613 matches found
CVE-2026-49284
The CVE affects SimpleSAMLphp SP: the ACS path permits a response from an unexpected IdP when an unsigned Response/InResponseTo combines with a signed assertion lacking SubjectConfirmationData/InResponseTo. A response from IdP B can be bound to SP state created for IdP A, allowing bypass of IdP-s...
2026-07 Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 R2 for x64 (KB5102205)
2026-07 Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 R2 for x64 KB5102205...
openSUSE 16 Security Update : tiff (openSUSE-SU-2026:21289-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:21289-1 advisory. This update for tiff fixes the following issues - CVE-2026-12912: heap-based buffer overflow when processing crafted PixarLog-compressed TIFF...
CVE-2026-57415
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Codemenschen Gift Vouchers gift-voucher allows Stored XSS.This issue affects Gift Vouchers: from n/a through = 4.7.0...
CVE-2026-57810
CVE-2026-57810 describes a SQL injection in the WordPress plugin APIExperts Square for WooCommerce (woosquare), affecting versions up to and including 4.7.4. The vulnerability is characterized as blind SQL injection due to improper neutralization of special elements in SQL queries. The provided d...
CVE-2026-57415 WordPress Gift Vouchers plugin <= 4.7.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Codemenschen Gift Vouchers gift-voucher allows Stored XSS.This issue affects Gift Vouchers: from n/a through = 4.7.0...
WordPress APIExperts Square for WooCommerce plugin <= 4.7.4 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Averon Averenkov in WordPress Plugin APIExperts Square for WooCommerce versions = 4.7.4...
CVE-2026-59731
Astro is a web framework for content-driven websites. Version 6.4.7 performs authorization decisions on a partially decoded pathname after reaching the iterative URL decoder limit, while later rewrite route matching performs an additional decodeURI operation and can resolve the request to a...
PT-2026-56131
Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.471 Description Terminal websocket bootstrap routes only verify authentication but fail to enforce terminal authorization. This allows a low-privileged team member to connect to these routes and execute...
CVE-2026-42148
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, the buildHelperImage method in app/Livewire/Settings/Index.php constructs a Docker build command using the devhelperversion field without shell escaping, allowing an attack...
OESA-2026-2836 libtiff security update
This provides support for the Tag Image File Format TIFF, a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libtiff...
OESA-2026-2834 libtiff security update
This provides support for the Tag Image File Format TIFF, a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libtiff...
CVE-2021-4447
creationtimestamp| type| source ---|---|--- 2026-07-05 19:07:09+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mpwbilun7q2i...
MINI-GWHV-5247-XMGH
Bulletin has no description...
CVE-2026-57690
Unauthenticated Cross Site Request Forgery CSRF in Werkstatt = 4.7.2 versions...
CVE-2026-57689
Subscriber Broken Access Control in Werkstatt = 4.7.2 versions...
CVE-2026-57689
The CVE-2026-57689 entry concerns the WordPress Werkstatt theme (versions up to 4.7.2) with a Broken Access Control flaw. Affected component: Werkstatt WordPress theme; root cause: broken access control mechanisms in version <= 4.7.2. Impact: unauthorized access to restricted functionality, as...
PT-2026-55031
Unauthenticated Cross Site Request Forgery CSRF in Werkstatt = 4.7.2 versions...
PT-2026-55030
Subscriber Broken Access Control in Werkstatt = 4.7.2 versions...
CVE-2026-34597
CVE-2026-34597 affects Coolify prior to 4.0.0-beta.470. The vulnerability lies in how user-supplied build parameters for the Nixpacks build pack are handled: the install_command provided by a user is directly concatenated into a shell command string executed on the deployment host during the buil...