733 matches found
2026-05 Dynamic Cumulative Update for Windows 10 Version 21H2 for ARM64-based Systems (KB5087544)
2026-05 Dynamic Cumulative Update for Windows 10 Version 21H2 for ARM64-based Systems KB5087544...
CVE-2026-42051
Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, the system API endpoint leaks license data and installed version to authenticated users. This issue has been patched in versions 4.9.0 and 5.4.0...
CVE-2022-50954
creationtimestamp| type| source ---|---|--- 2026-05-10 14:48:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mliywj5zzg2i...
CVE-2026-42174
Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, user avatar creation, replacement and deletion are not gated by user update permissions. This issue has been patched in versions 4.9.0 and 5.4.0...
EUVD-2026-28890
Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, user avatar creation, replacement and deletion are not gated by user update permissions. This issue has been patched in versions 4.9.0 and 5.4.0...
CVE-2026-42174 Kirby: User avatar creation, replacement and deletion are not gated by user update permissions
Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, user avatar creation, replacement and deletion are not gated by user update permissions. This issue has been patched in versions 4.9.0 and 5.4.0...
CVE-2026-42051 Kirby: System API endpoint leaks license data and installed version to authenticated users
Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, the system API endpoint leaks license data and installed version to authenticated users. This issue has been patched in versions 4.9.0 and 5.4.0...
CVE-2026-42051 Kirby: System API endpoint leaks license data and installed version to authenticated users
Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, the system API endpoint leaks license data and installed version to authenticated users. This issue has been patched in versions 4.9.0 and 5.4.0...
Cross-site Request Forgery (CSRF)
Overview jupyterhub is a JupyterHub: A multi-user server for Jupyter notebooks Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the handling of HTTP form endpoints when requests with the Sec-Fetch-Mode: no-cors header are incorrectly treated as same-origin,...
CVE-2026-28510
eLabFTW is an open source electronic lab notebook. In elabftw versions through 5.4.1, the login flow did not reliably preserve the multi-factor authentication state across authentication steps. Under certain conditions, an attacker with valid primary credentials could complete authentication with...
CVE-2026-28510 elabftw allows MFA bypass during login
eLabFTW is an open source electronic lab notebook. In elabftw versions through 5.4.1, the login flow did not reliably preserve the multi-factor authentication state across authentication steps. Under certain conditions, an attacker with valid primary credentials could complete authentication with...
eLabFTW 安全漏洞
eLabFTW is an open-source experimental data hosting platform developed by eLabFTW. This platform runs on the Linux system and supports the storage of various types of objects. Versions of eLabFTW 5.4.1 and earlier contain security vulnerabilities. These vulnerabilities stem from the login process...
Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.4-2026-120 (ALASKERNEL-5.4-2026-120)
The version of kernel installed on the remote host is prior to 5.4.302-223.469. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2026-120 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject too-short...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization in the process for managing user avatars due to insufficient authorization checks. An attacker can gain unauthorized access to create, replace, or delete user avatars by leveraging file permissions without the...
Oracle Linux 8 : libxml2 (ELSA-2026-11349)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-11349 advisory. - Fix CVE-2025-9714 RHEL-119279 - Fix CVE-2025-32415 RHEL-100177 - Fix CVE-2025-7425 RHEL-102797 - Fix CVE-2025-6021 RHEL-96498 - Fix CVE-2025-49794 RHEL-96398...
CVE-2026-6741 LatePoint <= 5.4.1 - Authenticated (Agent+) Privilege Escalation to Administrator via 'connect-customer-to-wp-user' Ability
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 5.4.1. This is due to a missing authorization check in the execute method of the connect-customer-to-wp-user ability, which only requires...
JLSEC-2026-190
A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp up to 5.4.3. This issue affects the function aiString::Set in the library include/assimp/types.h of the component File Handler. The manipulation leads to heap-based buffer overflow. It is possibl...
JLSEC-2026-188
Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.3 allows a local attacker to execute arbitrary code by importing a specially crafted file into the product...
OESA-2026-2057 assimp security update
Assimp is a library to load and process geometric scenes from various data formats. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems of any kind, but is not limited to this purpose. Security Fixes: A vulnerability classified as critic...
CVE-2026-35587
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, a Server-Side Request Forgery SSRF vulnerability exists in the Glances IP plugin due to improper validation of the publicapi configuration parameter. The value of publicapi is used directly in outbound HTTP...