57420 matches found
CVE-2026-24742
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderators can view sensitive information in staff action logs that should be restricted to administrators only. The exposed information includes webhook payload URLs and...
CVE-2026-24742 Discourse staff action logs expose sensitive information to moderators
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderators can view sensitive information in staff action logs that should be restricted to administrators only. The exposed information includes webhook payload URLs and...
CVE-2020-36968
M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to retrieve user password hashes through an administrative API endpoint. Attackers can send requests to the /api/1/admin/users/list and /api/1/admin/users/get endpoints to extract MD5 password hashes for al...
CVE-2020-36968
M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to retrieve user password hashes through an administrative API endpoint. Attackers can send requests to the /api/1/admin/users/list and /api/1/admin/users/get endpoints to extract MD5 password hashes for al...
EUVD-2020-30882
M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to retrieve user password hashes through an administrative API endpoint. Attackers can send requests to the /api/1/admin/users/list and /api/1/admin/users/get endpoints to extract MD5 password hashes for al...
Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update
An update is now available for Red Hat Ansible Automation Platform 2.5 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
Malicious Package
Overview api-cache-worker is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Operation on a Resource after Expiration or Release
Overview Affected versions of this package are vulnerable to Operation on a Resource after Expiration or Release in the macaroon validation for cross-model authorization. An attacker can maintain unauthorized access to resources by crafting and submitting an invalid macaroon that is incorrectly...
urllib3: urllib3 Streaming API improperly handles highly compressed data
A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...
urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)
urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...
BurpSuitePro
Burp Suite Bambda Scripts - Vulnerability Testing Toolkit v2.0...
Malicious Package
Overview ern-picking2-api is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in ern-picking2-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4cdd28d37200aac1cd5fc446acddca1c77227c48fbccf070f31a765422439184 The package ern-picking2-api was found to contain malicious code. Source: ghsa-malware 6d206018d9dd4cfb8e95bc0197ea0db4d442ee3b16f5209a2b452bc203dc8d...
MAL-2026-569 Malicious code in ern-picking2-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4cdd28d37200aac1cd5fc446acddca1c77227c48fbccf070f31a765422439184 The package ern-picking2-api was found to contain malicious code. Source: ghsa-malware 6d206018d9dd4cfb8e95bc0197ea0db4d442ee3b16f5209a2b452bc203dc8d...
CVE-2026-0832 New User Approve <= 3.2.2 - Missing Authorization to Unauthenticated Arbitrary User Approval, Denial, and Information Disclosure
The New User Approve plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple REST API endpoints in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to approve or deny use...
CVE-2026-24477
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. If AnythingLLM prior to version 1.10.0 is configured to use Qdrant as the vector database with an API key, this QdrantApiKey could be exposed in plain text to unauthenticate...
SUSE CVE-2026-22987
In the Linux kernel, the following vulnerability has been resolved: net/sched: actapi: avoid dereferencing ERRPTR in tcfidrinfodestroy syzbot reported a crash in tcactinhw during netns teardown where tcfidrinfodestroy passed an ERRPTR-EBUSY value as a tcaction pointer, leading to an invalid...
Tildeslash M/Monit Security Vulnerability
Tildeslash M/Monit is a server monitoring and management tool developed by Tildeslash Inc. Version 3.7.4 of Tildeslash M/Monit contains a security vulnerability. This vulnerability stems from an authentication flaw in the management API endpoints, which could lead to the retrieval of user passwor...
PT-2026-5218
Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 0.301.0 Description An authenticated user with org-level-creator permissions can exploit prototype pollution in the /api/v2/meta/connection/test endpoint. This causes all database write operations to fail...
PT-2026-5067
Name of the Vulnerable Software and Affected Versions New User Approve plugin for WordPress versions up to and including 3.2.2 Description The New User Approve plugin for WordPress is susceptible to unauthorized data access and modification. This is due to a missing capability check on multiple...