33868 matches found
CVE-2026-41704 - Compromised VM can make arbitrary blobstore deletes | Cloud Foundry
MEDIUM CVSS 4.0 Score: 6.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:H CVSS 3.1 Score: 5.0 CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N Vendor Cloud Foundry Foundation Versions Affected Severity is MEDIUM unless otherwise noted. BOSH Director – All versions prior to v282.1.12...
CVE-2026-24527
The CVE-2026-24527 entry covers a Missing Authorization (Broken Access Control) vulnerability in WordPress Autoship Cloud for WooCommerce Subscription Products, affecting versions up to 2.14.0. Root cause is misconfigured access control security levels, enabling potential unauthorized access. CVS...
CVE-2026-24527 WordPress Autoship Cloud for WooCommerce Subscription Products plugin <= 2.14.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Patterns in the cloud Autoship Cloud for WooCommerce Subscription Products allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Autoship Cloud for WooCommerce Subscription Products: from n/a through 2.14.0...
CVE-2026-24527 WordPress Autoship Cloud for WooCommerce Subscription Products plugin <= 2.14.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Patterns in the cloud Autoship Cloud for WooCommerce Subscription Products allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Autoship Cloud for WooCommerce Subscription Products: from n/a through 2.14.0...
EUVD-2026-31758
Missing Authorization vulnerability in Patterns in the cloud Autoship Cloud for WooCommerce Subscription Products allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Autoship Cloud for WooCommerce Subscription Products: from n/a through 2.14.0...
CVE-2026-24527
Missing Authorization vulnerability in Patterns in the cloud Autoship Cloud for WooCommerce Subscription Products allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Autoship Cloud for WooCommerce Subscription Products: from n/a through 2.14.0...
WordPress Autoship Cloud for WooCommerce Subscription Products plugin <= 2.14.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Autoship Cloud for WooCommerce Subscription Products versions = 2.14.3...
CVE-2026-9498
A vulnerability has been found in Dromara lamp-cloud up to 5.6.2. Impacted is the function GroovyClassLoader.parseClass of the component Message Template Handler. Such manipulation of the argument DefMsgTemplate.content leads to improper neutralization of special elements used in a template engin...
CVE-2026-9498
Technical details are not publicly available in the provided documents. Monitor for updates.
CVE-2026-9498
A vulnerability has been found in Dromara lamp-cloud up to 5.6.2. Impacted is the function GroovyClassLoader.parseClass of the component Message Template Handler. Such manipulation of the argument DefMsgTemplate.content leads to improper neutralization of special elements used in a template engin...
CVE-2026-9498 Dromara lamp-cloud Message Template GroovyClassLoader.parseClass special elements used in a template engine
A vulnerability has been found in Dromara lamp-cloud up to 5.6.2. Impacted is the function GroovyClassLoader.parseClass of the component Message Template Handler. Such manipulation of the argument DefMsgTemplate.content leads to improper neutralization of special elements used in a template engin...
CVE-2026-9498 Dromara lamp-cloud Message Template GroovyClassLoader.parseClass special elements used in a template engine
A vulnerability has been found in Dromara lamp-cloud up to 5.6.2. Impacted is the function GroovyClassLoader.parseClass of the component Message Template Handler. Such manipulation of the argument DefMsgTemplate.content leads to improper neutralization of special elements used in a template engin...
EUVD-2026-31733
A vulnerability has been found in Dromara lamp-cloud up to 5.6.2. Impacted is the function GroovyClassLoader.parseClass of the component Message Template Handler. Such manipulation of the argument DefMsgTemplate.content leads to improper neutralization of special elements used in a template engin...
CVE-2026-9464
A vulnerability has been found in YunaiV yudao-cloud 2026.03. This affects the function IotDataSinkHttpConfig of the file /admin-api/iot/data-sink/create of the component Admin API Endpoint. Such manipulation leads to server-side request forgery. The attack may be launched remotely. The exploit h...
CVE-2026-47076
Interpretation Conflict vulnerability in benoitc hackney allows Server Side Request Forgery. hackneyurl:normalize/2 URL-decodes the host component after the URL has been parsed into a hackneyurl record. OTP's uristring:parse/1 and inet:parseaddress/1 do not decode percent-escapes in the host, so ...
Malicious code in tempo-modules (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6ad4276e2eafbe6d7040f94ac546ec20e7ac211e1e5906964c25f581a519d183 [email protected] is a dependency-confusion attack package. The package.json preinstall hook executes poc.js, which on every npm install harvests...
MAL-2026-4687 Malicious code in tempo-modules (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6ad4276e2eafbe6d7040f94ac546ec20e7ac211e1e5906964c25f581a519d183 [email protected] is a dependency-confusion attack package. The package.json preinstall hook executes poc.js, which on every npm install harvests...
MAL-2026-4641 Malicious code in platform-tempo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6d1c69e098c3ebeb2876b746523bea0220034b429f58e0a55683f0ee2c8776cd [email protected] declares a preinstall hook that runs poc.js on every npm install. The script collects host identity os.hostname, whoami /all /...
CVE-2026-9464
A vulnerability has been found in YunaiV yudao-cloud 2026.03. This affects the function IotDataSinkHttpConfig of the file /admin-api/iot/data-sink/create of the component Admin API Endpoint. Such manipulation leads to server-side request forgery. The attack may be launched remotely. The exploit h...
EUVD-2026-31684
A vulnerability has been found in YunaiV yudao-cloud 2026.03. This affects the function IotDataSinkHttpConfig of the file /admin-api/iot/data-sink/create of the component Admin API Endpoint. Such manipulation leads to server-side request forgery. The attack may be launched remotely. The exploit h...