Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the CLI login command when the -skip-verify flag is used without the --cacert flag. An attacker can intercept sensitive information or perform man-in-the-middle attacks by exploiting the lack of proper...

SUSE-SU-2026:0631-1 Security update 5.1.2 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: - Backported security patches for Salt vendored tornado: CVE-2025-67724: Fixed missing validation of supplied reason phrase bsc1254903 CVE-2025-67725: Fixed DoS via malicious HTTP request bsc1254905 CVE-2025-67726: Fixed HTTP header...

Directory Traversal

Overview rollup is a Next-generation ES module bundler Affected versions of this package are vulnerable to Directory Traversal in the Bundle class in bundle.ts, which handles file name sanitization in the core engine. An attacker can overwrite arbitrary files on the host filesystem outside the...

Directory Traversal

Overview org.webjars.npm:rollup is a Next-generation ES module bundler Affected versions of this package are vulnerable to Directory Traversal in the Bundle class in bundle.ts, which handles file name sanitization in the core engine. An attacker can overwrite arbitrary files on the host filesyste...

Debian dla-4485 : ca-certificates - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4485 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4485-1 [email protected] https://www.debian.org/lts/security/...

[SECURITY] [DLA 4485-1] ca-certificates CA certificates update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4485-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès February 20, 2026 https://wiki.debian.org/LTS -...

agentiq-semantic-kernel (>=1.0.0 <=1.1.0a20250428), agixt (>=1.1.76b0 <=1.3.71) +9 more potentially affected by CVE-2026-26030 via semantic-kernel (>=0.2.9.dev0 <=1.35.3)

semantic-kernel PYPI version =0.2.9.dev0, =1.0.0, =1.1.76b0, =1.1.0, =0.1.1, =0.1.0, =0.3.0, =1.2.0, =0.2.0, =0.0.1, =1.0.0, =1.0.9 Source cves: CVE-2026-26030 Source advisory: OSV:PYSEC-2026-163...

CVE-2026-2127

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to unauthorized arbitrary shortcode execution in all versions up to, and including, 1.70.4. This is due to a missing capability check on the siteoriginwidgetpreviewwidgetaction function which is registered via the...

CVE-2026-27176

creationtimestamp| type| source ---|---|--- 2026-02-19 10:22:00+00:00| seen| https://vulnerability.circl.lu/bundle/42521e67-5c8d-4b16-a114-e0db686c91a7 2026-05-04 09:16:43+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-27176.yaml...

Medium: runfinch-finch

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...

CVE-2026-22803

creationtimestamp| type| source ---|---|--- 2026-02-18 14:20:55+00:00| seen| https://vulnerability.circl.lu/bundle/2b58b75c-ed2f-43e6-9955-22f649ee1814...

CLSA-2026-1771412755 Update of alt-php

Update ca-certificates database to 20260210: - mozilla\certdata.h,nssckbi.h: Update Mozilla certificate authority bundle of the version 2.82. - The following certificates were updated: Certificate "Entrust Root Certification Authority" Certificate "ePKI Root Certification Authority" Certificate...

CLSA-2026-1771412648 Update of alt-php

Update ca-certificates database to 20260210: - mozilla\certdata.h,nssckbi.h: Update Mozilla certificate authority bundle of the version 2.82. - The following certificates were updated: Certificate "ePKI Root Certification Authority" - The following certificates were added: Certificate "TrustAsia...

CVE-2026-2127

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to unauthorized arbitrary shortcode execution in all versions up to, and including, 1.70.4. This is due to a missing capability check on the siteoriginwidgetpreviewwidgetaction function which is registered via the...

CVE-2026-2127

CVE-2026-2127 describes an authenticated arbitrary shortcode execution flaw in the WordPress plugin SiteOrigin Widgets Bundle (versions

CVE-2026-2127 SiteOrigin Widgets Bundle <= 1.70.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to unauthorized arbitrary shortcode execution in all versions up to, and including, 1.70.4. This is due to a missing capability check on the siteoriginwidgetpreviewwidgetaction function which is registered via the...

CVE-2026-2127 SiteOrigin Widgets Bundle <= 1.70.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to unauthorized arbitrary shortcode execution in all versions up to, and including, 1.70.4. This is due to a missing capability check on the siteoriginwidgetpreviewwidgetaction function which is registered via the...

WordPress SiteOrigin Widgets Bundle plugin <= 1.70.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Shortcode Execution vulnerability discovered by bashu - KCSC in WordPress Plugin SiteOrigin Widgets Bundle versions = 1.70.4...

WordPress plugin SiteOrigin Widgets Bundle 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-20365

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to unauthorized arbitrary shortcode execution in all versions up to, and including, 1.70.4. This is due to a missing capability check on the siteorigin widget preview widget action function which is registered via the wp ajax so...