1128 matches found
CVE-2026-56033
Unauthenticated Privilege Escalation in Dokan Pro = 5.0.4 versions...
CVE-2026-56030
Unauthenticated Privilege Escalation in Paytium = 5.0.2 versions...
EUVD-2026-39698
Unauthenticated Multiple Vulnerabilities in BitFire Security = 5.0.3 versions...
EUVD-2026-39696
Unauthenticated Privilege Escalation in Dokan Pro = 5.0.4 versions...
CVE-2026-47733
Rocket.Chat CVE-2026-47733 affects the ImageElement in packages/gazzodown prior to 8.5.0, where user-controlled src values are inserted into and without protocol sanitization. An authenticated user can post markdown images with a javascript: URL that, on older browsers, could execute arbitrary ...
CVE-2026-47733 Rocket.Chat: Missing URL protocol sanitization in ImageElement allows javascript: URLs in markdown images
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, the ImageElement component in packages/gazzodown renders user-controlled src values directly into and attributes without protocol sanitization. Unlike the analogous LinkSpan component — which uses...
EUVD-2026-38684
The WP Latest Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted image src attributes in post content in versions up to, and including, 5.0.11. This is due to insufficient output escaping in the field and loop functions, which extract the raw src attribute value...
WordPress BitFire Security plugin <= 5.0.3 - Multiple Vulnerabilities vulnerability
Multiple Vulnerabilities vulnerability discovered by Aurélien BOURDOIS Elymaro in WordPress Plugin BitFire Security versions = 5.0.3...
CVE-2025-62198
An authenticated user can perform XSS. This issue affects Apache Atlas versions 2.4.0 and earlier. Users are recommended to upgrade to version 2.5.0, which fixes the issue...
Astra Linux – Vulnerability in libpgjava
pgjdbc is an open-source PostgreSQL JDBC Driver. In affected versions, a prepared statement using either PreparedStatement.setTextint, InputStream or PreparedStatemet.setByteaint, InputStream will create a temporary file if the InputStream exceeds 2 kilobytes in size. This temporary file can be...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: ipa: Fixed the issue where the event ring index was not properly programmed for IPA v5.0+. For IPA v5.0+ onwards, the event ring index field has been moved from CHCCNTXT0 to CHCCNTXT1. In IPA v5.0, this field was intended to...
Astra Linux – Vulnerability in Redis
Redis is an open-source, in-memory database that persists data on disk. A integer overflow bug that affects all versions of Redis can be exploited to corrupt the heap and potentially be used to leak arbitrary contents of the heap or trigger remote code execution. The vulnerability involves changi...
CVE-2026-54533
vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, malicious algorithms can potentially access other algorithms input and output files. Version 5.0.0 fixes the issue. As a workaround, verify and restrict the algorithm containers that are allowed to...
CVE-2026-54533 vantage6 node has an Improper Access Control issue
vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, malicious algorithms can potentially access other algorithms input and output files. Version 5.0.0 fixes the issue. As a workaround, verify and restrict the algorithm containers that are allowed to...
CVE-2024-27928 Vantage6: 2FA can be circumvented with hacked email access
vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, if an attacker hacks into a vantage6 user's email account, they can 1 reset the password via email and then 2 reset the 2FA token via email. This way they reduce 2FA to 1FA email access. Note that...
CVE-2026-49780
Customer Privilege Escalation in Dokan = 5.0.2 versions...
EUVD-2026-36903
Subscriber SQL Injection in Taskbuilder = 5.0.7 versions...
EUVD-2026-36897
Customer Privilege Escalation in Dokan = 5.0.2 versions...
PT-2026-49521
Subscriber SQL Injection in Taskbuilder = 5.0.7 versions...
PT-2026-49516
Name of the Vulnerable Software and Affected Versions Dokan versions prior to 5.0.3 Description A privilege escalation issue exists that allows a user with customer privileges to gain higher access levels. Recommendations Update to a version later than 5.0.2...