2252 matches found
Ocean Extra <= 2.4.6 - Unauthenticated Shortcode Execution
The Ocean Extra plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.4.6. This is due to the software allowing users to supply arbitrary shortcodes in the contentrechdata parameter that is then executed. This makes it possible for...
Emerson Dixell XWEB-500 - Arbitrary File Write
Emerson Dixell XWEB-500 contains an arbitrary file write caused by unauthenticated access to /cgi-bin/logoextraupload.cgi, /cgi-bin/calsave.cgi, and /cgi-bin/loutils.cgi, letting attackers write any file on the system, exploit requires no authentication. id: CVE-2021-45420 info: name: Emerson...
WordPress Ocean Extra <1.9.5 - Cross-Site Scripting
WordPress Ocean Extra plugin before 1.9.5 contains a cross-site scripting vulnerability. The plugin does not escape generated links which are then used when the OceanWP theme is active. id: CVE-2021-25104 info: name: WordPress Ocean Extra 1.9.5 - Cross-Site Scripting author: Akincibor severity:...
SUSE-SU-2026:2257-1 Security update for salt
This update for salt fixes the following issue: Security issues fixed: - CVE-2026-31958: python-tornado: parsing large multipart bodies with many parts can cause a denial of service bsc1259554. Other updates and bugfixes: - Use non vendored Tornado with Python 3.11 bsc1257583, bsc1259700 - Harden...
SUSE-SU-2026:2256-1 Security update for salt
This update for salt fixes the following issue: Security issues fixed: - CVE-2026-31958: python-tornado: parsing large multipart bodies with many parts can cause a denial of service bsc1259554. Other updates and bugfixes: - Use non vendored Tornado with Python 3.11 bsc1257583, bsc1259700 - Harden...
SUSE-SU-2026:2255-1 Security update 5.0.8 for Multi-Linux Manager Salt Bundle
This update fixes the following issues: venv-salt-minion: - Security issues fixed: - CVE-2026-31958: tornado: Fixed parsing large multipart bodies with many parts can cause a denial of service bsc1259554 - CVE-2026-27459: pyOpenSSL: Fixed issue with large cookie value that can lead to a buffer...
SUSE-SU-2026:2252-1 Security update for salt
This update for salt fixes the following issue: Security issues fixed: - CVE-2026-31958: python-tornado: parsing large multipart bodies with many parts can cause a denial of service bsc1259554. Other updates and bugfixes: - Use non vendored Tornado with Python 3.11 bsc1257583, bsc1259700 - Harden...
Security update 5.0.8 for Multi-Linux Manager Salt Bundle
This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2026-31958: tornado: Fixed parsing large multipart bodies with many parts can cause a denial of service bsc1259554 CVE-2026-27459: pyOpenSSL: Fixed issue with large cookie value that can lead to a buffer overflow...
Security update 5.0.8 for Multi-Linux Manager Salt Bundle
This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2026-31958: tornado: Fixed parsing large multipart bodies with many parts can cause a denial of service bsc1259554 CVE-2026-27459: pyOpenSSL: Fixed issue with large cookie value that can lead to a buffer overflow...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.21 CNF vRAN extras topology aware lifecycle manager update
An update for topology-aware-lifecycle manager is available for Red Hat OpenShift Container Platform 4.21. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the...
CVE-2026-10719
Out of bounds write in openSeaChest’s --showSupportedFormats in Seagate’s openSeaChest v25.05.3 on all supported platforms allows for writing 1 extra byte outside of allocated memory which sets a value to 1 via a maliciously crafted NVMe device with a bogus value in the namespace FLBAS byte...
EUVD-2026-33803
In multiple locations, there is a possible misleading UI due to obfuscation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2026-45871
Name of the Vulnerable Software and Affected Versions openSeaChest version 26.03.0 Description An out of bounds write occurs during the Trim/Unmap operation in openSeaChest. This issue allows for writing 16 bytes of extra memory outside of the allocated space when describing a range of Logical...
CVE-2026-0093
In multiple locations, there is a possible misleading UI due to obfuscation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-0093
Technical details for CVE-2026-0093 are not publicly available in the provided documents (no affected products, fixes, or exploit info). Monitor for updates from official sources.
CVE-2026-0056
In setTo of ResourceTypes.cpp, there is a possible read out of bounds due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
PYSEC-2026-173
A bug in the GET /api/v2/connections/connectionid REST API endpoint in Apache Airflow allowed an authenticated UI/API user with Connection-read permission to retrieve secrets stored in a Connection's extra JSON blob under field names not present in the redaction allowlist DEFAULTSENSITIVEFIELDS —...
PYSEC-2026-173
A bug in the GET /api/v2/connections/connectionid REST API endpoint in Apache Airflow allowed an authenticated UI/API user with Connection-read permission to retrieve secrets stored in a Connection's extra JSON blob under field names not present in the redaction allowlist DEFAULTSENSITIVEFIELDS —...
CVE-2026-45192
A bug in the GET /api/v2/connections/connectionid REST API endpoint in Apache Airflow allowed an authenticated UI/API user with Connection-read permission to retrieve secrets stored in a Connection's extra JSON blob under field names not present in the redaction allowlist DEFAULTSENSITIVEFIELDS —...
CVE-2026-45192 Apache Airflow: Incomplete Redaction of Sensitive Fields in Connection Extra API Response
A bug in the GET /api/v2/connections/connectionid REST API endpoint in Apache Airflow allowed an authenticated UI/API user with Connection-read permission to retrieve secrets stored in a Connection's extra JSON blob under field names not present in the redaction allowlist DEFAULTSENSITIVEFIELDS —...