877 matches found
CVE-2026-55242 ERPNext: Server-Side Template Injection (SSTI) in Batch autonaming via Stock Settings.naming_series_prefix
ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.111.0 and 16.22.0, an authenticated user with a standard operational role can trigger server-side template injection through a configuration field, resulting in unauthorized disclosure of data outside the user's norm...
CVE-2026-55242 ERPNext: Server-Side Template Injection (SSTI) in Batch autonaming via Stock Settings.naming_series_prefix
ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.111.0 and 16.22.0, an authenticated user with a standard operational role can trigger server-side template injection through a configuration field, resulting in unauthorized disclosure of data outside the user's norm...
CVE-2026-55242
CVE-2026-55242 affects ERPNext prior to 15.111.0 and 16.22.0, where an authenticated user with a standard operational role can trigger a server-side template injection via a configuration field in Batch autonaming (Stock Settings.naming_series_prefix). This leads to unauthorized disclosure of dat...
CVE-2026-59888 jackson-databind: @JsonIgnore on a Record property is bypassed with a PropertyNamingStrategy
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.15.0 until 2.18.8, 2.21.4, and 3.1.4, Java Records using a PropertyNamingStrategy can bypass @JsonIgnore because POJOPropertiesCollector.removeUnwantedIgnorals records an...
CVE-2026-59888
The CVE-2026-59888 issue affects Jackson Databind (Java Records) where, from 2.15.0 through 2.18.8, 2.21.4, and 3.1.4, a PropertyNamingStrategy can cause a bypass of @JsonIgnore. This occurs because POJOPropertiesCollector._removeUnwantedIgnorals() records an ignored component under its original ...
PT-2026-58288
Name of the Vulnerable Software and Affected Versions jackson-databind versions 2.15.0 through 2.18.7 jackson-databind versions 2.21.0 through 2.21.3 jackson-databind versions 3.1.0 through 3.1.3 Description Java Records using a PropertyNamingStrategy can bypass the @JsonIgnore annotation. This...
SolarWinds Web Help Desk < 2026.1 - Unauthenticated JNDI Injection RCE
SolarWinds Web Help Desk before version 2026.1 contains an insecure deserialization vulnerability in the jabsorb JSON-RPC library. When chained with a CSRF whitelist bypass CVE-2025-40536, remote unauthenticated attackers can exploit JNDI injection via the Apache Xalan JNDIConnectionPool class to...
Malicious code in fury_frontend-andes-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 29bea4f118854efa6568545722d7210a76e06e64cad4036e0cc0b45c45aafe37 The package's postinstall hook auto-executes index.js on npm install. The script collects the installer's OS username os.userInfo, current working...
apache-cxf: org.apache.cxf/cxf-integration-jca: Apache CXF: Arbitrary code execution via JNDI Injection
A flaw was found in Apache CXF's JCA integration module. This Java Naming and Directory Interface JNDI Injection vulnerability allows for arbitrary code execution. A remote attacker could exploit this by manipulating the Java EE Connector Architecture JCA deployment descriptor ra.xml or runtime...
PYSEC-2026-1569 LlamaIndex vulnerability in ArxivReader class can cause MD5 hash collisions
A vulnerability in the ArxivReader class of the run-llama/llamaindex repository allows for MD5 hash collisions when generating filenames for downloaded papers. This can lead to data loss as papers with identical titles but different contents may overwrite each other, preventing some papers from...
CVE-2026-55153 mchange-commons-java contains elements susceptible to abuse via JNDI injection and "deserialization gadgets"
mchange-commons-java is a Java library of shared utility classes used by mchange projects like the c3p0 connection pool. Prior to version 0.6.0, its JNDI ObjectFactory implementation com.mchange.v2.naming.JavaBeanObjectFactory will construct objects of arbitrary classes and initialize...
com.mchange/mchange-commons-java: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects
A flaw was found in mchange-commons-java, a Java utility library. An attacker can exploit this vulnerability by providing a maliciously crafted javax.naming.Reference or serialized object to an application using the library. This can provoke the application to download and execute arbitrary...
CVE-2026-53324
In the Linux kernel, the following vulnerability has been resolved: net: mana: Use pciname for debugfs directory naming Use pcinamepdev for the per-device debugfs directory instead of hardcoded "0" for PFs and pcislotnamepdev-slot for VFs. The previous approach had two issues: 1. pcislotname...
Linux Distros Unpatched Vulnerability : CVE-2026-53324
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: mana: Use pciname for debugfs directory naming Use pcinamepdev for the per-device debugfs directory instead of hardcoded 0 for PFs and pcislotnamepdev-slot...
CVE-2026-53324
In the Linux kernel, the following vulnerability has been resolved: net: mana: Use pciname for debugfs directory naming Use pcinamepdev for the per-device debugfs directory instead of hardcoded "0" for PFs and pcislotnamepdev-slot for VFs. The previous approach had two issues: 1. pcislotname...
CVE-2026-53099
A flaw was found in the Linux kernel. The issue arises from an incorrect configuration option for Control-Flow Integrity CFI, a security mechanism designed to prevent certain types of attacks. Due to a naming change, the CFI code was not properly compiled, leading to its intended protections not...
CVE-2026-48818
A flaw was found in Starlette, a lightweight ASGI framework. On Windows systems, the StaticFiles component is vulnerable to Server-Side Request Forgery SSRF. A remote attacker can exploit this by providing a specially crafted Universal Naming Convention UNC path, which causes the system to initia...
ALSA-2026:26455 Important: 389-ds-base security, bug fix, and enhancement update
389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server and command-line utilities for server administration. Security Fixes: 389-ds-base: 389-ds-base: unbounded LDAP controls count in...
GHSA-WQP7-X3PW-XC5R Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows
Summary When serving static files on Windows, StaticFiles resolves the requested path with os.path.realpath. If a UNC path such as \attacker.com\share reaches the resolver, realpath causes the process to open a connection to the remote host over SMB port 445. This is a server-side request forgery...
GHSA-G628-R368-6VH7 GeoServer DB2 DataStore Extension has a JNDI Vulnerability via Store Connection
Summary Administrator can perform JNDI attack through specially crafted DB2 jdbc url leading to Remote Code Execution RCE. Impact If GeoServer has DB2 extension installed, this vulnerability can lead to executing arbitrary code. Details Authenticated users can access Vector Data Sources page to...