CVE-2026-32588 Apache Cassandra: Authenticated DoS via ALTER ROLE Password Hashing

Authenticated DoS over CQL in Apache Cassandra 4.0, 4.1, 5.0 allows authenticated user to raise query latencies via repeated password changes. Users are recommended to upgrade to version 4.0.20, 4.1.11, 5.0.7, which fixes this issue...

CVE-2026-32588 Apache Cassandra: Authenticated DoS via ALTER ROLE Password Hashing

Authenticated DoS over CQL in Apache Cassandra 4.0, 4.1, 5.0 allows authenticated user to raise query latencies via repeated password changes. Users are recommended to upgrade to version 4.0.20, 4.1.11, 5.0.7, which fixes this issue...

Apache Cassandra 安全漏洞

Apache Cassandra is a distributed NoSQL database developed by the Apache Foundation in the United States. There are security vulnerabilities in Apache Cassandra versions 4.0, 4.1, and 5.0. These vulnerabilities allow authenticated users to increase query latency by repeatedly changing passwords,...

PT-2026-30916

Authenticated DoS over CQL in Apache Cassandra 4.0, 4.1, 5.0 allows authenticated user to raise query latencies via repeated password changes. Users are recommended to upgrade to version 4.0.20, 4.1.11, 5.0.7, which fixes this issue...

RedwoodSDK 跨站请求伪造漏洞

RedwoodSDK is an open-source React-based server-first web application framework developed by RedwoodJS. Versions of RedwoodSDK from 1.0.0-beta.50 to 1.0.5 contain a cross-site request forgeing vulnerability. This vulnerability arises because server functions can be called via GET requests,...

SandboxJS 安全漏洞

SandboxJS is a security assessment tool developed by nyariv. Versions of SandboxJS prior to 0.8.36 contained security vulnerabilities; these vulnerabilities stemmed from the ability to bypass global object protection through constructor paths, potentially allowing modification of host global obje...

PT-2026-30379

Nodcms contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious forms. Attackers can trick authenticated administrators into submitting requests to admin/user manipulate and admin/settings/generall endpoints to...

CVE-2026-34762

Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, the PUT /api/v1/subscriber/imsi API accepts an IMSI identifier from both the URL path and the JSON request body but never verifies they match. This allows an authenticated NetworkManager to modify any subscriber's polic...

CVE-2026-33951

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.1, the SignalK Server exposes an unauthenticated HTTP endpoint that allows remote attackers to modify navigation data source priorities. This endpoint, accessible via PUT...

CVE-2026-2699

Customer Managed ShareFile Storage Zones Controller SZC allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution...

JLSEC-2026-41

Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security...

JLSEC-2026-47

Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invok...

Use After Free

Overview electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Use After Free in the powerMonitor function. An attacker can cause memory corruption or application crashes by triggering...

Linux Distros Unpatched Vulnerability : CVE-2026-20915

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stored cross-site scripting XSS in Checkmk version 2.5.0 beta before 2.5.0b2 allows authenticated users with permission to create pending changes to inject...

EUVD-2024-55533

Hirschmann HiEOS devices contain an authentication bypass vulnerability in the HTTPS management module that allows unauthenticated remote attackers to gain administrative access by sending specially crafted HTTPS requests. Attackers can exploit improper authentication handling to obtain elevated...

CVE-2026-34762

Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, the PUT /api/v1/subscriber/imsi API accepts an IMSI identifier from both the URL path and the JSON request body but never verifies they match. This allows an authenticated NetworkManager to modify any subscriber's polic...

CVE-2026-34828

listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, a session management vulnerability allows previously issued authenticated sessions to remain valid after sensitive account security changes, specifically password reset and...

CVE-2026-2699

Customer Managed ShareFile Storage Zones Controller SZC allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution...

CVE-2026-2699

CVE-2026-2699 affects Progress ShareFile Storage Zones Controller (SZC). An unauthenticated attacker can bypass authentication to access restricted configuration pages (notably via the Admin.aspx path), enabling changes to system configuration and potentially enabling remote code execution. The i...

CVE-2026-2699 EAR vulnerability in Progress ShareFile Storage Zones Controller (SZC)

Customer Managed ShareFile Storage Zones Controller SZC allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution...