Kibana Fleet 8.19.16, 9.3.5, and 9.4.2 Security Update (ESA-2026-38)

Improper Input Validation in Kibana Fleet Leading to Privilege Escalation Improper Input Validation CWE-20 in the Kibana Fleet agent policy management feature can lead to privilege escalation. An authenticated user with Fleet management privileges can manipulate agent policy configuration by...

CVE-2026-26938 Improper Neutralization of Special Elements Used in a Template Engine in Kibana Workflows Leading to Server-Side Request Forgery (SSRF)

Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 exists in Workflows in Kibana which could allow an attacker to read arbitrary files from the Kibana server filesystem, and perform Server-Side Request Forgery SSRF via Code Injection CAPEC-242. This requires an...

CVE-2025-54856

Movable Type contains a stored cross-site scripting vulnerability in Edit ContentData page. If crafted input is stored by an attacker with "ContentType Management" privilege, an arbitrary script may be executed on the web browser of the user who accesses Edit ContentData page...

CVE-2025-54856

Movable Type is affected by a stored XSS in Edit ContentData (CVE-2025-54856). Exploitation requires input stored by a user with ContentType Management privileges, leading to script execution in the browser of users who access the Edit ContentData page. The issue is confirmed in multiple advisori...

EUVD-2018-19663

Malware in sbrugna...

EUVD-2018-19662

Malware in sbrugna...

EUVD-2018-19615

Malware in sbrugna...

EUVD-2018-19614

Malware in sbrugna...

EUVD-2018-19616

Malware in sbrugna...

EUVD-2025-14376

Malicious code in bioql PyPI...

EUVD-2021-7156

Malicious code in bioql PyPI...

EUVD-2022-38142

Malicious code in bioql PyPI...

EUVD-2023-51932

Malicious code in bioql PyPI...

EUVD-2023-46413

Malicious code in bioql PyPI...

EUVD-2024-36908

Malicious code in bioql PyPI...

CVE-2023-32696

CKAN is an open-source data management system for powering data hubs and data portals. Prior to versions 2.9.9 and 2.10.1, the ckan user equivalent to www-data owned code and configuration files in the docker container and the ckan user had the permissions to use sudo. These issues allowed for co...

sudo security update

CentOS Errata and Security Advisory CESA-2019:3197 An update for sudo is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Authentication flaw

An unsafe authentication interface was discovered in Smart Battery A4, a multifunctional portable charger, firmware version ?= r1.7.9 . An attacker can bypass authentication without modifying device file and gain web page management privilege...

CVE-2019-15069

CVE-2019-15069 affects Smart Battery A4 via an unsafe authentication interface in firmware versions up to r1.7.9. An attacker can bypass authentication and obtain web page management privileges without modifying device files. The CVE is corroborated by multiple sources in the connected set (NVD e...

CVE-2018-7950

The iBMC Intelligent Baseboard Management Controller of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to...