPM version =10.0.0, =1.6.3, =1.2.2, =10.0.0, =1.0.0, =2.0.0 - directus-extension-blog-year-filter =1.0.0 Source cves: CVE-2025-64749 Source advisory: OSV:GHSA-CPH6-524F-3HGR...

SUSE CVE-2025-40104

In the Linux kernel, the following vulnerability has been resolved: ixgbevf: fix mailbox API compatibility by negotiating supported features There was backward compatibility in the terms of mailbox API. Various drivers from various OSes supporting 10G adapters from Intel portfolio could easily...

CVE-2025-40104 ixgbevf: fix mailbox API compatibility by negotiating supported features

In the Linux kernel, the following vulnerability has been resolved: ixgbevf: fix mailbox API compatibility by negotiating supported features There was backward compatibility in the terms of mailbox API. Various drivers from various OSes supporting 10G adapters from Intel portfolio could easily...

EUVD-2025-20462

Malicious code in bioql PyPI...

CVE-2025-32918

Improper neutralization of Livestatus command delimiters in autocomplete endpoint within the RestAPI of Checkmk versions 2.4.0p6, 2.3.0p35, 2.2.0p44, and 2.1.0 EOL allows an authenticated user to inject arbitrary Livestatus commands...

GHSA-3PX7-C4J3-576R Grafana vulnerable to authenticated users bypassing dashboard, folder permissions

A security vulnerability in the /apis/dashboard.grafana.app/ endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions v0alpha1, v1alpha1, v2alpha1. Impact: - Viewers can view all dashboards/folders regardless of permissions -...

CVE-2025-3260

A security vulnerability in the /apis/dashboard.grafana.app/ endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions v0alpha1, v1alpha1, v2alpha1. Impact: - Viewers can view all dashboards/folders regardless of permissions -...

CVE-2024-10553

A vulnerability in the h2oai/h2o-3 REST API versions 3.46.0.4 allows unauthenticated remote attackers to execute arbitrary code via deserialization of untrusted data. The vulnerability exists in the endpoints POST /99/ImportSQLTable and POST /3/SaveToHiveTable, where user-controlled JDBC URLs are...

@directus/api (>=16.0.0 <=19.2.0), directus (>=10.9.0 <=10.11.2) +3 more potentially affected by CVE-2024-39895 via @directus/env (>=1.0.0 <=1.1.5)

@directus/env NPM version =1.0.0, =16.0.0, =10.9.0, =1.2.0, =10.10.4, =18.2.1-q1, =19.0.3-quantum.2 Source cves: CVE-2024-39895 Source advisory: OSV:GHSA-7HMH-PFRP-VCX4...

PT-2024-25818 · Unknown · Spacemesh Api +1

Name of the Vulnerable Software and Affected Versions: go-spacemesh versions prior to 1.5.2-hotfix1 Spacemesh API versions prior to 1.37.1 Description: The issue allows nodes to publish activations transactions ATXs that reference an incorrect previous ATX of the Smesher that created the ATX. Thi...

Grafana Security Vulnerabilities

Grafana is Grafana open source set of open source monitoring tools that provide a visual monitoring interface . The tool is mainly used to monitor and analyze Graphite, InfluxDB and Prometheus. Grafana has a security vulnerability that stems from the presence of a mismanagement of permissions...

CVE-2023-23298

The Toybox.Graphics.BufferedBitmap.initialize API method in CIQ API version 2.3.0 through 4.1.7 does not validate its parameters, which can result in integer overflows when allocating the underlying bitmap buffer. A malicious application could call the API method with specially crafted parameters...

biz.netcentric.cq.tools.accesscontroltool:accesscontroltool-bundle (>=3.6.0 <=4.2.1), biz.netcentric.cq.tools.accesscontroltool:maximum-environment (>=2.5.4 <=3.6.2) +440 more potentially affected by CVE-2022-32549 via org.apache.sling:org.apache.sling.api (>=2.0.2-incubator <=2.25.0)

org.apache.sling:org.apache.sling.api MAVEN version =2.0.2-incubator, =3.6.0, =2.5.4, =3.0.0, =4.2.0, =1.0.0, =1.0.0, =0.0.1, =0.1.0, =2012.12.01, =2012.12.01, =0.0.4, =4.0.4 - com.adobe.aem:aem-sdk-api =2020.6.3800.20200626T210738Z-200604 - com.adobe.commerce.cif:core-cif-components-it-http =1.2...