4 matches found
CVE-2026-41130
Craft CMS is a content management system CMS. In versions on the 4.x branch through 4.17.8 and the 5.x branch through 5.9.14, the resource-js endpoint in Craft CMS allows unauthenticated requests to proxy remote JavaScript resources. When trustedHosts is not explicitly restricted default...
CVE-2026-41130
Craft CMS is a content management system CMS. In versions on the 4.x branch through 4.17.8 and the 5.x branch through 5.9.14, the resource-js endpoint in Craft CMS allows unauthenticated requests to proxy remote JavaScript resources. When trustedHosts is not explicitly restricted default...
CVE-2026-5483
CVE-2026-5483 – Odh-dashboard component in Red Hat OpenShift AI has a flaw that allows disclosure of Kubernetes Service Account tokens through a NodeJS endpoint, enabling potential unauthorized access to Kubernetes resources. Affected product: Red Hat OpenShift AI (odh-dashboard). Root cause: inf...
CVE-2026-34392
LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 20.0.0 to before 27.0.3 and 28.0.1, a bug in the static file router can allow an attacker to traverse outside of the intended directory...