81 matches found
PYSEC-2026-774 Apache Airflow Google Provider Improper Input Validation vulnerability
Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0...
ALSA-2026:33743 Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: scsi: target: iscsi: Fix use-after-free in iscsitdecconnusagecount CVE-2026-23216 kernel: gfs2: Fix use-after-free in iomap inline data write path CVE-2026-45984 kernel: RDMA/vmwpvrdma: F...
OPENSUSE-SU-2026:21106-1 Security update for papers
This update for papers fixes the following issues Security issue: - CVE-2026-46529: command injection bsc1265880. Changes for papers: - Update to version 48.10 bsc1265880: - Update to version 48.9 jscPED-15957, bsc1261947: - Bug fixes: - Saved image files are empty - Print dialog says "Manage...
EUVD-2026-37633
Unauthenticated Cross Site Scripting XSS in JetEngine = 3.8.10 versions...
EUVD-2026-32191
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in IniLerm Advanced IP Blocker advanced-ip-blocker allows DOM-Based XSS.This issue affects Advanced IP Blocker: from n/a through = 8.10.7...
CVE-2026-42739
The CVE-2026-42739 affects the WordPress Advanced IP Blocker plugin (
EUVD-2026-29819
Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system...
CVE-2026-44865
Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system...
CVE-2026-44862
The CVE-2026-44862 entry describes SQL injection vulnerabilities in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could inject crafted input into parameters pas...
CVE-2026-40010
Missing invocation of Servlet http web request method changeSessionId after session binding can be exploited for a session fixation attack in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version...
PT-2026-37375
Name of the Vulnerable Software and Affected Versions Apache Wicket versions 8.0.0 through 8.17.0 Apache Wicket version 9.0.0 Apache Wicket versions 10.0.0 through 10.8.0 Description A session fixation attack is possible due to the missing invocation of the Servlet http web request method...
CVE-2026-39562
Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through = 20.8.10...
CVE-2026-4820 IBM Maximo Application Suite was vulnerable to because Cookie ltpatoken2_<workspace_name> was not set with secure flag
IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to th...
CVE-2026-4820
CVE-2026-4820 affects IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10, where authorization tokens or session cookies are not marked with the Secure attribute. This can allow an unauthenticated attacker to steal cookie values by directing users to an http link and monitoring traffic, enablin...
CVE-2026-3057 a54552239 pearProjectApi Backend Task.php dateTotalForProject sql injection
A security flaw has been discovered in a54552239 pearProjectApi up to 2.8.10. Affected is the function dateTotalForProject of the file application/common/Model/Task.php of the component Backend Interface. The manipulation of the argument projectCode results in sql injection. The attack can be...
HPE AOS 安全漏洞
HPE AOS is an operating system from HPE Corporation in the United States. A security vulnerability exists in HPE AOS 10 and HPE AOS 8 that stems from an arbitrary file write vulnerability in the web-based management interface that could lead to the execution of arbitrary commands...
HPE AOS 安全漏洞
HPE AOS is an operating system from HPE Corporation in the United States. A security vulnerability exists in HPE AOS versions 10 and 8, which stems from an arbitrary file upload vulnerability in the web-based management interface that could lead to the execution of arbitrary commands...
Security Bulletin: IBM Maximo Application Suite uses IBM WebSphere Application Server Liberty 25.0.0.8 which is vulnerable to CVE-2025-36000, CVE-2020-36732 and CVE-2025-36124
Summary IBM Maximo Application Suite uses IBM WebSphere Application Server Liberty 25.0.0.8 which is vulnerable to CVE-2025-36000, CVE-2020-36732 and CVE-2025-36124. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-36000...
CVE-2025-12170
The Checkbox plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wpajaxnoprivcheckboxcleanlog' AJAX endpoint in all versions up to, and including, 2.8.10. This makes it possible for unauthenticated attackers to clear log files...
PT-2025-47041
Name of the Vulnerable Software and Affected Versions All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic versions prior to 4.8.10 Description The All in One SEO plugin for WordPress has a flaw that allows unauthorized deletion of media attachments. The issue stems from ...