300 matches found
Important: Red Hat Security Advisory: Satellite 6.16.10 Async Update
An update is now available for Red Hat Satellite 6.16 for RHEL 8 and RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
Important: Red Hat Security Advisory: Satellite 6.18.7 Async Update
A new release is now available for Red Hat Satellite 6.18 for RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
CVE-2026-5142 Foreman: foreman: cross-tenant private ssh key disclosure via taxonomy scoping bypass
A flaw was found in foreman. Authenticated users with 'viewkeypairs' permission can bypass taxonomy scoping, allowing them to download private SSH Secure Shell keys from other organizations by directly querying key pair IDs. This vulnerability leads to cross-tenant data exposure in multi-tenant...
SmartSearchWP < 2.4.6 - OpenAI Key Disclosure
The plugin does not have proper authorization in one of its REST endpoint, allowing unauthenticated users to retrieve the encoded key and then decode it, thereby leaking the OpenAI API key. id: CVE-2024-6845 info: name: SmartSearchWP 2.4.6 - OpenAI Key Disclosure author: s4e-io severity: medium...
RHEL 8 : gnutls and libtasn1 (RHSA-2026:30849)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:30849 advisory. The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such a...
Exploit for CVE-2026-53646
███████╗ ██████╗ ███████╗██╗ ██╗██╗██╗ ██╗ ███████...
WordPress Fortis For WooCommerce plugin < 1.3.1 - Sensitive API Key Disclosure vulnerability
Sensitive API Key Disclosure vulnerability discovered by WPScan Team in WordPress Plugin Fortis for WooCommerce versions 1.3.1...
CVE-2026-6895 Wishlist Member <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) API Secret Key Disclosure and Privilege Escalation via 'wlm3_export_settings' AJAX Action
The WishList Member plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Disclosure and Privilege Escalation in versions up to and including 3.30.1. This is due to the missing capability checks in the 'exportsettings' function. This function returns the RES...
CVE-2026-43336
In the Linux kernel, the following vulnerability has been resolved: lib/crypto: chacha: Zeroize permutedstate before it leaves scope Since the ChaCha permutation is invertible, the local variable 'permutedstate' is sufficient to compute the original 'state', and thus the key, even after the...
Exploit for Missing Authentication for Critical Function in Nginxui Nginx_Ui
CVE-2026-27944 + CVE-2026-33032 — nginx-ui Zero-Credential RCE...
CVE-2025-13997 King Addons for Elementor <= 51.1.49 - Unauthenticated API Keys Disclosure
The King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in all versions up to, and including, 51.1.49 due to the plugin adding the API keys to the HTML source code via...
CVE-2026-0115
Technical details for CVE-2026-0115 are not publicly available in the provided documents. Monitor for updates.
GO-2026-4614 Nginx-UI Vulnerable to Unauthenticated Backup Download with Encryption Key Disclosure in github.com/0xJacky/Nginx-UI
Nginx-UI Vulnerable to Unauthenticated Backup Download with Encryption Key Disclosure in github.com/0xJacky/Nginx-UI. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive...
Exploit for CVE-2026-27944
CVE-2026-27944 - Nginx-UI Unauthenticated Backup Download !...
PT-2026-24444
In Trusted Execution Environment, there is a possible key leak due to side channel information disclosure. This could lead to physical information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...
CVE-2025-14864 Virusdie <= 1.1.7 - Missing Authorization to Authenticated (Subscriber+) API Key Disclosure
The Virusdie - One-click website security plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.7. This is due to missing capability checks on the vdgetapikey function which is hooked to wpajaxvirusdieapikey. This makes it possible for...
CVE-2025-14864
CVE-2025-14864 concerns Virusdie – One-click website security (WordPress) up to version 1.1.7. The vulnerability arises from missing capability checks on the vd_get_apikey function, which is hooked to wp_ajax_virusdie_apikey. This allows authenticated attackers with Subscriber-level access and ab...
WordPress Virusdie plugin <= 1.1.7 - Missing Authorization to Authenticated (Subscriber+) API Key Disclosure vulnerability
Missing Authorization to Authenticated Subscriber+ API Key Disclosure vulnerability discovered by Sushi Com Abacate in WordPress Plugin Virusdie versions = 1.1.7...
pgAdmin < 9.12 Command Execution (GHSA-3p7x-94q9-jq9x)
The version of pgAdmin installed on the remote host is prior to 9.12. It is, therefore, affected by command execution vulnerability: - pgAdmin versions prior to 9.12 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performin...
cryptography 安全漏洞
cryptography is an open-source Python encryption library developed by Python Cryptographic Authority. Versions of cryptography prior to 46.0.5 contained security vulnerabilities. These vulnerabilities stemmed from multiple public key-related functions that did not verify whether the point belonge...