19537 matches found
CVE-2026-6245
A flaw was found in the System Security Services Daemon SSSD. The pampasskeychildreaddata function within the PAM passkey responder fails to properly handle raw bytes received from a pipe. Because the data is treated as a NUL-terminated C string without explicit termination, it results in an...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the query plugin. An attacker can gain unauthorized access to resources belonging to other organizations by executing VQL queries with their current ACL token, thereby inheriting their permissions across...
CVE-2026-6383
A flaw was found in KubeVirt's Role-Based Access Control RBAC evaluation logic. The authorization mechanism improperly truncates subresource names, leading to incorrect permission evaluations. This allows authenticated users with specific custom roles to gain unauthorized access to subresources,...
CVE-2026-33214
Weblate CVE-2026-33214 affects Weblate versions before 5.17 where the translation memory API exposed unintended endpoints and did not enforce proper access control. The underlying issue is improper access control in the memory API, potentially allowing unauthorized access to memory-related functi...
CVE-2026-2332
A flaw was found in Eclipse Jetty. The HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used. An attacker can inject crafted requests to manipulate and trick the parser. This issue can lead to security controls bypass, cache poisoning or unauthorized endpoint access...
EUVD-2026-22947
HP System Optimizer might potentially be vulnerable to escalation of privilege. HP is releasing an update to mitigate this potential vulnerability...
CVE-2026-4667
HP System Optimizer might potentially be vulnerable to escalation of privilege. HP is releasing an update to mitigate this potential vulnerability...
firefox: thunderbird: Mitigation bypass in the Networking: HTTP component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the Networking: HTTP component...
firefox: thunderbird: Mitigation bypass in the Networking: HTTP component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the Networking: HTTP component...
firefox: thunderbird: Mitigation bypass in the Networking: HTTP component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the Networking: HTTP component...
firefox: thunderbird: Mitigation bypass in the Networking: HTTP component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the Networking: HTTP component...
firefox: thunderbird: Mitigation bypass in the Networking: HTTP component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the Networking: HTTP component...
firefox: thunderbird: Mitigation bypass in the Networking: HTTP component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the Networking: HTTP component...
firefox: thunderbird: Mitigation bypass in the Networking: HTTP component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the Networking: HTTP component...
CVE-2026-33018
A flaw was found in libsixel, a SIXEL encoder/decoder implementation. This Use-After-Free vulnerability occurs when processing specially crafted animated Graphics Interchange Format GIF files. A remote attacker could exploit this by providing a malicious multi-frame GIF, causing the application t...
PT-2026-34215
Name of the Vulnerable Software and Affected Versions OAuth2 Proxy versions 7.5.0 through 7.15.1 Description A configuration-dependent authentication bypass exists when the software is deployed using skip auth routes or the legacy skip auth regex with patterns that can be widened by...
PT-2026-33074
CVE-2026-4667 HP System Optimizer might potentially be vulnerable to escalation of privilege. HP is releasing an update to mitigate this potential vulnerability. https://t.co/9Kio2KYPAa...
Incorrect authorization for Threat Intelligence in Guardian/CMC before 26.0.0
Summary An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforced for users with view-only privileges. Impact An authenticated user with view-only privileges for the Threat Intelligence functionality ca...
SUSE CVE-2026-4786
Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...
CVE-2026-35031
Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the subtitle upload endpoint POST /Videos/itemId/Subtitles, where the Format field is not validated, allowing path traversal via the file extension and enabling arbitrary file write. Th...