CVE-2026-24117 Rekor affected by Server-Side Request Forgery (SSRF) via provided public key URL

Rekor is a software supply chain transparency log. In versions 1.4.3 and below, attackers can trigger SSRF to arbitrary internal services because /api/v1/index/retrieve supports retrieving a public key via user-provided URL. Since the SSRF only can trigger GET requests, the request cannot mutate...

Linux Distros Unpatched Vulnerability : CVE-2026-23831

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rekor is a software supply chain transparency log. In versions 1.4.3 and below, the entry implementation can panic on attacker-controlled input when...

WordPress Kata Plus Plugin <= 1.4.7 is vulnerable to Cross Site Scripting (XSS)

Software Kata Plus Type Plugin Vulnerable versions = 1.4.7 Fixed in 1.5.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50501 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 710165188cb5 Credits Michael Required privilege Contributor...