734 matches found
CVE-2026-0285
A server-side request forgery SSRF vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator with network access to the management web interface to make unauthorized requests from the firewall to internal services. The security risk posed by this issue is minimize...
EUVD-2026-42676
A server-side request forgery SSRF vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator with network access to the management web interface to make unauthorized requests from the firewall to internal services. The security risk posed by this issue is minimize...
CVE-2026-0285 PAN-OS: Server-Side Request Forgery Vulnerability in Management Web Interface
A server-side request forgery SSRF vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator with network access to the management web interface to make unauthorized requests from the firewall to internal services. The security risk posed by this issue is minimize...
CVE-2026-0285
A server-side request forgery SSRF vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator with network access to the management web interface to make unauthorized requests from the firewall to internal services. The security risk posed by this issue is minimize...
CVE-2026-0287
Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS® software allow an unauthenticated attacker with network access to cause a denial of service DoS condition by sending specially crafted network traffic to or through a dataplane interface. Repeated attempts to trigger this...
CVE-2026-0934
GitLab Enterprise Edition (GitLab EE) has remediated a privilege‑escalation issue affecting all releases prior to fixed patches: 17.9 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1. An authenticated user with custom role permissions could view, create, or delete protected environment ...
EUVD-2026-38247
Mattermost versions 11.7.x = 11.7.0, 11.6.x = 11.6.2, 11.5.x = 11.5.5, 10.11.x = 10.11.17 fail to invalidate cached authentication state for active WebSocket connections during global session revocation, which allows a user with an existing WebSocket connection to remain authenticated and continu...
CedarJava has policy injection vulnerability
Summary CedarJava is an open source Java implementation of the Cedar policy language, used for fine-grained authorization decisions. Under certain circumstances, improper input handling could allow policy injection. Impact Cedar-expression injection via unescaped toCedarExpr The toCedarExpr metho...
EUVD-2026-36145
A memory corruption vulnerability in the processing of tunnel traffic in Palo Alto Networks PAN-OS® software allows an authenticated user to initiate system reboots using a maliciously crafted packet. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode. Panorama,...
CVE-2026-4916
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with custom role permissions to demote or remove higher-privileged group members due to improper authorization...
CVE-2025-43457 vulnerabilities
Vulnerabilities for packages: openjdk-11-openj9, openjdk-26-openj9, openjdk-17-openj9, openjdk-21-openj9, openjdk-8-openj9, openjdk-25-openj9...
@agent-native/core (>=0.26.5 <=0.47.1), @intlayer/backend (=8.7.0-canary.0) +6 more potentially affected by CVE-2026-45337 via better-auth (>=1.6.0 <=1.6.10)
better-auth NPM version =1.6.0, =0.26.5, =0.0.33, =0.2.0, =1.6.0, =0.1.2, =0.2.0 Source cves: CVE-2026-45337 Source advisory: SNYK:JS-BETTERAUTH-17173857...
0xpay-cc-sdk (>=0.0.8 <=0.1.0), 0xtrails (>=0.0.0-20251106131028 <=0.16.2) +7274 more potentially affected by CVE-2026-44487 via axios (>=1.0.0 <=1.15.2)
axios NPM version =1.0.0, =0.0.8, =0.0.0-20251106131028, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =1.0.0, =0.0.2-beta.0, =8.0.5, =6.1.0, =0.0.0-canary-847463221a9a1bee28641d8c0ecfaca98ee142f6, =0.0.1-alpha.3, =0.0.1-alpha.4 and more Source cves: CVE-2026-44487 Source advisory: SNYK:JS-AXIOS-17172930...
CVE-2026-BetterSQLCipher-RCE
CVE-2026-XXXXX: better-sqlcipher loadExtension Remote Code E...
gov.nasa.pds:registry-mgr-legacy (>=2.3.9 <=2.4.0), io.github.pl-buiquang:spark-solr (=4.1.0) +24 more potentially affected by CVE-2026-44825 via org.apache.solr:solr-core (>=9.4.0 <=9.9.0)
org.apache.solr:solr-core MAVEN version =9.4.0, =2.3.9, =3.0.0, =2.0.0-M1, =2.0.0-M1, =9.4.0, =9.4.0, =9.4.0, =9.8.0, =9.8.0, =9.4.0, =9.4.0, =9.4.0, =9.4.0, =9.4.0, =9.9.0 and more Source cves: CVE-2026-44825 Source advisory: SNYK:JAVA-ORGAPACHESOLR-17139337...
acryl-datahub-airflow-plugin (>=0.8.35.6 <=1.7.0.1rc1), acryl-datahub-airflow-plugin-hcc-patched (>=1.4.0.3.post1 <=1.4.0.3.post2) +464 more potentially affected by CVE-2026-45192 via apache-airflow-core (>=3.0.0 <=3.2.2)
apache-airflow-core PYPI version =3.0.0, =0.8.35.6, =1.4.0.3.post1, =1.0.0, =0.0.9.2, =0.1.0rc0, =0.1.0, =0.1.2, =1.0.1, =0.1.0, =1.0.0, =0.0.1, =0.0.5 and more Source cves: CVE-2026-45192 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-17132595...
@redhat-cloud-services/access-requests-frontend (>=1.2.0 <=1.2.11), @redhat-cloud-services/frontend-components (>=0.0.1 <=7.7.1) +19 more potentially affected by unknown CVE via @redhat-cloud-services/frontend-components-utilities (=7.4.0)
@redhat-cloud-services/frontend-components-utilities NPM version =7.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on @redhat-cloud-services/frontend-components-utilities and may be impacted: - @redhat-cloud-services/access-requests-frontend =1.2.0,...
0xpay-cc-sdk (>=0.0.8 <=0.1.0), 0xtrails (>=0.0.0-20251106131028 <=0.16.2) +7073 more potentially affected by CVE-2026-44495 via axios (>=1.0.0 <=1.15.1)
axios NPM version =1.0.0, =0.0.8, =0.0.0-20251106131028, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =1.0.0, =0.0.2-beta.0, =8.0.5, =6.1.0, =0.0.0-canary-847463221a9a1bee28641d8c0ecfaca98ee142f6, =0.0.1-alpha.3, =0.1.6-alpha.11, =0.1.6-alpha.12 and more Source cves: CVE-2026-44495 Source advisory:...
VulnCheck KEV: CVE-2026-0257
Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted by these issues...
CVE-2026-46818
Vulnerability in the Oracle Payments product of Oracle E-Business Suite component: File Transmission. Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Payments. Successful...