CVE-2026-42279

solidtime is an open-source time-tracking app. In version 0.12.0, the PUT /api/v1/organizations/organization/time-entries/timeEntry API accepts a route-bound timeEntry from another organization when the caller has time-entries:update:all in the URL organization, allowing a known foreign time-entr...

solidtime 安全漏洞

Solidtime is an open-source time tracking application developed by Solidtime developers. Version 0.12.0 of Solidtime contains a security vulnerability. This vulnerability stems from the fact that the PUT /api/v1/organizations/organization/time-entries/timeEntry API accepts routing bindings for...

WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin <= 9.1.9 - Missing Authorization to Unauthenticated Arbitrary Form Entry Modification via nf_set_entry_update_id vulnerability

WordPress NEX-Forms - Ultimate Forms Plugin for WordPress plugin = 9.1.9 - Missing Authorization to Unauthenticated Arbitrary Form Entry Modification via nfsetentryupdateid vulnerability discovered by Youssef Elouaer in WordPress Plugin NEX-Forms versions = 9.1.9...

CVE-2026-1947 NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.9 - Missing Authorization to Unauthenticated Arbitrary Form Entry Modification via nf_set_entry_update_id

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 9.1.9 via the submitnexform function due to missing validation on a user controlled key. This makes it possible for unauthenticated...

CVE-2026-1947 NEX-Forms – Ultimate Forms Plugin for WordPress <= 9.1.9 - Missing Authorization to Unauthenticated Arbitrary Form Entry Modification via nf_set_entry_update_id

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 9.1.9 via the submitnexform function due to missing validation on a user controlled key. This makes it possible for unauthenticated...

SUSE SLES12 Security Update : busybox (SUSE-SU-2026:0892-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0892-1 advisory. - CVE-2023-42363: use-after-free vulnerability in xasprintf function in xfuncsprintf.c bsc1217580. - CVE-2023-42364: use-after-free in the awk....

EUVD-2002-0731

Malware in sbrugna...

EUVD-2015-1963

Malware in sbrugna...

Moderate: Red Hat Security Advisory: krb5 security update

An update for krb5 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

krb5 security update

1.18.2-31.0.1 - Fixed race condition in krb5setpassword Orabug: 33609767 1.18.2-31 - Prevent overflow when calculating ulog block size CVE-2025-24528 Resolves: RHEL-78248 - kdb5util: fix DB entry flags on modification Resolves: RHEL-56060...

SUSE CVE-2015-1854

389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call...

DEBIAN-CVE-2015-1854

389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call...

389-ds-base: access control bypass with modrdn

A flaw was found in the way Red Hat Directory Server performed authorization of modrdn operations. An unauthenticated attacker able to issue an ldapmodrdn call to the directory server could use this flaw to perform unauthorized modifications of entries in the directory server...