Joomla! Component Address Book 1.5.0 - Local File Inclusion

A directory traversal vulnerability in the AddressBook comaddressbook component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1471 info: name: Joomla! Component Address Book 1.5.0 - Local File Inclusion...

waf-engine

WAF & SOAR Engine A cloud-native Web Application Firewall and...

W&B Weave Server - Remote Arbitrary File Leak

The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin. id:...

epa4all-client 信任管理问题漏洞

epa4all-client is an open-source document writing client tool developed by Oviva AG. Versions of epa4all-client prior to version 1.2.2 contained a vulnerability related to trust management. This vulnerability allowed attackers to present arbitrary TLS certificates on the network path and intercep...

Ubuntu 20.04 LTS : Linux kernel (GCP) vulnerabilities (USN-8297-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8297-1 advisory. Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission chec...

CVE-2026-9393 H3C Magic B0 aspForm Edit_BasicSSID_5G buffer overflow

A vulnerability was found in H3C Magic B0 up to 100R002. This affects the function EditBasicSSID5G of the file /goform/aspForm. Performing a manipulation of the argument param results in buffer overflow. The attack may be initiated remotely. The exploit has been made public and could be used. The...

SUSE CVE-2023-53526

In the Linux kernel, the following vulnerability has been resolved: jbd2: check 'jh-btransaction' before removing it from checkpoint Following process will corrupt ext4 image: Step 1: jbd2journalcommittransaction jbd2journalinsertcheckpointjh, committransaction // Put jh into trans1-tcheckpointli...

GHSA-5HHF-XMFX-4VVR epa4all-client: TLS Certificate Validation Disabled in Production

Impact An attacker on the network path between the ePA service and the Konnektor can present any TLS certificate self-signed, expired, wrong CN and intercept all SOAP traffic. This includes patient identifiers KVNR, SMC-B card operations authentication, signing, document content, and credential...

EUVD-2026-30106

An arbitrary File Read and Delete Vulnerability in Palo Alto Networks WildFire® WF-500 and WF-500-B appliances enables users to read sensitive information and delete arbitrary files. This vulnerability affects WF-500 and WF-500-B appliances running in the default non-FIPS configuration mode. The...

EUVD-2026-30013

In the Linux kernel, the following vulnerability has been resolved: drm/i915/vrr: Configure VRR timings after enabling TRANSDDIFUNCCTL Apparently ICL may hang with an MCE if we write TRANSVRRVMAX/FLIPLINE before enabling TRANSDDIFUNCCTL. Personally I was only able to reproduce a hang on an Dell X...

EUVD-2026-29932

Successfully using libcurl to do a transfer over a specific HTTP proxy proxyA with Digest authentication and then changing the proxy host to a second one proxyB for a second transfer, reusing the same handle, makes libcurl wrongly pass on the Proxy-Authorization: header field meant for proxyA, to...

CVE-2026-0259

An arbitrary File Read and Delete Vulnerability in Palo Alto Networks WildFire® WF-500 and WF-500-B appliances enables users to read sensitive information and delete arbitrary files. This vulnerability affects WF-500 and WF-500-B appliances running in the default non-FIPS configuration mode. The...

CVE-2026-0259 WildFire WF-500 and WF-500-B: Arbitrary File Read and Delete Vulnerability in WildFire Appliance (WF-500, WF-500-B)

An arbitrary File Read and Delete Vulnerability in Palo Alto Networks WildFire® WF-500 and WF-500-B appliances enables users to read sensitive information and delete arbitrary files. This vulnerability affects WF-500 and WF-500-B appliances running in the default non-FIPS configuration mode. The...

CVE-2026-0259

CVE-2026-0259 affects Palo Alto Networks WildFire Appliance WF-500 and WF-500-B operating in the default non-FIPS configuration. It enables an arbitrary File Read and Delete vulnerability over the network, allowing access to sensitive information and deletion of arbitrary files. Impact is describ...

CVE-2026-7168

Successfully using libcurl to do a transfer over a specific HTTP proxy proxyA with Digest authentication and then changing the proxy host to a second one proxyB for a second transfer, reusing the same handle, makes libcurl wrongly pass on the Proxy-Authorization: header field meant for proxyA, to...

ELECOM多款产品 安全漏洞

ELECOM WRC-BE72XSD-B is a wireless router produced by the ELECOM company. Several ELECOM products have security vulnerabilities. This vulnerability stems from the ability to access specific URLs without authentication, which may allow devices to be operated without proper authorization. The...

Palo Alto Networks WildFire 安全漏洞

Palo Alto Networks WildFire is a cloud-based malware analysis and threat intelligence platform provided by Palo Alto Networks. There is a security vulnerability in Palo Alto Networks WildFire, which stems from arbitrary file reading and deletion capabilities. This vulnerability may allow users to...

CVE-2026-43912

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, Vaultwarden does not enforce that a groupsusers.usersorganizationsuuid entry belongs to the same organization as groups.groupsuuid, or a collectionsgroups.collectionsuuid entry belongs to the same organization as...

CVE-2026-43912

Vaultwarden (Rust) is affected prior to version 1.35.5 by a cross-organization group binding flaw. The vulnerability arises because groups_users.users_organizations_uuid and collections_groups.collections_uuid can be linked to mismatched organizations, and multiple organization group-management e...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux

In the Linux kernel, the following vulnerability has been resolved: nilfs2: Fix potential null-ptr-deref in nilfsbtreeinsert The patch series “nilfs2: Fix potential issues with empty b-tree nodes” addresses three potential issues with empty b-tree nodes that can occur with corrupted filesystem...