CVE-2026-55686

Summary of CVE-2026-55686 (Podman: WORKDIR symlink traversal) Affects Podman versions 3.0.0 through 5.7.0 where a container image run with a crafted WORKDIR path that contains a symlink can cause a host filesystem change: create a directory or modify ownership. Ownership modification is less like...

Motors Car Dealer & Classified Ads <= 1.4.0 - Unauthenticated settings import/export

includes/options.php in the motors-car-dealership-classified-listings aka Motors - Car Dealer & Classified Ads plugin through 1.4.0 for WordPress allows unauthenticated options changes. id: CVE-2019-17228 info: name: Motors Car Dealer & Classified Ads = 1.4.0 - Unauthenticated settings...

WordPress OneTone theme <= 3.0.6 – Unauthenticated Options Changes

includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress allows unauthenticated options changes. id: CVE-2019-17230 info: name: WordPress OneTone theme = 3.0.6 – Unauthenticated Options Changes author: daffainfo severity: medium description: | includes/theme-functions.php in...

CVE-2026-43920 FOSSBilling: Unauthenticated update patcher endpoint allows remote maintenance execution

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.4 through 0.7.2, the /run-patcher maintenance endpoint in FOSSBilling was accessible without authentication, which allowed unauthenticated remote users to trigger update patch routines that modify configurati...

CVE-2026-43920

CVE-2026-43920 affects FOSSBilling versions 0.5.4–0.7.2 where the unauthenticated /run-patcher endpoint allowed privileged maintenance operations (config migrations, DB schema changes including ALTER/DROP/UPDATE, filesystem deletions/renames, and cache clearing) to be executed without admin auth,...

CVE-2026-13201

A flaw was found in KubeVirt's safepath package used by virt-handler. The OpenAtNoFollow function uses OPATH|ONOFOLLOW to obtain a file descriptor to a path leaf, but downstream operations resolve the path via /proc/self/fd/N using link-following syscalls. When the leaf is a symlink, the kernel...

CVE-2026-57283

A flaw was found in Jenkins Pipeline: Groovy Plugin. This cross-site request forgery CSRF vulnerability allows attackers to instantiate types related to job or system configuration. This could enable unauthorized modifications to the Jenkins environment...

CVE-2026-13201 Kubevirt: virt-handler-rhel9: kubevirt: safepath symlink following in virt-handler enables notify socket hijacking and node-level vm disruption

A flaw was found in KubeVirt's safepath package used by virt-handler. The OpenAtNoFollow function uses OPATH|ONOFOLLOW to obtain a file descriptor to a path leaf, but downstream operations resolve the path via /proc/self/fd/N using link-following syscalls. When the leaf is a symlink, the kernel...

CVE-2026-13201

A flaw was found in KubeVirt's safepath package used by virt-handler. The OpenAtNoFollow function uses OPATH|ONOFOLLOW to obtain a file descriptor to a path leaf, but downstream operations resolve the path via /proc/self/fd/N using link-following syscalls. When the leaf is a symlink, the kernel...

CVE-2026-1840

The CVE concerns Hubbell Aclara Metrum Cellular Web Interface, where unauthorized access arises from missing authentication on critical system functions. This allows attackers to alter essential configuration settings, trigger system restarts, and potentially disrupt device communications. CISA a...

EUVD-2026-39058

The Aclara Metrum Cellular Web Interface is vulnerable to unauthorized access due to the absence of authentication controls on critical system functions. This weakness exposes essential configuration settings, allowing attackers to alter operational parameters and trigger system restarts without...

CVE-2026-1840 Missing authentication for critical function in Hubbell Aclara Metrum Cellular Web Interface

The Aclara Metrum Cellular Web Interface is vulnerable to unauthorized access due to the absence of authentication controls on critical system functions. This weakness exposes essential configuration settings, allowing attackers to alter operational parameters and trigger system restarts without...

CVE-2026-8905

The Osiris Signature Banner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious...

CVE-2026-6292

The MP Customize Login Page plugin for WordPress is vulnerable to Cross-Site Request Forgery CSRF in all versions up to and including 1.0. This is due to a completely broken nonce validation in the entermpclploginoptions function, which contains an inverted check if wpverifynonce... return false;...

EUVD-2026-38636

Fortra File Integrity Monitoring FIM, formerly Tripwire Enterprise, versions prior to 9.4.0 may assign incorrect or elevated effective permissions to users created by the tetool import command while FIM is running, particularly when the import also creates or changes roles or role-permission...

CVE-2026-12164

Fortra File Integrity Monitoring FIM, formerly Tripwire Enterprise, versions prior to 9.4.0 may assign incorrect or elevated effective permissions to users created by the tetool import command while FIM is running, particularly when the import also creates or changes roles or role-permission...

CVE-2026-12164 Privilege Escalation in Fortra File Integrity Monitoring (FIM)

Fortra File Integrity Monitoring FIM, formerly Tripwire Enterprise, versions prior to 9.4.0 may assign incorrect or elevated effective permissions to users created by the tetool import command while FIM is running, particularly when the import also creates or changes roles or role-permission...

CVE-2026-53926 NocoDB: OAuth Tokens Persist Through Security Events

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, revokeAllOAuthTokensByUser in the users service is an empty stub being called from passwordChange, passwordForgot, and passwordReset. OAuth access and refresh tokens were not revoked when the user changed, reset, or...

GHSA-268J-37XF-PP52 Gogs's write-level collaborators can mutate admin-only repository settings via API

Summary Three API endpoints — PATCH /api/v1/repos/:owner/:repo/issue-tracker, PATCH /api/v1/repos/:owner/:repo/wiki, and POST /api/v1/repos/:owner/:repo/mirror-sync — are gated by reqRepoWriter rather than reqRepoAdmin. The equivalent operations in the web UI sit behind reqRepoAdmin, which requir...

Ubiquiti UniFi OS Improper Access Control Vulnerability

Ubiquiti UniFi OS contains an improper access control vulnerability which could allow a malicious actor with access to the network to make unauthorized changes to the system...