3778 matches found
CVE-2026-41860
CWE-326 in BOSH allows a local attacker to steal Basic-auth credentials or redirect UAA token requests via MITM. HttpRequestHelpercreateasyncendpoint and sendhttpgetrequestsynchronous hard-code OpenSSL::SSL::VERIFYNONE, enabling an attacker to intercept traffic between bosh-monitor and the BOSH...
EUVD-2026-34192
CWE-326 in BOSH allows a local attacker to steal Basic-auth credentials or redirect UAA token requests via MITM. HttpRequestHelpercreateasyncendpoint and sendhttpgetrequestsynchronous hard-code OpenSSL::SSL::VERIFYNONE, enabling an attacker to intercept traffic between bosh-monitor and the BOSH...
PT-2026-46133
A network man-in-the-middle between nats-sync and the BOSH director can steal the director credentials Basic auth header or UAA client secret and can tamper with the VM list that is written into the NATS authorization file. Stolen credentials grant administrative director access. UsersSyncbosh ap...
PT-2026-45903
In Vinyl Cache before 9.0.1 and Varnish Cache before 9.0.3, a deficiency in HTTP/2 request parsing can be exploited to launch a backend request desync attack request smuggling, which in turn can be used for cache poisoning, authentication bypass, or possibly even information disclosure and...
Commerce Core - Moderately critical - Cross site scripting - SA-CONTRIB-2026-041
The module doesn't sufficiently sanitize customer comments in the order receipt email template; this could be exploited to achieve Cross-site Scripting XSS. This vulnerability is mitigated by the fact that it only affects installations with Checkout commercecheckout enabled, and the "Comments"...
CVE-2025-5085 wp-nano-ad <= 1.31 - Authenticated (Administrator+) Stored Cross-Site Scripting via blogrole_link Parameter
The WP Nano AD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blogrolelink’ parameter in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2025-5085
The WP Nano AD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blogrolelink’ parameter in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
PT-2026-45698
The WP Nano AD plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blogrole link’ parameter in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2026-9759
A flaw was found in the ROHC dissector in Wireshark. This issue occurs when malformed packets are decoded from a pcap file or the network, causing a NULL pointer dereference, resulting in a denial of service. Mitigation If the ROHC protocol dissector is not being used, it can be disabled via the...
The Plus Addons for Elementor Page Builder < 4.1.7 - Authentication Bypass
The Plus Addons for Elementor plugin before version 4.1.7 allowed attackers to bypass authentication, gain admin access, and create accounts with elevated roles, even when registration was disabled and the Login widget was inactive. id: CVE-2021-24175 info: name: The Plus Addons for Elementor Pag...
CVE-2026-5071 can: Local Denial of Service via SocketCAN Send
The SocketCAN implementation validates the length of a user-provided buffer containing a socketcanframe object using only a NETASSERT statement in zcansendtoctx before dereferencing it in socketcantocanframe. In production builds where assertions are disabled, a userspace application that control...
CVE-2026-5071 can: Local Denial of Service via SocketCAN Send
The SocketCAN implementation validates the length of a user-provided buffer containing a socketcanframe object using only a NETASSERT statement in zcansendtoctx before dereferencing it in socketcantocanframe. In production builds where assertions are disabled, a userspace application that control...
GHSA-8444-4FHQ-FXPQ PraisonAI `deploy --type api` emits a Flask server with authentication disabled by default
Summary CVE-2026-44338 GHSA-6rmh-7xcm-cpxj documents that PraisonAI ships a code-generator praisonai.deploy.api.generateapiservercode that emits a Flask API server with authentication disabled by default. Users who follow the documented quickstart praisonai deploy --type api get a server that: -...
stigmem-node: Auth-disabled deployments may grant broad anonymous access outside loopback
Impact Stigmem nodes configured with authentication disabled could grant the anonymous identity broad read/write/federation capabilities if exposed outside a loopback-only local development environment. Impacted users are operators who intentionally disabled authentication while binding the node ...
GHSA-FP6W-8WPG-74G5 stigmem-node: Auth-disabled deployments may grant broad anonymous access outside loopback
Impact Stigmem nodes configured with authentication disabled could grant the anonymous identity broad read/write/federation capabilities if exposed outside a loopback-only local development environment. Impacted users are operators who intentionally disabled authentication while binding the node ...
GHSA-8CPH-RGR4-G5VJ Parse Server's GraphQL "Did you mean ...?" validation suggestions disclose schema to unauthenticated callers
Impact Parse Server's GraphQL endpoint discloses schema metadata to unauthenticated callers through Did you mean ...? suggestions embedded in GraphQL validation-error messages. An unauthenticated caller who knows only the public application id can iteratively send malformed queries to reconstruct...
PT-2026-45052
Summary CVE-2026-44338 GHSA-6rmh-7xcm-cpxj documents that PraisonAI ships a code-generator praisonai.deploy.api.generate api server code that emits a Flask API server with authentication disabled by default. Users who follow the documented quickstart praisonai deploy --type api get a server that:...
PT-2026-45015
Summary Gotenberg is vulnerable to a remote denial of service in multipart downloadFrom handling. A multipart request containing multiple downloadFrom entries causes concurrent goroutines to write to shared maps without synchronization. This can terminate the process with fatal error: concurrent...
CVE-2025-71304
A flaw was found in the Linux kernel's Smack module. A local user with privileges to modify Smack's Domain of Interpretation DOI values could cause a denial of service. By writing a previously used DOI value to /smack/doi, networking for non-ambient labels becomes disabled. This prevents network...
CVE-2026-44850 Portainer: Bind-mount restriction bypass via HostConfig.Mounts
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer offers an environment-level Disable bind mounts for...