10564 matches found
Important: Red Hat Security Advisory: compat-openssl11 security update
An update for compat-openssl11 is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...
CVE-2026-57740 WordPress AcyMailing SMTP Newsletter plugin <= 10.11.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AcyMailing SMTP Newsletter: from n/a through = 10.11.1...
CVE-2026-9597 Deactivated guest accounts can authenticate via magic-link token in Mattermost REST API login endpoint
Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4 fail to verify whether a guest account is deactivated before creating a session in the magic-link token login path, which allows a deactivated guest user to obtain a fully functional session via a magic-link token issued prior to deactivation...
ROOT-OS-DEBIAN-11-CVE-2025-14104 CVE-2025-14104 in rootio-util-linux - Patched by Root
Root has patched CVE-2025-14104 in the rootio-util-linux package for Root:Debian:11. Multiple fixed versions available...
ROOT-OS-DEBIAN-11-CVE-2024-8176 CVE-2024-8176 in rootio-expat - Patched by Root
Root has patched CVE-2024-8176 in the rootio-expat package for Root:Debian:11. Multiple fixed versions available...
ROOT-OS-DEBIAN-11-CVE-2026-32778 CVE-2026-32778 in rootio-expat - Patched by Root
Root has patched CVE-2026-32778 in the rootio-expat package for Root:Debian:11. Multiple fixed versions available...
ROOT-OS-DEBIAN-11-CVE-2026-32776 CVE-2026-32776 in rootio-expat - Patched by Root
Root has patched CVE-2026-32776 in the rootio-expat package for Root:Debian:11. Multiple fixed versions available...
ROOT-OS-DEBIAN-11-CVE-2026-24515 CVE-2026-24515 in rootio-expat - Patched by Root
Root has patched CVE-2026-24515 in the rootio-expat package for Root:Debian:11. Multiple fixed versions available...
ROOT-OS-DEBIAN-11-CVE-2026-25210 CVE-2026-25210 in rootio-expat - Patched by Root
Root has patched CVE-2026-25210 in the rootio-expat package for Root:Debian:11. Multiple fixed versions available...
ROOT-OS-DEBIAN-11-CVE-2024-28757 CVE-2024-28757 in rootio-expat - Patched by Root
Root has patched CVE-2024-28757 in the rootio-expat package for Root:Debian:11. Multiple fixed versions available...
ROOT-OS-DEBIAN-11-CVE-2026-32777 CVE-2026-32777 in rootio-expat - Patched by Root
Root has patched CVE-2026-32777 in the rootio-expat package for Root:Debian:11. Multiple fixed versions available...
ROOT-OS-DEBIAN-11-CVE-2026-45186 CVE-2026-45186 in rootio-expat - Patched by Root
Root has patched CVE-2026-45186 in the rootio-expat package for Root:Debian:11. Multiple fixed versions available...
PT-2026-57920
Name of the Vulnerable Software and Affected Versions HedgeDoc versions prior to 1.11.0 Description The GitHub Gist export flow fails to properly validate the OAuth2 state value, checking only for its presence instead of verifying it against the user session. This allows an attacker to forge a...
CVE-2026-59161
Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the streaming worksheet reader used by Rows and GetRows does not enforce the TotalRows limit on the row r attribute, allowing a small XLSX file with a row number above 1048576 and no cell...
EUVD-2026-42937
Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, Excelize parses shared-string cell values with strconv.Atoi and checks only the upper bound before indexing the shared string slice, allowing an XLSX file containing a shared-string cell with ...
CVE-2026-59162 Excelize: Negative shared-string index causes panic in GetCellValue and GetRows
Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, Excelize parses shared-string cell values with strconv.Atoi and checks only the upper bound before indexing the shared string slice, allowing an XLSX file containing a shared-string cell with ...
EUVD-2026-42721
An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine PFE of Juniper Networks Junos OS on MX Series allows adjacent subscribers to bypass configured firewall filters. On MX Series devices with MPC10/11, LC4800/9600, and MX304 with subscribers...
Kibana 7.x < 7.17.15 / 8.x < 8.11.1 Log Injection (ESA-2026-53)
The version of Kibana installed on the remote host is 7.x prior to 7.17.15 or 8.x prior to 8.11.1. It is, therefore, affected by a log injection vulnerability: - Improper Output Neutralization for Logs CWE-117 in Kibana can lead to log injection. An attacker can supply specially crafted input tha...
CVE-2026-53987
GLPI 11 before 2.14.4 is affected by a stored XSS in the Tag plugin's Kanban badge rendering. The Tag plugin stores tag names without HTML sanitization and injects them into Kanban badges via PluginTagTag::preKanbanContent(), without escaping output. An authenticated user with TAG MANAGEMENT crea...
micrometer-core: micrometer-jetty11: micrometer-jetty12: Micrometer: Denial of Service via specially crafted HTTP requests
A flaw was found in Micrometer. A remote attacker can provide specially crafted HTTP requests, which may lead to a denial-of-service DoS condition. This vulnerability allows an attacker to disrupt the availability of the affected system...