689 matches found
CVE-2026-5878 vulnerabilities
Vulnerabilities for packages: chromium...
Security Bulletin: IBM SOAR QRadar Plugin App is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM SOAR QRadar Plugin App has addressed the applicable CVEs with an update. Vulnerability Details CVEID:CVE-2025-68146 DESCRIPTION: filelock is a...
Sigstore Timestamp Authority has Improper Certificate Validation in verifier
Authorization bypass via certificate bag manipulation in sigstore/timestamp-authority verifier An authorization bypass vulnerability exists in sigstore/timestamp-authority verifier timestamp-authority/v2/pkg/verification: VerifyTimestampResponse function correctly verifies the certificate chain b...
PT-2026-32578
MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, the chat export feature is vulnerable to Improper Neutralization of Formula Elements in a CSV File. When an administrator exports the application chat history to an Excel file .xlsx via the...
CVE-2026-30804
creationtimestamp| type| source ---|---|--- 2026-04-13 18:01:43+00:00| seen| Telegram/mgx4OESgILIX0WlIlJJnUrKrutJBiy7rqG6NL0bWgANWmeU 2026-04-13 18:20:44+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjfi7bk2e52m...
cybersentinel-agent
CyberSentinel Agent Defensive cybersecurity agent framework w...
angorapy (>=0.9.1 <=0.10.8), apple-hdr-heic (=0.1.0) +66 more potentially affected by CVE-2026-34544 via openexr (>=3.4.12 <=3.4.4)
openexr PYPI version =3.4.12, =0.9.1, =0.5.0, =0.2.5, =0.1.0rc1, =0.0.1, =0.1.0, =0.2.1, =0.0.4, =0.1.7, =0.0.1, =0.1.1, =0.0.0, =0.0.4 and more Source cves: CVE-2026-34544 Source advisory: OSV:GHSA-H762-RHV3-H25V...
CVE-2026-34406
APTRS Automated Penetration Testing Reporting System is a Python and Django-based automated reporting tool designed for penetration testers and security organizations. Prior to version 2.0.1, the edituser endpoint POST /api/auth/edituser/ allows Any user who can reach that endpoint and submit...
CVE-2026-34165 go-git: Maliciously crafted idx file can cause asymmetric memory consumption
go-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before version 5.17.1, a vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a...
Home Assistant has stored XSS in Map-card through malicious device name
Summary An authenticated party can add a malicious name to their device entity, allowing for Cross-Site Scripting attacks against anyone who can see a dashboard with a Map-card which includes that entity. It requires that the victim hovers over an information point The lines or the dots...
CVE-2026-23217
creationtimestamp| type| source ---|---|--- 2026-03-19 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/...
aana (>=0.2.1 <=0.2.4), abao-ai (=0.0.5) +1094 more potentially affected by CVE-2026-32981 via ray (>=0.5.0 <=2.8.0)
ray PYPI version =0.5.0, =0.2.1, =0.0.6, =0.0.1b1, =0.1.1, =0.2.0, =0.0.2, =0.1.1, =0.2.0, =0.0.1, =0.0.0, =0.2.11 and more Source cves: CVE-2026-32981 Source advisory: OSV:PYSEC-2026-130...
CVE-2026-4214
A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This issue affects the function...
编号撤回
“ring”(Brian Smith)。“ring”。 “The R Foundation”“R”(The R Foundation)。“R”。“Supabase Auth”(Supabase)。“Auth”。CVE。...
CVE-2026-3735 code-projects Simple Flight Ticket Booking System SearchResultOneway.php sql injection
A vulnerability has been found in code-projects Simple Flight Ticket Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file SearchResultOneway.php. Such manipulation of the argument from leads to sql injection. The attack can be launched remotely. The exploit h...
CVE-2026-27802
A flaw was found in Vaultwarden. A manager, an authorized user, can exploit this vulnerability by performing a bulk permission update to collections they are not authorized to access. This can lead to privilege escalation, allowing the manager to gain unauthorized access and control over these...
IBM WebSphere Application Server Liberty 17.0.0.3 < 26.0.0.3 (7261761)
The version of IBM WebSphere Application Server Liberty running on the remote host is affected by a vulnerability as referenced in the 7261761 advisory. - IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Server Liberty could provide weaker than expect...
@01.software/sdk (>=0.0.1-251008.90016 <=0.1.4), @adenta/cms (>=0.0.6 <=1.1.1-0) +32 more potentially affected by CVE-2026-27567 via payload (>=3.0.0-alpha.46 <=3.75.0-internal.8e0f8ba)
payload NPM version =3.0.0-alpha.46, =0.0.1-251008.90016, =0.0.6, =0.0.3, =1.0.1-beta.0, =1.0.0, =0.1.0, =1.0.0, =1.0.0, =3.64.0, =0.0.1-beta.0, =0.2.0, =0.2.14 - @remy90/payload-conditions-plugin =0.2.2 and more Source cves: CVE-2026-27567 Source advisory: SNYK:JS-PAYLOAD-15344407...
CVE-2026-22567 ZIA Admin UI Input Validation Bug
Improper validation of user-supplied input in the ZIA Admin UI could allow an authenticated administrator to initiate backend functions through specific input fields in limited scenarios...
CVE-2018-2266
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none...