CVE-2026-20042 Cisco Nexus Dashboard Configuration REST API Unauthorized Access Vulnerability

A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or Config-only backup files to access sensitive information. This vulnerability exists because authentication details are included in the encrypt...

CVE-2026-5175

Improper access control in the multi-factor authentication MFA management API in Devolutions Server allows an authenticated attacker to delete their own configured MFA factors and reduce account protection to password-only authentication via crafted HTTP requests. This issue affects Server: from...

CVE-2026-4927

Exposure of sensitive information in the users MFA feature in Devolutions Server allows users with user management privileges to obtain other users OTP keys via an authenticated API request. This issue affects Server: from 2026.1.6 through 2026.1.11...

CVE-2026-5175

Improper access control in the multi-factor authentication MFA management API in Devolutions Server allows an authenticated attacker to delete their own configured MFA factors and reduce account protection to password-only authentication via crafted HTTP requests. This issue affects Server: from...

UBUNTU-CVE-2026-24096

Insufficient permission validation on multiple REST API Quick Setup endpoints in Checkmk 2.5.0 beta before version 2.5.0b2 and 2.4.0 before version 2.4.0p25 allows low-privileged users to perform unauthorized actions or obtain sensitive information...

CLEANSTART-2026-IS43446 Security fixes for ghsa-25qh-j22f-pwp8, ghsa-389x-839f-4rhx, ghsa-3p8m-j85q-pgmj, ghsa-4g8c-wm8x-jfhw, ghsa-5jpm-x58v-624v, ghsa-72hv-8253-57qq, ghsa-84h7-rjj3-6jx4, ghsa-fghv-69vj-qj49, ghsa-jq43-27x9-3v86, ghsa-pwqr-wmgm-9rr8, ghsa-qqpg-mvqg-649v, ghsa-w9fj-cfpg-grvv, ghsa-xq3w-v528-46rv applied in versions: 0.1.109-r0, 0.1.109-r1, 0.1.111-r2

Multiple security vulnerabilities affect the management-api-for-apache-cassandra-5.0 package. These issues are resolved in later releases. See references for individual vulnerability details...

BIT-GRAFANA-2026-27880 OpenFeature evaluation API reads input data with no bounds

The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes...

CVE-2026-30878

baserCMS is a website development framework. Prior to version 5.2.3, a public mail submission API allows unauthenticated users to submit mail form entries even when the corresponding form is not accepting submissions. This bypasses administrative controls intended to stop form intake and enables...

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in the Background Fetch API in Google Chrome prior to 144.0.7559.110 allowed a remote attacker to leak cross-origin data through a crafted HTML page. Chromium security severity: High...

PT-2026-29563

Name of the Vulnerable Software and Affected Versions Cisco Smart Software Manager On-Prem versions 9-202502 through 9-202510 Description A vulnerability in Cisco Smart Software Manager On-Prem SSM On-Prem allows an unauthenticated, remote attacker to execute arbitrary commands on the underlying...

PT-2026-29540

Exposure of sensitive information in the users MFA feature in Devolutions Server allows users with user management privileges to obtain other users OTP keys via an authenticated API request. This issue affects Server: from 2026.1.6 through 2026.1.11...

PT-2026-29562

Cisco Evolved Programmable Network Manager Improper Authorization Vulnerability CVE: CVE-2026-20155 PT ID: PT-2026-29562 Vendor: Cisco Product: Cisco Evolved Programmable Network Manager EPNM CVSS: 8.0 Credits: n/a Description: A vulnerability in the web-based management interface of Cisco Evolve...

PT-2026-29542

Improper access control in the multi-factor authentication MFA management API in Devolutions Server allows an authenticated attacker to delete their own configured MFA factors and reduce account protection to password-only authentication via crafted HTTP requests. This issue affects Server: from...

SiYuan: Unauthenticated Access to Password-Protected Bookmarks via /api/bookmark/getBookmark

Summary The publish service exposes bookmarked blocks from password-protected documents to unauthenticated visitors. In publish/read-only mode, /api/bookmark/getBookmark filters bookmark results by calling FilterBlocksByPublishAccessnil, .... Because the filter treats a nil context as authorized,...

SUSE CVE-2026-20643

A cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security Improvements for iOS, iPadOS, and macOS, Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously...

Nautobot: Management of users via REST API does not apply configured password validators

Impact In Nautobot versions prior to 2.4.30 or prior to 3.0.10, user creation and editing via the REST API fails to apply the password validation rules defined by Django's AUTHPASSWORDVALIDATORS setting which defaults to an empty list, i.e., no specific rules, but can be configured in Nautobot's...

CVE-2026-32275

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. From version 1.3.10 to before version 2.17.0, an unsanitized JSONP callback parameter allows cross-origin script injection and API key theft. This issue has been patched in version 2.17.0...

EUVD-2026-17267

baserCMS Path Traversal Leads to Arbitrary File Write and RCE via Theme File API...

baserCMS Path Traversal Leads to Arbitrary File Write and RCE via Theme File API

Summary A path traversal vulnerability exists in the baserCMS 5.x theme file management API /baser/api/admin/bc-theme-file/themefiles/add.json that allows arbitrary file write. An authenticated administrator can include ../ sequences in the path parameter to create a PHP file in an arbitrary...

GHSA-C5C6-37VQ-PJCQ baserCMS Path Traversal Leads to Arbitrary File Write and RCE via Theme File API

Summary A path traversal vulnerability exists in the baserCMS 5.x theme file management API /baser/api/admin/bc-theme-file/themefiles/add.json that allows arbitrary file write. An authenticated administrator can include ../ sequences in the path parameter to create a PHP file in an arbitrary...