2112 matches found
PT-2026-26081
MuraCMS through 10.1.10 contains a CSRF vulnerability in the bundle creation functionality csettings.cfc createBundle method that allows unauthenticated attackers to force administrators to create and save site bundles containing sensitive data to publicly accessible directories. This vulnerabili...
CVE-2025-55043
MuraCMS through 10.1.10 contains a CSRF vulnerability in the bundle creation functionality csettings.cfc createBundle method that allows unauthenticated attackers to force administrators to create and save site bundles containing sensitive data to publicly accessible directories. This vulnerabili...
CLSA-2026-1773684237 Update of alt-php
Update ca-certificates database to 20260305: - mozilla\certdata.h,nssckbi.h: Update Mozilla certificate authority bundle of the version 2.84. - The following certificates were added: Certificate "TrustAsia TLS ECC Root CA" Certificate "TrustAsia TLS RSA Root CA" Certificate "SwissSign RSA TLS Roo...
Fedora 44 : yarnpkg (2026-db0c5d039c)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-db0c5d039c advisory. Update vendor bundle. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...
How to Manually Update GPG key on Veeam Appliances
Article Applicability This article is specifically regarding the Veeam Appliances used in conjunction with Veeam Backup & Replication 13. Including the Veeam Software Appliance, Veeam Infrastructure Appliance, and Veeam Hardened Repository deployed from the Veeam Infrastructure Appliance. For...
CLSA-2026-1773341470 Update of alt-php
Update ca-certificates database to 20260305: - mozilla\certdata.h,nssckbi.h: Update Mozilla certificate authority bundle of the version 2.84. - The following certificates were added: Certificate "TrustAsia TLS ECC Root CA" Certificate "TrustAsia TLS RSA Root CA" Certificate "SwissSign RSA TLS Roo...
EUVD-2026-10933
sigstore-ruby verifier returns success for DSSE bundles with mismatched in-toto subject digest...
Unchecked Return Value
Overview Affected versions of this package are vulnerable to Unchecked Return Value due to improper handling of the return value from the verifyintoto function. An attacker can cause the verification process to incorrectly indicate success for DSSE bundles with mismatched in-toto subject digests ...
CVE-2026-31830 sigstore-ruby verifier returns success for DSSE bundles with mismatched in-toto subject digest
sigstore-ruby is a pure Ruby implementation of the sigstore verify command from the sigstore/cosign project. Prior to 0.2.3, Sigstore::Verifierverify does not propagate the VerificationFailure returned by verifyintoto when the artifact digest does not match the digest in the in-toto attestation...
CVE-2026-29779
UptimeFlare is a serverless uptime monitoring & status page solution, powered by Cloudflare Workers. Prior to commit 377a596, configuration file uptime.config.ts exports both pageConfig safe for client use and workerConfig server-only, contains sensitive data from the same module. Due to...
CVE-2026-29779
UptimeFlare is a serverless uptime monitoring & status page solution, powered by Cloudflare Workers. Prior to commit 377a596, configuration file uptime.config.ts exports both pageConfig safe for client use and workerConfig server-only, contains sensitive data from the same module. Due to...
CVE-2026-29779 UptimeFlare: Montior config / Credentials in `workerConfig` exposed in client-side JavaScript bundle
UptimeFlare is a serverless uptime monitoring & status page solution, powered by Cloudflare Workers. Prior to commit 377a596, configuration file uptime.config.ts exports both pageConfig safe for client use and workerConfig server-only, contains sensitive data from the same module. Due to...
CVE-2026-29779 UptimeFlare: Montior config / Credentials in `workerConfig` exposed in client-side JavaScript bundle
UptimeFlare is a serverless uptime monitoring & status page solution, powered by Cloudflare Workers. Prior to commit 377a596, configuration file uptime.config.ts exports both pageConfig safe for client use and workerConfig server-only, contains sensitive data from the same module. Due to...
EUVD-2026-10152
UptimeFlare is a serverless uptime monitoring & status page solution, powered by Cloudflare Workers. Prior to commit 377a596, configuration file uptime.config.ts exports both pageConfig safe for client use and workerConfig server-only, contains sensitive data from the same module. Due to...
CVE-2026-29779
UptimeFlare (serverless uptime monitoring using Cloudflare Workers) had server-only configuration, workerConfig, exported from the same module as safe client data. Prior to commit 377a596, pages/incidents.tsx imported workerConfig into a client-side component, causing the entire workerConfig obje...
CVE-2026-29779 UptimeFlare: Montior config / Credentials in `workerConfig` exposed in client-side JavaScript bundle
UptimeFlare is a serverless uptime monitoring & status page solution, powered by Cloudflare Workers. Prior to commit 377a596, configuration file uptime.config.ts exports both pageConfig safe for client use and workerConfig server-only, contains sensitive data from the same module. Due to...
Unsafe cloudpickle deserialization in Prefect task runners and bundle deserialization
This report is not public...
PT-2026-23863
Name of the Vulnerable Software and Affected Versions UptimeFlare versions prior to commit 377a596 Description UptimeFlare, a serverless uptime monitoring and status page solution powered by Cloudflare Workers, had a configuration issue. The uptime.config.ts file exported both pageConfig intended...
Amazon Linux 2023 : wireshark-cli, wireshark-devel (ALAS2023-2026-1450)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1450 advisory. MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and 4.2.0 to 4.2.13 allows denial of service CVE-2025-11626 Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows denial...
CLSA-2026-1772642715 Update of alt-php
Update ca-certificates database to 20260129: - mozilla\certdata.h,nssckbi.h: Update Mozilla certificate authority bundle of the version 2.82. - The following certificates were updated: Certificate "GlobalSign Root CA" Certificate "Entrust.net Premium 2048 Secure Server CA" Certificate "Comodo AAA...