18 matches found
CVE-2026-5411
The WP Captcha PRO the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 5.38. This is due to a capability check in the saveajax function of the licensing module,...
CVE-2026-5411
The WP Captcha PRO the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 5.38. This is due to a capability check in the saveajax function of the licensing module,...
CVE-2026-47136
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the RustFS console endpoint GET /rustfs/console/license returns parsed license metadata without requiring authentication. The endpoint is registered on the console listener and returns JSON containing license...
CVE-2026-46685
RustFS 1.0.0-beta.2 fixes a CORS bug in the S3 listener. Before the fix, if RUSTFS_CORS_ALLOWED_ORIGINS is unset, ConditionalCorsLayer would echo any Origin back as Access-Control-Allow-Origin and set Access-Control-Allow-Credentials: true and Access-Control-Allow-Headers: *, including preflight ...
CVE-2026-46685 RustFS: Reflective CORS with credentials on S3 listener; unauthenticated license metadata endpoint on console
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, when RUSTFSCORSALLOWEDORIGINS is unset, the RustFS S3 listener's ConditionalCorsLayer reflects any request Origin value back as Access-Control-Allow-Origin and also sets Access-Control-Allow-Credentials: true and...
CVE-2026-46685 RustFS: Reflective CORS with credentials on S3 listener; unauthenticated license metadata endpoint on console
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, when RUSTFSCORSALLOWEDORIGINS is unset, the RustFS S3 listener's ConditionalCorsLayer reflects any request Origin value back as Access-Control-Allow-Origin and also sets Access-Control-Allow-Credentials: true and...
EUVD-2026-32993
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the RustFS console endpoint GET /rustfs/console/license returns parsed license metadata without requiring authentication. The endpoint is registered on the console listener and returns JSON containing license...
CVE-2026-47136 RustFS: Unauthenticated RustFS console license endpoint exposes license metadata
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the RustFS console endpoint GET /rustfs/console/license returns parsed license metadata without requiring authentication. The endpoint is registered on the console listener and returns JSON containing license...
CVE-2026-47136 RustFS: Unauthenticated RustFS console license endpoint exposes license metadata
RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the RustFS console endpoint GET /rustfs/console/license returns parsed license metadata without requiring authentication. The endpoint is registered on the console listener and returns JSON containing license...
CVE-2026-47136
CVE-2026-47136 affects RustFS, a distributed object storage system written in Rust. The issue is an unauthenticated exposure of license metadata via the console endpoint GET /rustfs/console/license, which is accessible to any client that can reach the console listener and returns JSON containing ...
Fedora: Security Advisory (FEDORA-2026-0f099ed388)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 42 : python-ujson (2026-0f099ed388)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-0f099ed388 advisory. Update to 5.12.0. This release updates the license field in the Python metadata and fixes a buffer overflow/infinite loop from indent handling...
Fedora 43 : python-ujson (2026-bf741e26e4)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-bf741e26e4 advisory. Update to 5.12.0. This release updates the license field in the Python metadata and fixes a buffer overflow/infinite loop from indent handling...
EUVD-2021-14414
Malware in sbrugna...
BIT-VAULT-2021-27668
HashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed the read of license metadata from DR secondaries without authentication. Fixed in 1.6.3...
CVE-2021-27668
HashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed the read of license metadata from DR secondaries without authentication. Fixed in 1.6.3...
HashiCorp Vault 访问控制错误漏洞
Hashicorp HashiCorp Vault is a private key access management tool from the US-based Hashicorp. An Access Control Error vulnerability exists in HashiCorp Vault Enterprise that stems from the product's lack of privilege validation when reading license metadata from DR secondaries. An attacker could...
PT-2021-17594 · Hashicorp · Hashicorp Vault Enterprise
Name of the Vulnerable Software and Affected Versions: HashiCorp Vault Enterprise versions 0.9.2 through 1.6.2 Description: The issue allows the read of license metadata from DR secondaries without authentication. Recommendations: For HashiCorp Vault Enterprise versions 0.9.2 through 1.6.2, updat...