aratinga (=0.1.0a0.dev3), coop (=7.1.0) +5 more potentially affected by CVE-2026-28223 via wagtail (>=7.1.0 <=7.1.3)

wagtail PYPI version =7.1.0, =1.1.1, =2.0.0, =0.0.1, =7.1.0a1, =7.1.0b0 Source cves: CVE-2026-28223 Source advisory: OSV:GHSA-P4V8-RW59-93CQ...

Improper Validation of Certificate with Host Mismatch

Overview Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch due to the NiFiRegistryHostnameVerifier checking hostnames against subjectAltNames on any certificate in the TLS chain instead of verifying only the leaf/server certificate. An...

GHSA-GQF8-RVRH-G7W6 Rancher cloud credentials can be used through proxy API by users without access

A vulnerability was discovered in Rancher 2.2.0 through the aforementioned patched versions, where cloud credentials weren't being properly validated through the Rancher API. Specifically through a proxy designed to communicate with cloud providers. Any Rancher user that was logged-in and aware o...

Rancher cloud credentials can be used through proxy API by users without access

A vulnerability was discovered in Rancher 2.2.0 through the aforementioned patched versions, where cloud credentials weren't being properly validated through the Rancher API. Specifically through a proxy designed to communicate with cloud providers. Any Rancher user that was logged-in and aware o...

nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections

A flaw was found in NGINX. When NGINX is configured to proxy to upstream Transport Layer Security TLS servers, An attacker with a man-in-the-middle MITM position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response...

CVE-2026-20427

creationtimestamp| type| source ---|---|--- 2026-03-03 09:08:54+00:00| seen| https://www.acn.gov.it/portale/w/rilevate-vulnerabilita-in-prodotti-mediatek-6...

Labkotec LID-3300IP

RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to gain unauthorized control over system operations, leading to disruption of normal functionality and potential safety hazards. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize...

Portwell Engineering Toolkits

RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to escalate privileges or cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:...

Everon OCPP Backends

RISK EVALUATION Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...

Mobiliti e-mobi.hu

RISK EVALUATION Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...

EUVD-2026-9274

The All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.2.5. This makes it possible for unauthenticated attackers to bypass authentication and log in as other users, including administrators...

GHSA-6G25-PC82-VFWP OpenClaw: macOS beta onboarding exposed PKCE verifier via OAuth state

Summary The affected surface is the OpenClaw macOS app onboarding flow, and the macOS app is currently in beta. In that beta onboarding flow, Anthropic OAuth used the PKCE codeverifier value as OAuth state, exposing that secret in front-channel URL state. Affected Packages / Versions - Package:...

OpenClaw: macOS beta onboarding exposed PKCE verifier via OAuth state

Summary The affected surface is the OpenClaw macOS app onboarding flow, and the macOS app is currently in beta. In that beta onboarding flow, Anthropic OAuth used the PKCE codeverifier value as OAuth state, exposing that secret in front-channel URL state. Affected Packages / Versions - Package:...

PT-2026-22794

IBM App Connect Operator versions CD 11.3.0 through 11.6.0 and 12.1.0 through 12.20.0, LTS versions 12.0.0 through 12.0.20, and IBM App Connect Enterprise Certified Containers Operands versions CD 12.0.11.2‑r1 through 12.0.12.5‑r1 and 13.0.1.0‑r1 through 13.0.6.1‑r1, and LTS versions 12.0.12‑r1...

OpenSSH security update for CVE-2025-26465

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. Fo...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : curl vulnerabilities (USN-8062-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8062-1 advisory. It was discovered that curl incorrectly handled cookies when redirected from secure to insecure connections. An attacker could possib...

MiracleLinux 9 : skopeo-1.20.0-3.el9_7 (AXSA:2026-230:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-230:01 advisory. crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 golang: net/url: Memory exhaustio...

PT-2026-22714

Name of the Vulnerable Software and Affected Versions The All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin for WordPress versions through 2.2.5 Description The All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin for WordPress is susceptible to an authentication bypass,...

ALSA-2026:3638 Moderate: nginx:1.24 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections CVE-2026-1642 For more details about the security issues,...

WordPress plugin All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...