970 matches found
SEOPress < 7.9 - Authentication Bypass
The SEOPress WordPress plugin before 7.9 does not properly protect some of its REST API routes, which combined with another Object Injection vulnerability can allow unauthenticated attackers to unserialize malicious gadget chains, compromising the site if a suitable chain is present. id:...
CVE-2026-63086
text-generation-inference through 3.3.7 contains a server-side request forgery SSRF vulnerability in the OpenAI-compatible multimodal chat completions endpoint that allows unauthenticated network attackers to coerce the server into issuing arbitrary HTTP GET requests by supplying a crafted imageu...
CVE-2026-63306 stoatchat before 0.13.5 Unauthenticated SSRF via proxy and embed endpoints
stoatchat before 0.13.5 contains an unauthenticated server-side request forgery vulnerability in the /proxy and /embed endpoints that accept arbitrary URLs without DNS resolution filtering or private IP range validation. Attackers can enumerate internal services, fingerprint applications, and rea...
Alibaba Cloud Linux 3 : 0198: podman and buildah (ALINUX3-SA-2026:0198)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0198 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-25679: url.Parse insufficiently...
GHSA-9VCR-P3RJ-Q5Q6 vulnerabilities
Vulnerabilities for packages: crossplane-fips, kubescape, kubescape-server-fips, image-factory-fips, spire-server-fips, aactl, crossplane, falcoctl-fips, tkn, falcoctl, neuvector-sigstore-interface-fips, trivy-operator-fips, ratify, cloudbeat, trivy, policy-controller-fips, zarf-fips,...
CVE-2026-49834 vulnerabilities
Vulnerabilities for packages: crossplane-fips, kubescape, kubescape-server-fips, image-factory-fips, spire-server-fips, aactl, crossplane, falcoctl-fips, tkn, falcoctl, neuvector-sigstore-interface-fips, trivy-operator-fips, ratify, cloudbeat, trivy, policy-controller-fips, zarf-fips,...
Alibaba Cloud Linux 3 : 0187: podman (ALINUX3-SA-2026:0187)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0187 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-25679: url.Parse insufficiently...
crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application
A flaw was found in the crypto/x509 package within Go golang. When verifying a certificate chain, excluded DNS Domain Name System constraints are not correctly applied to wildcard DNS Subject Alternative Names SANs if the case of the SAN differs from the constraint. This oversight could allow an...
GHSA-F5MR-Q85P-6HH6 vulnerabilities
Vulnerabilities for packages: witness, buildah, skopeo, kubescape, gitsign, zarf, tekton-chains, undock, kyverno-notation-aws, kyverno, falcoctl, kots, flux-source-controller, podman, aactl, ratify, slsa-verifier...
CVE-2026-49478 vulnerabilities
Vulnerabilities for packages: witness, buildah, skopeo, kubescape, gitsign, zarf, tekton-chains, undock, kyverno-notation-aws, kyverno, falcoctl, kots, flux-source-controller, podman, aactl, ratify, slsa-verifier...
EUVD-2026-40388
IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 ships three ObjectInputStream subclasses WsObjectInputStream, ObjectStreamPool$ReusableInputStream, ObjectInputStreamResolver that install no JEP-290 class filter; when Coherence is on the classpath, multiple RCE gadget chains including...
Linux Distros Unpatched Vulnerability : CVE-2026-6091
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Partial-chain certificate verification may accept chains that terminate at a peer-supplied, untrusted intermediate certificate rather than a trusted anchor. An...
CVE-2026-53404
Apache Tomcat vulnerability CVE-2026-53404 describes an Always-Incorrect Control Flow in the RewriteValve. If the first condition in an OR chain matches, subsequent non-OR conditions may be skipped, altering rule evaluation. Affected versions include Tomcat 11.0.0-M1–11.0.22, 10.1.0-M1–10.1.55, 9...
Linux Distros Unpatched Vulnerability : CVE-2026-53138
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amd/display: Bound VBIOS record-chain walk loops Why & How All record-chain walk loops in biosparser.c and biosparser2.c use for;; and only terminate on a...
GHSA-Q4H4-GMJ2-QVW2 vulnerabilities
Vulnerabilities for packages: kubevela-fips, crossplane-provider-keycloak, crossplane-provider-aws-opensearch-fips, crossplane-provider-aws-vpc-fips, livekit-cli, sealed-secrets, nerdctl, crossplane-provider-aws-chime, crossplane-provider-azure-authorization, crossplane-provider-azure-search,...
GHSA-RM3J-F69W-WQMQ vulnerabilities
Vulnerabilities for packages: kubevela-fips, crossplane-provider-keycloak, crossplane-provider-aws-opensearch-fips, crossplane-provider-aws-vpc-fips, livekit-cli, sealed-secrets, nerdctl, crossplane-provider-aws-chime, crossplane-provider-azure-authorization, crossplane-provider-azure-search,...
GHSA-W879-237Q-WC7R vulnerabilities
Vulnerabilities for packages: age, snyk-cli, kine, step-issuer, helm, falcoctl, crossplane-provider-azure-authorization, wal-g, gptscript, splunk-otel-collector, kubernetes, kubernetes-dashboard, cert-manager, kyverno, vault-benchmark, mattermost, caddy, flux-operator, go-discover, k8sgpt, melang...
RockyLinux 9 : buildah (RLSA-2026:29455)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:29455 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient...
UBUNTU-CVE-2026-6091
Partial-chain certificate verification may accept chains that terminate at a peer-supplied, untrusted intermediate certificate rather than a trusted anchor. An attacker could present a chain that ends at an intermediate they control and have it accepted as valid. This affects the OpenSSL...
OPENSUSE-SU-2026:21159-1 Security update for python-py7zr
This update for python-py7zr fixes the following issues: Changes in python-py7zr: - CVE-2026-23879: crafted malicious symbolic link chains in an archive can lead to an arbitrary file write bsc1268669 - CVE-2026-55195: unchecked extraction size can cause a denial of service bsc1268665 -...