GNUnet P2P Framework 0.26.2

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP IPv4 and IPv6, TCP IPv4 and IPv6, HTTP, o...

CVE-2026-1606

CVE-2026-1606 affects GitLab CE/EE (versions 14.8–before 18.11.6, 19.0–before 19.0.3, 19.1–before 19.1.1). The issue stems from improper input validation and could allow an authenticated user to conceal content within a Snippet. The CVSSv3.1 vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N ...

CVE-2026-3176

GitLab EE contained a vulnerability CVE-2026-3176 where an authenticated user with limited permissions could access project information due to insufficient authorization checks. Affected releases: GitLab EE 18.6 up to but not including 18.11.6; 19.0 up to but not including 19.0.3; 19.1 up to but ...

CVE-2026-5309

GitLab EE fixed an authorization bypass (CVE-2026-5309) affecting all GitLab EE versions 18.6 before 18.11.6 , 19.0 before 19.0.3 , and 19.1 before 19.1.1 . Under certain conditions, an authenticated user could read or modify another group’s virtual registry cleanup policy settings without author...

CVE-2026-2508

CVE-2026-2508 affects the Gravity Forms Booking plugin for WordPress, all versions up to and including 2.7.1. The vulnerability is a time-based SQL Injection via the 'staff_id' parameter caused by insufficient escaping and lack of proper query preparation. Authenticated attackers with Subscriber-...

CVE-2026-12079

The CVE-2026-12079 entry concerns the Dokan Pro WordPress plugin. A time‑based SQL Injection exists via the 'orderby' parameter in all versions up to 5.0.4, caused by insufficient escaping of the user‑supplied value and inadequate SQL query preparation. Authenticated users with Subscriber‑level a...

CVE-2026-8658

OS Command Injection vulnerability in Rapid7 InsightConnect Tcpdump Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the options or filter parameters due to insufficient input sanitization in shell command construction...

EUVD-2026-39163

OS Command Injection vulnerability in Rapid7 InsightConnect Tcpdump Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the options or filter parameters due to insufficient input sanitization in shell command construction...

CVE-2026-8662

Path Traversal vulnerability in the createarchive function of Rapid7 InsightConnect Compression Plugin on Linux allows authenticated attackers to write to unintended file paths via crafted filename input. The impact is limited to file corruption as content cannot be controlled by the attacker...

EUVD-2026-39162

Path Traversal vulnerability in the createarchive function of Rapid7 InsightConnect Compression Plugin on Linux allows authenticated attackers to write to unintended file paths via crafted filename input. The impact is limited to file corruption as content cannot be controlled by the attacker...

CVE-2026-8664

OS Command Injection vulnerability in Rapid7 InsightConnect Finger Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the user or host parameters due to insufficient input validation in shell command construction...

EUVD-2026-39113

ATEN Unizon uploadSSL Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The specific flaw exists within the uploadSSL...

EUVD-2026-39112

ATEN Unizon updateLicense Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

EUVD-2026-39109

Unraid Web Server ToggleState Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability. The specific flaw exists within ToggleState.php...

EUVD-2026-39155

Arbitrary File Read vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to read arbitrary files via the expression parameter due to insufficient input validation...

EUVD-2026-39154

Arbitrary File Write vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to write attacker-controlled content to arbitrary file paths via the expression parameter...

CVE-2026-8659

CVE-2026-8659 describes an OS command injection in Rapid7 InsightConnect SQLmap Plugin on Linux. An authenticated attacker can execute arbitrary OS commands via api_host or api_port during connection configuration due to insufficient input validation. CVSSv3.1 base score 6.0 (MEDIUM); attack vect...

CVE-2026-9778

CVE-2026-9778 affects ATEN Unizon via the ImportDeviceList directory traversal path validation flaw, enabling remote code execution. The issue allows code execution in the SYSTEM context and requires authentication to exploit. The CVSSv3.0 base score is 7.2 (HIGH) with network access, low attack ...

CVE-2026-9773

CVE-2026-9773 affects Unraid Web Server, specifically ToggleState.php, where unsafely used user-supplied input in a system call enables remote code execution. The vulnerability allows an attacker with authentication to execute arbitrary code with the www-data user context. The CVSS v3.0 base scor...

CVE-2026-55762

Rocket.Chat CVE-2026-55762 concerns an unauthenticated mis-authorization on POST /api/v1/fingerprint. Prior to fixed versions, authenticated users could call the endpoint with {"setDeploymentAs": "new-workspace"} to permanently deregister the workspace from Rocket.Chat Cloud, wiping cloud credent...