71101 matches found
Fedora 43 : python-django5 (2026-f140cb16b6)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-f140cb16b6 advisory. Fixes five low-severity CVEs - CVE-2026-6873: Signed cookie salt namespace collision - CVE-2026-7666: Potential unencrypted email transmission via...
PT-2026-49146
Name of the Vulnerable Software and Affected Versions Moovit Bus & Public Transit App version 1.18 Description A flaw in the com.tranzmate component of the Android application allows for improper authorization within the handler for custom URL schemes. This issue requires local execution to...
SUSE SLES12 Security Update : google-osconfig-agent (SUSE-SU-2026:2347-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2347-1 advisory. This update for google-osconfig-agent fixes the following issue - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improp...
CVE-2026-1291
The Meow Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the REST API endpoint /wp-json/meow-gallery/v1/saveshortcode in all versions up to, and including, 5.4.4 This makes it possible for authenticated attackers, with...
BIT-GITLAB-2026-6269 Incorrect Authorization in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to modify hidden merge requests due to incorrect...
BIT-GITLAB-2026-3553 Incorrect Authorization in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.0 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to access confidential issue details due to incorrect authorization checks...
CVE-2026-1291 Meow Gallery <= 5.4.4 - Missing Authorization to Authenticated (Author+) Shortcode creation
The Meow Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the REST API endpoint /wp-json/meow-gallery/v1/saveshortcode in all versions up to, and including, 5.4.4 This makes it possible for authenticated attackers, with...
CVE-2026-2470
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 2.0.9. This is due to the pagelayersavecontent AJAX handler allowing users with basic post-edit capability to persist...
CVE-2026-2470 Pagelayer <= 2.0.9 - Incorrect Authorization to Authenticated (Contributor+) Mail Relay Configuration via 'contacts'
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 2.0.9. This is due to the pagelayersavecontent AJAX handler allowing users with basic post-edit capability to persist...
CVE-2026-2470 Pagelayer <= 2.0.9 - Incorrect Authorization to Authenticated (Contributor+) Mail Relay Configuration via 'contacts'
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 2.0.9. This is due to the pagelayersavecontent AJAX handler allowing users with basic post-edit capability to persist...
EUVD-2026-36647
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 2.0.9. This is due to the pagelayersavecontent AJAX handler allowing users with basic post-edit capability to persist...
CVE-2026-2470
The CVE concerns the WordPress Page Builder: Pagelayer plugin (
EUVD-2026-36603
An authorization flaw in MISP’s object add/edit handling allowed an authenticated user with object editing permissions to assign a MISP object, or attributes contained within an object, to a sharing group that the user was not authorized to use or view. When editing objects, the sharing group...
EUVD-2026-36621
OpenClaw before 2026.4.29 contains an authorization bypass vulnerability in the QQBot streaming command that allows authenticated senders to mutate configuration without explicit allowFrom restrictions. Attackers can modify QQBot streaming configuration outside intended admin policy by reaching t...
EUVD-2026-36622
OpenClaw before 2026.4.27 contains an authorization bypass vulnerability in QQBot pre-dispatch slash commands that allows authenticated senders to skip allowFrom policy checks. Attackers can invoke slash commands before configured access control policies are applied, potentially triggering comman...
EUVD-2026-36616
OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in native command handling that allows authenticated senders to execute owner-only commands without proper policy enforcement. Attackers can trigger native command handling to bypass the configured owner-command access contro...
PT-2026-49084
Name of the Vulnerable Software and Affected Versions Page Builder: Pagelayer versions prior to 2.1.0 Description Incorrect Authorization exists in the Page Builder: Pagelayer plugin. The pagelayer save content AJAX handler allows users with basic post-edit capabilities to persist pagelayer conta...
kiro-cybersecurity-skills
CyberSecurity Skills A collection of 15 security workflows co...
Updated cups packages fix security vulnerabilities
CVE-2026-27447, Authorization bypass via case-insensitive group-member lookup. CVE-2026-39314, Integer underflow in ppdCreateFromIPP causes root cupsd crash via negative job-password-supported CVE-2026-39316, Use-after-free in cupsdDeleteTemporaryPrinters via dangling subscription pointer...
MGASA-2026-0201 Updated cups packages fix security vulnerabilities
CVE-2026-27447, Authorization bypass via case-insensitive group-member lookup. CVE-2026-39314, Integer underflow in ppdCreateFromIPP causes root cupsd crash via negative job-password-supported CVE-2026-39316, Use-after-free in cupsdDeleteTemporaryPrinters via dangling subscription pointer...