1378 matches found
Import XML and RSS Feeds < 2.1.5 - Unauthenticated RCE
The Import XML and RSS Feeds WordPress plugin before 2.1.5 allows unauthenticated attackers to execute arbitrary commands via a web shell. id: CVE-2023-4521 info: name: Import XML and RSS Feeds 2.1.5 - Unauthenticated RCE author: princechaddha severity: critical description: The Import XML and RS...
CVE-2025-3110
OpenVPN Access Server 2.7.2 through 3.1.0 accepts bare line-feed sequences inside HTTP header values, allowing remote attackers to perform HTTP request smuggling when deployed behind a reverse proxy...
CVE-2025-3110
CVE-2025-3110 affects OpenVPN Access Server 2.7.2 through 3.1.0, where the server accepts bare line-feed sequences inside HTTP header values, enabling HTTP request smuggling when deployed behind a reverse proxy. Red Hat’s advisory notes this flaw stems from unstandardized LF handling in HTTP head...
CVE-2026-40140
creationtimestamp| type| source ---|---|--- 2026-07-06 17:22:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpym3v2pgs22 2026-07-06 17:48:42+00:00| seen| https://bsky.app/profile/securityonline.bsky.social/post/3mpynkx35vt2f 2026-07-07 12:25:11+00:00| seen|...
Siemens SENTRON 7KT PAC1261 HTTP Request/Response Smuggling (CVE-2025-22871)
The Go net/http package incorrectly treats a bare line feed LF as a valid line terminator in chunked transfer data. This flaw can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as a line terminator. This plugin only works with...
CVE-2026-27761
Gitea versions up to and including 1.26.2 allow repository RSS and Atom feed endpoints to bypass API access token scope checks, exposing private repository commit data to tokens without the required repository scope...
CVE-2026-27761
Gitea versions up to and including 1.26.2 expose private repository commit data via RSS/Atom feed endpoints by bypassing API access token scope checks. This affects feeds that do not enforce repository scope, allowing tokens without repository scope to access private data. Public references indic...
CVE-2026-27761 Gitea repository feeds bypass API token scope enforcement
Gitea versions up to and including 1.26.2 allow repository RSS and Atom feed endpoints to bypass API access token scope checks, exposing private repository commit data to tokens without the required repository scope...
CVE-2026-27761 Gitea repository feeds bypass API token scope enforcement
Gitea versions up to and including 1.26.2 allow repository RSS and Atom feed endpoints to bypass API access token scope checks, exposing private repository commit data to tokens without the required repository scope...
Linux Distros Unpatched Vulnerability : CVE-2026-56770
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libais through 0.15 VdmStream::AddLine uses an unchecked sentinel value as a vector index when processing AIS sentences with empty or out-of-range sequential...
[SECURITY] Fedora 44 Update: liferea-1.16.12-1.fc44
Liferea Linux Feed Reader is an RSS/RDF feed reader. It's intended to be a clone of the Windows-only FeedReader. It can be used to maintain a list of subscribed feeds, browse through their items, and show their contents...
CVE-2026-56772
NewsBlur before 14.5.0 contains a broken access control vulnerability that allows authenticated users to read private notification feeds by supplying arbitrary userid values to the GET /social/interactions endpoint without ownership verification. Attackers can enumerate userid values to access...
DEBIAN-CVE-2026-56770
libais through 0.15 VdmStream::AddLine uses an unchecked sentinel value as a vector index when processing AIS sentences with empty or out-of-range sequential message IDs. Remote attackers can crash services or vessel systems by sending crafted AIVDM sentences over VHF marine radio or IP feeds,...
CVE-2026-56772 NewsBlur < 14.5.0 - Insecure Direct Object Reference in Social Interactions Endpoint
NewsBlur before 14.5.0 contains a broken access control vulnerability that allows authenticated users to read private notification feeds by supplying arbitrary userid values to the GET /social/interactions endpoint without ownership verification. Attackers can enumerate userid values to access...
EUVD-2026-39525
NewsBlur before 14.5.0 contains a broken access control vulnerability that allows authenticated users to read private notification feeds by supplying arbitrary userid values to the GET /social/interactions endpoint without ownership verification. Attackers can enumerate userid values to access...
CVE-2026-56772
NewsBlur
CVE-2026-48582
creationtimestamp| type| source ---|---|--- 2026-06-19 22:13:36+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116779071246302173 2026-06-19 22:36:47+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3moofqsioi72o 2026-06-22 00:46:30+00:00| seen|...
CVE-2026-50005
Brickcom cameras ship with default credentials that allows any unauthenticated remote attacker to silently access camera feeds...
CVE-2026-50005 Brickcom Cameras Use of Default Credentials
Brickcom cameras ship with default credentials that allows any unauthenticated remote attacker to silently access camera feeds...
CVE-2026-50005 Brickcom Cameras Use of Default Credentials
Brickcom cameras ship with default credentials that allows any unauthenticated remote attacker to silently access camera feeds...