313 matches found
Kibana 8.x < 8.19.15 / 9.x < 9.3.4 DoS (ESA-2026-49)
The version of Kibana installed on the remote host is 8.x prior to 8.19.15 or 9.x prior to 9.3.4. It is, therefore, affected by a denial of service vulnerability: - Allocation of Resources Without Limits or Throttling CWE-770 in Kibana can lead to a denial of service. An authenticated user can...
CVE-2026-57252
CVE-2026-57252 affects Foxit PDF Editor/Reader when handling AcroForm operations during PDF loading—specifically during JavaScript-based page deletion and removal of attachment annotations. This triggers a use-after-free condition on invalid pointers within the attachment panel, causing the appli...
CVE-2026-56286
Capgo before 12.128.2 contains an authentication bypass vulnerability in the account deletion endpoint that allows deletion without password re‑authentication or secondary verification. Attackers can delete user accounts via session hijacking, CSRF, or parameter tampering, leading to unauthorized...
CVE-2026-58372 SeaweedFS < 4.34 - Cross-Bucket Object Deletion via DeleteObjects Request-Body Keys
SeaweedFS before 4.34 contains a path traversal vulnerability in the S3 gateway DeleteMultipleObjectsHandler that allows authenticated S3 principals with write access to a single bucket to delete arbitrary objects in other tenants' buckets by supplying object keys containing ../ sequences in the...
PT-2026-52514
Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.34.0 pnpm versions prior to 11.4.0 Description The patch application pipeline @pnpm/patch-package fails to validate file paths extracted from .patch files. An attacker can provide a malicious patch file containing...
CVE-2026-56424 Broken access control in MISP core allows cross-organization unauthorized modification or deletion of analyst data, event reports, collections, templates, and decaying models
MISP core contained multiple broken access-control flaws where authorization checks were performed against the wrong entity, or where ownership/editability checks were missing on write paths. In affected subsystems, a lower-privileged authenticated user with the relevant feature permission could...
CVE-2026-56424
MISP core contained multiple broken access-control flaws where authorization checks were performed against the wrong entity, or where ownership/editability checks were missing on write paths. In affected subsystems, a lower-privileged authenticated user with the relevant feature permission could...
CVE-2026-56424 Broken access control in MISP core allows cross-organization unauthorized modification or deletion of analyst data, event reports, collections, templates, and decaying models
MISP core contained multiple broken access-control flaws where authorization checks were performed against the wrong entity, or where ownership/editability checks were missing on write paths. In affected subsystems, a lower-privileged authenticated user with the relevant feature permission could...
CVE-2026-56424
CVE-2026-56424 affects MISP core and describes multiple broken access-control flaws where authorization checks target the wrong entity or where ownership checks are missing on write paths. In affected subsystems, a lower-privileged authenticated user with relevant feature permissions could cause ...
EUVD-2026-36412
Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the automod add command trims user input but does not reject an empty result. Adding a rule containing only whitespace stores an empty word. The message listener later checks content.includes"", which is always true, causing the bot ...
PT-2026-48859
Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the automod add command trims user input but does not reject an empty result. Adding a rule containing only whitespace stores an empty word. The message listener later checks content.includes"", which is always true, causing the bot ...
CVE-2026-47163
Quest Bot prior to v1.0.1 allowed any guild member who can invoke slash commands to use /automod add, /automod remove, and /automod list due to missing Discord default permission and runtime moderator checks. An attacker could add a rule matching common text and cause the bot to delete other user...
Quest Bot 安全漏洞
Quest Bot is a multi-functional Discord community management robot developed by Duck Organization. Versions of Quest Bot prior to 1.0.5 contained security vulnerabilities. These vulnerabilities stemmed from the AutoMod deletion process not verifying the server to which the rules belong, potential...
CVE-2026-53738
Copy & Delete Posts through 1.5.4 lets any plugin-enabled non-admin role invoke every operation in the cdpactionhandling AJAX handler. Attackers with an enabled role can delete posts or overwrite plugin settings via the f parameter, bypassing per-function capability checks...
TYPO3 CMS 安全漏洞
TYPO3 CMS is a content management system developed under the TYPO3 open source framework. There is a security vulnerability in TYPO3 CMS, which stems from unauthorized backend users having access to write operations on the root directory of active files. This can lead to unauthorized moves,...
CVE-2026-27678
Due to missing authorization checks in the SAP S/4HANA backend OData Service Manage Reference Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and...
CVE-2026-45682 OpenTelemetry eBPF Instrumentation: CappedConcurrentHashMap leaks keys after removals
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the custom CappedConcurrentHashMap introduced for Java TLS state tracking never removes keys from its insertion-order queue when entries are deleted. In long-running...
CVE-2026-33462
A path traversal vulnerability was identified in Kibana's dashboard management functionality. An authenticated user with limited permissions could create a dashboard with a specially crafted identifier. When an administrator subsequently attempts to delete this dashboard through the Kibana...
CVE-2026-33462
A path traversal vulnerability was identified in Kibana's dashboard management functionality. An authenticated user with limited permissions could create a dashboard with a specially crafted identifier. When an administrator subsequently attempts to delete this dashboard through the Kibana...
EUVD-2026-33009
A path traversal vulnerability was identified in Kibana's dashboard management functionality. An authenticated user with limited permissions could create a dashboard with a specially crafted identifier. When an administrator subsequently attempts to delete this dashboard through the Kibana...