709 matches found
CVE-2026-57388
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themefic Hydra Booking hydra-booking allows Stored XSS.This issue affects Hydra Booking: from n/a through = 1.1.44...
CVE-2026-57388 WordPress Hydra Booking plugin <= 1.1.44 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themefic Hydra Booking hydra-booking allows Stored XSS.This issue affects Hydra Booking: from n/a through = 1.1.44...
CVE-2026-57388
CVE-2026-57388 describes a Stored XSS vulnerability in Themefic Hydra Booking (WordPress Hydra Booking plugin, hydra-booking) affecting versions up to and including 1.1.44. The root cause is improper neutralization of input during web page generation. Impact is cross-site scripting with low to mo...
MPDV Mikrolab GmbH HYDRA X, MIP 2 & FEDRA 2 - Path Traversal
MPDV Mikrolab GmbH HYDRA X, MIP 2, and FEDRA 2 = Maintenance Pack 36 with Servicepack 8 week 36/2025 contain an unauthenticated local file disclosure vulnerability caused by improper validation of the "Filename" parameter in the public $SCHEMAS$ resource, letting attackers read arbitrary Windows ...
EUVD-2026-42550
The Hydra Booking – Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.2.1 via the /wp-json/hydra-booking/v1/booking/details/id REST endpoint. This is due to the getBookingDetails callback only...
CVE-2026-12433 Hydra Booking <= 1.2.1 - Authenticated (Custom+) Insecure Direct Object Reference to Sensitive Information Exposure via 'booking_id' Parameter
The Hydra Booking – Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.2.1 via the /wp-json/hydra-booking/v1/booking/details/id REST endpoint. This is due to the getBookingDetails callback only...
CVE-2026-12433
The Hydra Booking – Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.2.1 via the /wp-json/hydra-booking/v1/booking/details/id REST endpoint. This is due to the getBookingDetails callback only...
WordPress Hydra Booking plugin <= 1.1.44 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by HaiND in WordPress Plugin Hydra Booking versions = 1.1.44...
Linux Distros Unpatched Vulnerability : CVE-2026-56766
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and...
CVE-2026-56766
A flaw was found in Hydra. A malicious server can exploit a stack buffer overflow vulnerability in the NTLM authentication modules by sending a specially crafted NTLM Type-2 challenge. This can lead to an overflow of a stack buffer, potentially enabling remote code execution on systems that lack...
SUSE CVE-2026-56766
Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an...
OPENSUSE-SU-2026:11131-1 hydra-9.7+git20.gbccaea1-1.1 on GA media
These are all security issues fixed in the hydra-9.7+git20.gbccaea1-1.1 package on the GA media of openSUSE Tumbleweed...
CVE-2026-56766
Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an...
UBUNTU-CVE-2026-56766
Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an...
CVE-2026-56766 Hydra - Stack Buffer Overflow in NTLM Authentication Handler
Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an...
CVE-2026-56766
Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an...
CVE-2026-56766
Hydra before 9.7 contains a stack buffer overflow in the NTLM authentication handler used by SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing crafted NTLM Type-2 challenges. A malicious server can send a long domain in NTLM Type-2, overflowing a 500-byte st...
CVE-2026-42675
Missing Authorization vulnerability in Themefic Hydra Booking allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Hydra Booking: from n/a through 1.1.41...
GHSA-CG87-VWWH-XVGJ vulnerabilities
Vulnerabilities for packages: flux, glab, kubernetes-dashboard, crossplane-provider-azure-storage, argo-cd, minio, hubble, step, opentelemetry-collector, helm, kots, ingress-nginx-controller, prometheus-operator, karpenter, kubernetes, kyverno, zot, prometheus, crossplane-provider-aws-elasticache...
GHSA-5CV4-JP36-H3MW vulnerabilities
Vulnerabilities for packages: flux, glab, kubernetes-dashboard, crossplane-provider-azure-storage, argo-cd, minio, hubble, step, opentelemetry-collector, helm, kots, ingress-nginx-controller, prometheus-operator, karpenter, kubernetes, kyverno, zot, prometheus, crossplane-provider-aws-elasticache...