20368 matches found
CVE-2026-39587
CVE-2026-39587 affects WordPress WP BASE Booking plugin versions
gstreamer-plugins-base and gstreamer-plugins-good security update
gstreamer-plugins-base 0.10.36-10.0.1 - Security update CVE-2026-2921 Orabug: 39201593 gstreamer-plugins-good 0.10.31-13.0.1 - Security update for CVE-2026-3083 CVE-2026-3085 Orabug: 39199326...
PT-2026-49271
A heap use-after-free in the gf node get tag function scenegraph/base scenegraph.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...
PT-2026-49403
Unauthenticated Privilege Escalation in WP BASE Booking = 5.9.0 versions...
Debian dla-4628 : linux-base - security update
The remote Debian 12 host has a package installed that is affected by a vulnerability as referenced in the dla-4628 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4628-1 [email protected] https://www.debian.org/lts/security/ B...
valkey security update
An update is available for valkey. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Valkey is an advanced key-value store. It is often referred to as a data...
CVE-2026-54394
MISP contains a path traversal vulnerability in OrganisationsController::getOrgLogo. The vulnerable code builds organisation logo file paths using organisation-controlled fields such as id, name, and uuid without ensuring that the resolved file remains inside the intended APP/files/img/orgs/...
CVE-2026-54394 MISP organisation logo path traversal allows retrieval of arbitrary PNG/SVG files
MISP contains a path traversal vulnerability in OrganisationsController::getOrgLogo. The vulnerable code builds organisation logo file paths using organisation-controlled fields such as id, name, and uuid without ensuring that the resolved file remains inside the intended APP/files/img/orgs/...
CVE-2026-54394 MISP organisation logo path traversal allows retrieval of arbitrary PNG/SVG files
MISP contains a path traversal vulnerability in OrganisationsController::getOrgLogo. The vulnerable code builds organisation logo file paths using organisation-controlled fields such as id, name, and uuid without ensuring that the resolved file remains inside the intended APP/files/img/orgs/...
EUVD-2026-36563
MISP contains a path traversal vulnerability in OrganisationsController::getOrgLogo. The vulnerable code builds organisation logo file paths using organisation-controlled fields such as id, name, and uuid without ensuring that the resolved file remains inside the intended APP/files/img/orgs/...
GHSA-J9GF-VW2F-9HRW Appsmith: Configuration-dependent origin validation bypass in password reset and email verification link generation
Summary A configuration-dependent origin validation bypass was identified in Appsmith’s password reset and email verification flows on current release. Both flows derive the email-link base URL from the request Origin header. The current validation only enforces a trusted base URL when...
Appsmith: Configuration-dependent origin validation bypass in password reset and email verification link generation
Summary A configuration-dependent origin validation bypass was identified in Appsmith’s password reset and email verification flows on current release. Both flows derive the email-link base URL from the request Origin header. The current validation only enforces a trusted base URL when...
Budibase: Basic app users can exfiltrate stored REST datasource auth by rewriting datasource base URL
Summary Budibase stores external REST datasource credentials server-side and documents that database credentials are applied server-side and are not exposed in the UI. The REST datasource implementation redacts stored Basic/Bearer/OAuth2 auth secrets before returning datasource data to clients...
GHSA-X4R9-GMW3-HXWW GeoServer has a Server-Side Request Forgery (SSRF) Vulnerability in its XML Entity Resolution
Summary A GeoServer that uses ENTITYRESOLUTIONALLOWLIST may allow attacker to perform unauthenticated Server-Side Request Forgery SSRF. Details This vulnerability requires that GeoServer is set up to use a proxy base URL and the ENTITYRESOLUTIONALLOWLIST default since 2.25.0: Impact This...
GeoServer has a Server-Side Request Forgery (SSRF) Vulnerability in its XML Entity Resolution
Summary A GeoServer that uses ENTITYRESOLUTIONALLOWLIST may allow attacker to perform unauthenticated Server-Side Request Forgery SSRF. Details This vulnerability requires that GeoServer is set up to use a proxy base URL and the ENTITYRESOLUTIONALLOWLIST default since 2.25.0: Impact This...
CVE-2026-47209 vm2: Bridge Proxy set trap ignores receiver parameter, enabling host object property injection via prototype chain
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the BaseHandler.set trap in bridge.js line 1231 ignores the receiver parameter and unconditionally writes to the host target object. Per the Proxy set trap specification, when receiver !== proxy e.g., when a child object...
[SECURITY] [DLA 4628-1] linux-base update
Debian LTS Advisory DLA-4628-1 [email protected] https://www.debian.org/lts/security/ Ben Hutchings June 12, 2026 https://wiki.debian.org/LTS Package : linux-base Version : 4.12.1deb12u1 The linux-base package has been updated to support installation of a backport of Linux 6.12. For...
PT-2026-49054
Summary A GeoServer that uses ENTITY RESOLUTION ALLOWLIST may allow attacker to perform unauthenticated Server-Side Request Forgery SSRF. Details This vulnerability requires that GeoServer is set up to use a proxy base URL and the ENTITY RESOLUTION ALLOWLIST default since 2.25.0: Impact This...
ROS-20260611-73-0003
The vulnerability of the RDP client FreeRDP is related to the escape of operations beyond the buffer in memory, due to incorrect encoding based on the Base64 standard. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
USN-8130-3 gst-plugins-base1.0 vulnerability
USN-8130-1 fixed a vulnerability in GStreamer Base Plugins. This update provides the corresponding update for Ubuntu 16.04 LTS. Original advisory details: It was discovered that GStreamer Base Plugins incorrectly handled certain AVI media files. A remote attacker could use this issue to cause...