Astra Linux - уязвимость в openjdk-11

A vulnerability exists in the Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Hotspot. The versions affected include Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle Graal...

Astra Linux - уязвимость в openjdk-11

Vulnerability in the Oracle Java SE and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Networking. The supported versions affected by this vulnerability include Oracle Java SE: 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3, and 22.2.0. This...

Astra Linux - уязвимость в openjdk-11

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, and Oracle GraalVM for JDK products of Oracle Java SE component: Libraries. The supported versions affected by this vulnerability are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise...

Astra Linux - уязвимость в openjdk-11

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Library. The supported versions affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. This easily exploitable vulnerability allows an...

Astra Linux – Vulnerability in openjdk-11

Vulnerability in the Oracle Java SE and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Scripting. The supported versions affected by this vulnerability are Oracle Java SE: 8u451, 8u451-perf, and 11.0.27; Oracle GraalVM Enterprise Edition: 21.3.14. The vulnerability is...

Astra Linux - уязвимость в openjdk-11

A vulnerability exists in Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Hotspot. The versions affected include Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1...

Astra Linux - уязвимость в openjdk-11

Vulnerability in Oracle Java SE component: Hotspot. The supported versions affected include Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, and 23. This vulnerability can be exploited by an unauthenticated attacker with network access via multiple protocols, allowing them to compromi...

Astra Linux - уязвимость в openjdk-11

Vulnerability in the Oracle Java SE and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Hotspot. The supported versions affected by this vulnerability include Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2, an...

CVE-2025-15369

The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getcontenteditor function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to create...

CVE-2025-40900

An Angular template injection vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing an Angular template payload, or a victim can be socially engineered to...

CVE-2025-40900

An Angular template injection vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing an Angular template payload, or a victim can be socially engineered to...

CVE-2026-4630 Keycloak: keycloak: unauthorized resource access and data modification via insecure direct object reference

A flaw was found in Keycloak. An authenticated client could exploit an Insecure Direct Object Reference IDOR vulnerability in the Authorization Services Protection API endpoint. By knowing or obtaining a resource's unique identifier UUID belonging to another Resource Server within the same realm,...

CVE-2026-4630

A flaw was found in Keycloak. An authenticated client could exploit an Insecure Direct Object Reference IDOR vulnerability in the Authorization Services Protection API endpoint. By knowing or obtaining a resource's unique identifier UUID belonging to another Resource Server within the same realm,...

CVE-2026-4630 Keycloak: keycloak: unauthorized resource access and data modification via insecure direct object reference

A flaw was found in Keycloak. An authenticated client could exploit an Insecure Direct Object Reference IDOR vulnerability in the Authorization Services Protection API endpoint. By knowing or obtaining a resource's unique identifier UUID belonging to another Resource Server within the same realm,...

CVE-2026-4630

CVE-2026-4630 (Keycloak) describes an Insecure Direct Object Reference (IDOR) in the Authorization Services Protection API endpoint. An authenticated client can use a resource UUID from another Resource Server in the same realm to bypass authorization checks, enabling unauthorized GET, PUT, and D...

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. There is a security vulnerability in Keycloak. This vulnerability stems from an insecure direct object reference issue in the authorization service’s protected API endpoints. It allows authenticated clients ...

CVE-2026-4683

The Smartcat Translator for WPML plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'routeData' REST endpoint in all versions up to, and including, 3.1.77. This makes it possible for unauthenticated attackers to overwrite the plugin's...

CVE-2026-0242

A SQL injection vulnerability in Trust Protection Foundation allows an authenticated attacker to execute arbitrary SQL commands against the product database. Successful exploitation could allow an attacker to read sensitive data, modify database contents, and escalate privileges to gain full...

EUVD-2026-30515

The Smartcat Translator for WPML plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'routeData' REST endpoint in all versions up to, and including, 3.1.77. This makes it possible for unauthenticated attackers to overwrite the plugin's...

CVE-2026-44442

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.1, certain endpoints failed to enforce proper authorization checks, allowing users to modify data beyond their permitted role. This vulnerability is fixed in 16.9.1...