126393 matches found
K000160725: Apache Solr vulnerability CVE-2026-22022
Security Advisory Description Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Solr's "Rule Based Authorization Plugin" are vulnerable to allowing unauthorized access to certain Solr APIs, due to insufficiently strict input validation in those components. Only deployments that meet al...
K000160726: Apache Ranger vulnerability CVE-2025-59059
Security Advisory Description Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger versions = 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue. CVE-2025-59059 Impact There is no impact; F5 products are not affected by this...
sigma-audit
Sigma Stack Audit Full-spectrum security audit combining five...
Exploit for Missing Authentication for Critical Function in Flowiseai Flowise
Flowise Dual CVE PoC — CVE-2025-58434 + CVE-2025-59528 !CVE-...
[SECURITY] Fedora 43 Update: libpng-1.6.56-1.fc43
The libpng package contains a library of functions for creating and manipulating PNG Portable Network Graphics image format files. PNG is a bit-mapped graphics format similar to the GIF format. PNG was created to replace the GIF format, since GIF uses a patented data compression algorithm. Libpng...
K000160722: Linux kernel vulnerability CVE-2026-23324
Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: can: usb: etases58x: correctly anchor the urb in the read bulk callback When submitting an urb, that is using the anchor pattern, it needs to be anchored before submitting it otherwise it could be...
K000160721: libxslt vulnerability CVE-2025-11731
Security Advisory Description A flaw was found in the exsltFuncResultComp function of libxslt, which handles EXSLT elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This can...
Hardware-Efficient Compound IC Protection with Lightweight Cryptography
Over the years, many techniques have been introduced to protect integrated circuits ICs from hardware security threats that emerged in the globalized IC manufacturing supply chain, such as overproduction and piracy. However, most of these techniques have been rendered inefficient since they do no...
Linux Distros Unpatched Vulnerability : CVE-2026-40447
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow or wraparound vulnerability in Samsung Open Source Escargot allows undefined behavior.This issue affects Escargot:...
📄 Redaxo 5.20.1 Path Traversal
Redaxo versions 5.20.1 and below suffer from a path traversal vulnerability. CVE-2026-21857: Redaxo has Path Traversal in Backup Addon Leading to Arbitrary File Read Overview | Field | Details | |---|---| | CVE ID | CVE-2026-21857 | | Severity | HIGH | | Advisory | View Advisory | | Discovered by...
PT-2026-32505
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an untrusted peer could crash a validator by publishing a signed tendermint proposal message where signer == validators.num validators...
📄 WBCE CMS Privilege Escalation / Insecure Direct Object Reference
WBCE CMS versions prior to 1.6.4 suffers from insecure direct object reference and privilege escalation vulnerabilities. CVE-2025-65094: WBCE CMS is Vulnerable to Privilege Escalation via Group ID Manipulation IDOR Overview | Field | Details | |---|---| | CVE ID | CVE-2025-65094 | | Severity | HI...
📄 EGroupware SQL Injection
EGroupware versions prior to 23.1.20260113 and greater than or equal to 26.0.20251208 but less than 26.0.20260113 are affected by a remote SQL injection vulnerability in the Nextmatch filter processing. CVE-2026-22243: EGroupware has SQL Injection in Nextmatch Filter Processing Overview | Field |...
SUSE: Security Advisory (SUSE-SU-2026:20984-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Linux Distros Unpatched Vulnerability : CVE-2026-34477
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the...
📄 FacturaScripts SQL Injection
FacturaScripts versions prior to 2025.81 suffer from a remote SQL injection vulnerability in the Autocomplete Actions functionality. CVE-2026-25514: FacturaScripts has SQL Injection in Autocomplete Actions Overview | Field | Details | |---|---| | CVE ID | CVE-2026-25514 | | Severity | HIGH | |...
📄 FacturaScripts SQL Injection
FacturaScripts versions prior to 2025.81 suffer from a remote SQL injection vulnerability in the API ORDER BY clause. CVE-2026-25513: FacturaScripts has SQL Injection in API ORDER BY Clause Overview | Field | Details | |---|---| | CVE ID | CVE-2026-25513 | | Severity | HIGH | | Advisory | View...
📄 OpenSTAManager 2.9.8 SQL Injection
OpenSTAManager versions 2.9.8 and below suffer from a remote SQL injection vulnerability in the Stampe module. CVE-2025-69215: OpenSTAManager has an SQL Injection in the Stampe Module Overview | Field | Details | |---|---| | CVE ID | CVE-2025-69215 | | Severity | HIGH | | Advisory | View Advisory...
patchbot
patchbot patchbot is an AI-assisted security reviewer for p...
[SECURITY] Fedora 42 Update: trafficserver-10.1.2-1.fc42
Traffic Server is a high-performance building block for cloud services. It's more than just a caching proxy server; it also has support for plugins to build large scale web applications. Key features: Caching - Improve your response time, while reducing server load and bandwidth needs by caching...