185 matches found
CVE-2026-15070
The Salon Booking System – Free Version plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 10.30.32. This is due to missing or incorrect nonce validation on the setCustomText function. This makes it possible for unauthenticated attackers to inje...
CVE-2026-15070
The Salon Booking System – Free Version plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 10.30.32. This is due to missing or incorrect nonce validation on the setCustomText function. This makes it possible for unauthenticated attackers to inje...
EUVD-2026-42784
The Salon Booking System – Free Version plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 10.30.32. This is due to missing or incorrect nonce validation on the setCustomText function. This makes it possible for unauthenticated attackers to inje...
CVE-2026-49099
Summary: CVE-2026-49099 affects the Apache Camel Salesforce component. Non-Camel header constants (e.g., sObjectQuery, apexUrl) bypass the HTTP header filter, allowing an unauthenticated HTTP client to influence internal behavior by setting operation parameters (SOQL/SOSL, SObject name/id, Apex U...
CVE-2026-48205
Summary: CVE-2026-48205 describes an SSRF vulnerability in the Apache Camel DNS component where DNS operation headers can be supplied via non-Camel header names (dns.server, dns.name, dns.domain, dns.type, dns.class, term) because the HTTP header filter is insufficient. This allows an unauthentic...
PYSEC-2026-337 Use of hard-coded, security-relevant constants in deepset-ai/haystack
Use of Hard-coded, Security-relevant Constants in GitHub repository deepset-ai/haystack in version 1.15.0 and prior. A patch is available at commit 5fc84904f198de661d5b933fde756aa922bf09f1...
BIT-MONGODB-2026-9747 Crafted cross-shard merge aggregation crashes MongoDB Server
Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server...
EUVD-2026-35863
Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server...
CVE-2026-9747 Crafted cross-shard merge aggregation crashes MongoDB Server
Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server...
CVE-2026-9747
The vulnerability CVE-2026-9747 affects MongoDB Server’s cross-shard merge aggregation. When building aggregations, using fromRouter:true with runtimeConstants.userRoles may cause the server to crash. The connected documentation confirms the issue but provides no details on mitigations; exploitat...
CVE-2026-9747 Crafted cross-shard merge aggregation crashes MongoDB Server
Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server...
MongoDB Server 安全漏洞
MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a security vulnerability in MongoDB Server, which can cause server...
CVE-2025-11762
The HubSpot All-In-One Marketing - Forms, Popups, Live Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.3.32 via the leadin/public/admin/class-adminconstants.php file. This makes it possible for authenticated attackers, with...
EUVD-2026-32375
In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: Drop initconst from gates Since commit 8ceff24a754a "clk: mediatek: clk-gate: Refactor mtkclkregistergate to use mtkgate struct" the mtkgate structs are no longer just used for initialization/registration, but also...
MAL-2026-4637 Malicious code in pewter-constants (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c9f898fe8ed95b1d549bfff91d7c0dda0f75ada1c32a58af144940cf28b23c5 On npm install, a preinstall hook in callback.js collects os.hostname, os.userInfo.username, process.cwd, the configured npm registry...
CLSA-2026-1779124021 firewalld: Fix of CVE-2026-4948
CVE-2026-4948: use PKACTIONCONFIG instead of PKACTIONCONFIGINFO for setZoneSettings2 and setPolicySettings to require config-write authorization...
PT-2026-38648
Name of the Vulnerable Software and Affected Versions electerm versions 3.x and earlier Description The getConstants IPC handler in src/app/lib/ipc-sync.js serializes the entire process.env object and sends it to the renderer, where it is stored as window.pre.env. This data is accessible to any...
PT-2026-37496
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The pegasus probe function fills USB Request Blocks URBs with hardcoded endpoint pipes without verifying the endpoint descriptors. Specifically, it uses usb rcvbulkpipedev, 1 for RX data...
Malicious Package
Overview @bcs-bank/common-constants is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
MAL-2026-3265 Malicious code in @bcs-bank/common-constants (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9c84c16934aaaeda86ed317c33795f796252ac98aaf9f39208575837332b372 The package @bcs-bank/common-constants was found to contain malicious code. Source: ghsa-malware...