PT-2026-24217

Name of the Vulnerable Software and Affected Versions Siemens PLCs affected versions not specified Description The software does not properly sanitize the contents of trace files. This could allow an attacker to inject code by socially engineering a legitimate user to import a specially crafted...

PT-2026-24176

Name of the Vulnerable Software and Affected Versions The Events Calendar plugin for WordPress versions prior to 6.15.18 Description The Events Calendar plugin for WordPress is susceptible to a Path Traversal issue in versions up to and including 6.15.17. This allows authenticated attackers with...

Siemens SIMATIC S7-1500 Device Stored Cross-Site Scripting Vulnerability

SIMATIC S7-1500 is an industrial controller from Siemens. A stored cross-site scripting vulnerability exists in the Siemens SIMATIC S7-1500, which can be exploited by an attacker to inject code by tricking a legitimate user into importing a specially crafted trace file in a web interface...

EUVD-2026-10370

Misskey is an open source, federated social media platform. All Misskey servers running versions 10.93.0 and later, but prior to 2026.3.1, contain a vulnerability that allows importing other users' data due to lack of ownership validation. The impact of this vulnerability is estimated to be...

CVE-2026-28433

Misskey CVE-2026-28433 affects servers running 10.93.0 and later, before 2026.3.1, where importing other users’ data is possible due to lack of ownership validation in the import process. The vulnerability’s impact is described as relatively low (confidentiality impact LOW; requires the target fi...

CVE-2026-28433 Misskey lacks resource ownership validation

Misskey is an open source, federated social media platform. All Misskey servers running versions 10.93.0 and later, but prior to 2026.3.1, contain a vulnerability that allows importing other users' data due to lack of ownership validation. The impact of this vulnerability is estimated to be...

EUVD-2026-10369

Misskey is an open source, federated social media platform. All Misskey servers running versions 10.93.0 and later, but prior to 2026.3.1, contain a vulnerability that allows importing other users' data due to lack of ownership validation. The impact of this vulnerability is estimated to be...

CVE-2026-28433 Misskey lacks resource ownership validation

Misskey is an open source, federated social media platform. All Misskey servers running versions 10.93.0 and later, but prior to 2026.3.1, contain a vulnerability that allows importing other users' data due to lack of ownership validation. The impact of this vulnerability is estimated to be...

CVE-2026-28433 Misskey lacks resource ownership validation

Misskey is an open source, federated social media platform. All Misskey servers running versions 10.93.0 and later, but prior to 2026.3.1, contain a vulnerability that allows importing other users' data due to lack of ownership validation. The impact of this vulnerability is estimated to be...

CVE-2026-28433

Misskey is an open source, federated social media platform. All Misskey servers running versions 10.93.0 and later, but prior to 2026.3.1, contain a vulnerability that allows importing other users' data due to lack of ownership validation. The impact of this vulnerability is estimated to be...

CVE-2026-30832

Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.4, an authenticated SSH user can force the server to make HTTP requests to internal/private IP addresses by running repo import with a crafted --lfs-endpoint URL. The initial batch request is...

Linux Distros Unpatched Vulnerability : CVE-2026-23925

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authenticated Zabbix user User role with template/host write permissions is able to create objects via the configuration.import API. This can lead to...

PT-2026-24122

Name of the Vulnerable Software and Affected Versions Misskey versions 10.93.0 through 2026.3.0 Description Misskey is a federated social media platform. A flaw exists that allows importing data belonging to other users because of insufficient ownership validation. The potential impact is...

CVE-2026-30844

Wekan is an open source kanban tool built with Meteor. Versions 8.32 and 8.33 are vulnerable to Server-Side Request Forgery SSRF via attachment URL loading. During board import in Wekan, attachment URLs from user-supplied JSON data are fetched directly by the server without any URL validation or...

CVE-2026-30832 Soft Serve: SSRF via unvalidated LFS endpoint in repo import

Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.4, an authenticated SSH user can force the server to make HTTP requests to internal/private IP addresses by running repo import with a crafted --lfs-endpoint URL. The initial batch request is...

CVE-2026-30832

CVE-2026-30832 — Soft Serve : A authenticated SSH user could force the server to perform HTTP requests to internal/private IPs by importing a crafted --lfs-endpoint URL, enabling access to internal targets. The initial batch request is blind and metadata endpoint parsing may not yield valid LFS J...

CVE-2026-30832 Soft Serve: SSRF via unvalidated LFS endpoint in repo import

Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.4, an authenticated SSH user can force the server to make HTTP requests to internal/private IP addresses by running repo import with a crafted --lfs-endpoint URL. The initial batch request is...

CVE-2026-30832 Soft Serve: SSRF via unvalidated LFS endpoint in repo import

Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.4, an authenticated SSH user can force the server to make HTTP requests to internal/private IP addresses by running repo import with a crafted --lfs-endpoint URL. The initial batch request is...

CVE-2026-28507

Idno is a social publishing platform. Prior to version 1.6.4, there is a remote code execution vulnerability via chained import file write and template path traversal. This issue has been patched in version 1.6.4...

CVE-2026-28680

Ghostfolio is an open source wealth management software. Prior to version 2.245.0, an attacker can exploit the manual asset import feature to perform a full-read SSRF, allowing them to exfiltrate sensitive cloud metadata IMDS or probe internal network services. This issue has been patched in...