PT-2026-41798

Name of the Vulnerable Software and Affected Versions CloakBrowser versions prior to 0.3.28 Description The cloakserve CDP multiplexer uses the user-supplied fingerprint query parameter directly as a filesystem path component when creating Chrome profile directories. An unauthenticated attacker...

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier 11.5.x series as well as 10.11.13 and earlier 10.11.x series have security vulnerabilities. These vulnerabilities stem from the lack of mandatory...

Improper Authentication

Shopware is vulnerable to Improper Authentication. The vulnerability is due to insufficient validation and binding of shop installations to their original domains during app re-registration, which allows an attacker to hijack app communication and obtain API credentials intended for legitimate...

CVE-2026-45010

phpMyFAQ before 4.1.2 contains an improper restriction of excessive authentication attempts vulnerability in the /admin/check endpoint, which accepts arbitrary user-id parameters without session binding or rate limiting. Unauthenticated attackers can brute-force any user's six-digit TOTP code by...

CVE-2026-0481

Unrestricted IP address binding in the AMD Device Metrics Exporter ROCm ecosystem could allow a remote attacker to perform unauthorized changes to the GPU configuration, potentially resulting in loss of availability...

EUVD-2026-30502

Unrestricted IP address binding in the AMD Device Metrics Exporter ROCm ecosystem could allow a remote attacker to perform unauthorized changes to the GPU configuration, potentially resulting in loss of availability...

CVE-2026-0481

Unrestricted IP address binding in the AMD Device Metrics Exporter ROCm ecosystem could allow a remote attacker to perform unauthorized changes to the GPU configuration, potentially resulting in loss of availability...

CVE-2026-0481

Unrestricted IP address binding in the AMD Device Metrics Exporter ROCm ecosystem could allow a remote attacker to perform unauthorized changes to the GPU configuration, potentially resulting in loss of availability...

CVE-2026-0481

Unrestricted IP address binding in the AMD Device Metrics Exporter ROCm ecosystem could allow a remote attacker to perform unauthorized changes to the GPU configuration, potentially resulting in loss of availability...

PT-2026-41357

Name of the Vulnerable Software and Affected Versions phpMyFAQ versions prior to 4.1.2 Description An improper restriction of excessive authentication attempts exists in the "/admin/check" endpoint. This endpoint accepts arbitrary user-id parameters without session binding or rate limiting...

AMD Graphics Driver 安全漏洞

AMD Graphics Driver is an integrated graphics driver developed by American semiconductor company AMD. There is a security vulnerability in AMD Graphics Driver, which stems from the unlimited binding of IP addresses. This vulnerability could allow remote attackers to make unauthorized changes to G...

Open WebUI 授权问题漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI based on the Open WebUI open source project. Versions of Open WebUI prior to 0.9.0 had an authorization vulnerability. This vulnerability stemmed from the LDAP authentication endpoint failing to verify that the submitt...

EUVD-2026-30493

The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.6, the client-side and server-side GitHub OIDC flow is bound only to a global audience string, not to the specific registry instance being targeted. On the client side, the publisher...

CVE-2026-45028

Astro is a web framework. Astro versions prior to 6.1.10 used AES-GCM encryption to protect the confidentiality and integrity of server island props and slots parameters, but did not bind the ciphertext to its intended component or parameter type. An attacker could replay one component's encrypte...

minalic-exploit-2013

MinaliC Webserver version...

Linux Distros Unpatched Vulnerability : CVE-2026-8328

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ftpcp function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv was patched to replace server-supplied PASV host addresses with...

PT-2026-41183

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.11 Description An internal-only bypass filter parameter is exposed on the '/openai/chat/completions' and '/ollama/api/chat' HTTP endpoints due to FastAPI query string binding. This allows any authenticated user...

CVE-2026-45028 Astro: Server island encrypted parameters vulnerable to cross-component replay

Astro is a web framework. Astro versions prior to 6.1.10 used AES-GCM encryption to protect the confidentiality and integrity of server island props and slots parameters, but did not bind the ciphertext to its intended component or parameter type. An attacker could replay one component's encrypte...

Astro: Server island encrypted parameters vulnerable to cross-component replay

Impact Astro versions prior to 6.1.10 used AES-GCM encryption to protect the confidentiality and integrity of server island props and slots parameters, but did not bind the ciphertext to its intended component or parameter type. An attacker could replay one component's encrypted props p value as...

PT-2026-40592

Impact Astro versions prior to 6.1.10 used AES-GCM encryption to protect the confidentiality and integrity of server island props and slots parameters, but did not bind the ciphertext to its intended component or parameter type. An attacker could replay one component's encrypted props p value as...