13601 matches found
CVE-2026-39951 Cacti: Stored SQL Injection via graph_name_regexp in Reports feature
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a Stored SQL Injection vulnerability through graphnameregexp in the Reports feature. This issue has been fixed in version 1.2.31...
CVE-2026-39951
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a Stored SQL Injection vulnerability through graphnameregexp in the Reports feature. This issue has been fixed in version 1.2.31...
CVE-2026-52978
The CVE-2026-52978 entry concerns the Linux kernel PSP subsystem. The vulnerability arises because certain netlink operations (dev-set and key-rotate) modify shared device state without requiring CAP_NET_ADMIN; access is only checked by psp_dev_check_access() which validates netns membership. The...
Deserialization of Untrusted Data
Overview feast is a Python SDK for Feast Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the ApplyFeatureView handler of registryserver.py, which calls FeatureView.fromproto and deserializes the feature view's embedded user-defined function before the appl...
Astra Linux – Vulnerability in qBittTorrent
All versions of the qBittorrent client up to 4.5.5 use default credentials when the web user interface is enabled. Administrators are not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use the default credentials to authenticate and...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: net: sched: actife: initialize struct tcife to fix KMSAN kernel-infoleak. This issue was fixed by using the syzbot tool to detect and address the KMSAN kernel-infoleak. In tcfifedump, the variable ‘opt’ was partially initialized...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Clear XSTATEBVi in the guest XSAVE state whenever XFDi=1 When loading the guest XSAVE state via KVMSETXSAVE, and when updating XFD in response to a guest WRMSR, the disabled features in XSTATEBV are cleared to ensure tha...
CVE-2026-56121 Feast < 0.63.0 Unauthenticated RCE via ApplyFeatureView gRPC Deserialization
Feast before 0.63.0 contains an unsafe deserialization vulnerability that allows unauthenticated or unauthorized attackers to achieve remote code execution by sending a crafted gRPC request to the registry server. The userdefinedfunction.body field of an OnDemandFeatureView spec is decoded from...
CVE-2026-9619
The Reviews and Rating – Docplanner plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...
CVE-2026-9619
CVE-2026-9619 affects the Reviews and Rating – Docplanner WordPress plugin, vulnerable in all versions up to 1.1.4 due to insufficient authorization checks for an action (sync_reviews AJAX). This allows authenticated users with subscriber-level access and above to trigger outbound scraping, write...
EUVD-2026-38666
The Reviews and Rating – Docplanner plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...
PT-2026-51698
Name of the Vulnerable Software and Affected Versions Reviews and Rating – Docplanner plugin for WordPress versions prior to 1.1.5 Description An authorization bypass exists because the plugin fails to properly verify if a user is authorized to perform specific actions. Authenticated attackers wi...
PT-2026-51837
Name of the Vulnerable Software and Affected Versions Feast versions prior to 0.63.0 Description An unsafe deserialization issue exists in the registry server that allows unauthenticated or unauthorized attackers to achieve remote code execution. By sending a crafted gRPC request, an attacker can...
IBM WebSphere Application Server Liberty 17.0.0.3 < 26.0.0.7 (7277536)
The version of IBM WebSphere Application Server Liberty running on the remote host is affected by a vulnerability as referenced in the 7277536 advisory. - IBM WebSphere Application Server Liberty is affected by an arbitrary file read vulnerability with the restConnector-2.0 feature enabled. CWE:...
CVE-2026-54516
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, POJOPropertiesCollector.renameProperties allows a property with @JsonProperty"renamed" on the getter and @JsonIgnore on the setter to be renamed...
CVE-2026-41579 vulnerabilities
Vulnerabilities for packages: buildah, gpu-operator, sriov-network-device-plugin-fips, prometheus-podman-exporter-fips, sriov-network-device-plugin, k8s-device-plugin-fips, rancher-agent, k8s-device-plugin, node-feature-discovery, podman, buildah-fips, podman-fips, nvidia-container-toolkit,...
GHSA-XJVP-4FHW-GC47 vulnerabilities
Vulnerabilities for packages: buildah, gpu-operator, sriov-network-device-plugin-fips, prometheus-podman-exporter-fips, sriov-network-device-plugin, k8s-device-plugin-fips, rancher-agent, k8s-device-plugin, node-feature-discovery, podman, buildah-fips, podman-fips, nvidia-container-toolkit,...
GHSA-XJVP-4FHW-GC47 vulnerabilities
Vulnerabilities for packages: podman, nvidia-container-toolkit, cadvisor, node-feature-discovery, sriov-network-device-plugin, rancher, rancher-agent, k8s-device-plugin, buildah...
CVE-2026-41579 vulnerabilities
Vulnerabilities for packages: podman, nvidia-container-toolkit, cadvisor, node-feature-discovery, sriov-network-device-plugin, rancher, rancher-agent, k8s-device-plugin, buildah...
PT-2026-51599
Name of the Vulnerable Software and Affected Versions jackson-databind versions 2.21.0 through 2.21.3 jackson-databind versions 3.0.0 through 3.1.3 Description An issue exists in the POJOPropertiesCollector. renameProperties function where a property with @JsonProperty"renamed" on the getter and...