12151 matches found
CVE-2026-48892
CVE-2026-48892 : Apache Airflow's Config API leaks per-key secrets-backend overrides via environment variables (e.g., AIRFLOW__SECRETS__BACKEND_KWARG__SECRET_ID, AIRFLOW__WORKERS__SECRETS_BACKEND_KWARG__SECRET_ID) that are not in sensitive_config_values, allowing an authenticated UI/API user with...
CVE-2026-58315
Cross-site request forgery vulnerability exists in SEIKO EPSON Web Config. If a user views a malicious page while logged into Web Config, unintended operations may be performed...
CVE-2026-58315
Cross-site request forgery vulnerability exists in SEIKO EPSON Web Config. If a user views a malicious page while logged into Web Config, unintended operations may be performed...
CVE-2026-58315
Cross-site request forgery vulnerability exists in SEIKO EPSON Web Config. If a user views a malicious page while logged into Web Config, unintended operations may be performed...
CVE-2026-58315
CVE-2026-58315 describes a Cross-site request forgery in SEIKO EPSON Web Config. The vulnerability could allow unintended operations when a logged-in user visits a malicious page, as reported by both the NVD entry and CVE records. Connected sources confirm the product area (SEIKO EPSON Web Config...
EUVD-2026-42007
Cross-site request forgery vulnerability exists in SEIKO EPSON Web Config. If a user views a malicious page while logged into Web Config, unintended operations may be performed...
PT-2026-56190
A stored XPATH injection vulnerability exists in opnsense's trust module. Any user if given just System: CA Manager permissions can use a bool side channel/oracle to slowly leak any secret in config.xml character by character. the injection point is in the refid field of a ca object. Write-up for...
Linux Distros Unpatched Vulnerability : CVE-2026-14476
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A path traversal flaw was found in SSSD's AD GPO provider. The adgpoextractsmbcomponents function does not sanitize .. sequences in the gPCFileSysPath LDAP...
PT-2026-56268
Name of the Vulnerable Software and Affected Versions mem0 affected versions not specified Description Unauthenticated config API endpoints expose LLM API keys in plaintext and enable server-side request forgery SSRF, a technique where an attacker induces the server to make requests to an...
CVE-2026-43921 FOSSBilling vulnerable to arbitrary PHP code injection via unescaped config serialization
FOSSBilling is a free, open-source billing and client management system. Versions 0.6.10 through 0.7.2 have a PHP code injection vulnerability in FOSSBilling's Config::prettyPrintArrayToPHP method. When configuration values are updated, string values are written into config.php without escaping...
CVE-2026-43921
FOSSBilling is a free, open-source billing and client management system. Versions 0.6.10 through 0.7.2 have a PHP code injection vulnerability in FOSSBilling's Config::prettyPrintArrayToPHP method. When configuration values are updated, string values are written into config.php without escaping...
Coder vulnerable to SSH config injection via unsanitized server-supplied values in `coder config-ssh`
Summary coder config-ssh wrote server-supplied SSH settings HostnameSuffix, SSHConfigOptions into the user's /.ssh/config without sanitizing embedded newlines or restricting directives so a malicious or compromised Coder server could inject arbitrary SSH configuration. Note: Practical exploitatio...
CVE-2026-57572 Crawl4AI: Unauthenticated RCE via Chromium launch-argument injection in browser_config.extra_args
Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server accepted request-supplied browserconfig.extraargs, which flowed into Chromium's launch arguments. An attacker could inject Chromium switches that replace a child-process launch command together...
CVE-2026-57572
Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server accepted request-supplied browserconfig.extraargs, which flowed into Chromium's launch arguments. An attacker could inject Chromium switches that replace a child-process launch command together...
EUVD-2026-41919
The web server binary /bin/httpd contains a hidden backdoor authentication mechanism in the login function at 004c88b8. - The function contains a normal authentication path using MD5/hash-based password verification prodencode64/PasswordToMd5/checkrandkey. - After normal authentication fails, it...
CVE-2026-11405 Hidden backdoor authentication mechanism in multiple versions of Tenda firmware allows admin access to web management interface
The web server binary /bin/httpd contains a hidden backdoor authentication mechanism in the login function at 004c88b8. - The function contains a normal authentication path using MD5/hash-based password verification prodencode64/PasswordToMd5/checkrandkey. - After normal authentication fails, it...
CVE-2026-59195
pnpm is a package manager. Prior to 10.34.4 and 11.8.0, pnpm accepts package names from the env lockfile configDependencies section and uses those names directly when creating config dependency symlinks under nodemodules/.pnpm-config. A malicious repository can commit a crafted pnpm-lock.yaml who...
CVE-2026-40138
CVE-2026-40138 is a critical pre-authentication vulnerability in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. The underlying issue is improper validation of authentication data, which could let a network-positioned attacker bypass access controls and ga...
CVE-2026-59195 pnpm: Path traversal in configDependencies env lockfile allows symlink creation outside node_modules/.pnpm-config
pnpm is a package manager. Prior to 10.34.4 and 11.8.0, pnpm accepts package names from the env lockfile configDependencies section and uses those names directly when creating config dependency symlinks under nodemodules/.pnpm-config. A malicious repository can commit a crafted pnpm-lock.yaml who...
CVE-2026-59195
pnpm is a package manager. Prior to 10.34.4 and 11.8.0, pnpm accepts package names from the env lockfile configDependencies section and uses those names directly when creating config dependency symlinks under nodemodules/.pnpm-config. A malicious repository can commit a crafted pnpm-lock.yaml who...