2890 matches found
OpenMetaData - SpEL Injection in PUT /api/v1/policies
OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. CompiledRule::validateExpression is also called from PolicyRepository.prepare. prepare is called from...
CVE-2026-57230
creationtimestamp| type| source ---|---|--- 2026-07-11 02:32:26+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdmpgcqro2d...
CVE-2026-0275
creationtimestamp| type| source ---|---|--- 2026-07-10 00:15:09+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-0275...
CVE-2026-54004
creationtimestamp| type| source ---|---|--- 2026-07-09 21:14:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqakhwvc2726...
CVE-2026-14142 vulnerabilities
Vulnerabilities for packages: chromium...
CVE-2026-15108
creationtimestamp| type| source ---|---|--- 2026-07-09 04:45:05+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260709...
CVE-2026-15138
A security vulnerability has been detected in tumf mcp-text-editor up to 1.0.2. This issue affects the function validatefilepath of the file mcptexteditor/texteditor.py. Such manipulation of the argument filepath leads to path traversal. The attack can be launched remotely. The exploit has been...
CVE-2026-6371 Stored XSS in Limatek's LimRAD NAC
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Limatek System Inc. LimRAD NAC allows Stored XSS. This issue affects LimRAD NAC: through 08072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...
CVE-2026-58583
creationtimestamp| type| source ---|---|--- 2026-07-07 23:35:15+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq3rfwfy5v2t...
CVE-2026-11855
CVE-2026-11855 affects the Simple Membership WordPress plugin prior to 4.7.5. The issue arises because Stripe webhook requests are not authenticated when no signing secret is configured, and a value taken from those requests is not escaped before being output in an administrator notice. This lead...
CVE-2026-11855
The Simple Membership WordPress plugin before 4.7.5 does not verify the authenticity of Stripe webhook requests when no signing secret is configured, nor escape a value taken from them before outputting it in an administrator notice, allowing unauthenticated attackers to inject arbitrary web...
WordPress Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin <= 4.3.5 - Authenticated (Administrator+) SQL Injection vulnerability
Authenticated Administrator+ SQL Injection vulnerability discovered by PRISM in WordPress Plugin WP Cookie Notice for GDPR, CCPA & ePrivacy Consent versions = 4.3.5...
CVE-2026-31583
creationtimestamp| type| source ---|---|--- 2026-07-02 05:48:33+00:00| seen| https://www.hkcert.org/security-bulletin/ubuntu-linux-kernel-multiple-vulnerabilities20260702 2026-07-06 05:50:35+00:00| seen| https://www.hkcert.org/security-bulletin/debian-linux-kernel-multiple-vulnerabilities20260706...
CVE-2026-8857
A vulnerability in Wikimedia Foundation timeline. This vulnerability is associated with program files scripts/EasyTimeline.Pl, includes/Timeline.Php. This issue affects timeline: from before 1.46.0, 1.45.4, 1.44.6, 1.43.9...
CVE-2026-53207
creationtimestamp| type| source ---|---|--- 2026-07-01 02:48:30+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0812 2026-07-03 16:55:51+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpqza2354i23 2026-07-06 06:50:39+00:00| seen|...
MINI-W57R-8XRH-4J79
Bulletin has no description...
PT-2026-53654
Name of the Vulnerable Software and Affected Versions Gigamon GVOS versions prior to 5.16.2 Description The GVOS H-VUE subsystem contains a directory traversal flaw, which allows an attacker to access files and directories outside the intended folder. Recommendations Update Gigamon GVOS to versio...
CVE-2026-57636
creationtimestamp| type| source ---|---|--- 2026-06-26 17:24:09+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mp7hk7hsot2p 2026-06-30 09:17:07+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mpio6yxn6w2v...
DEBIAN-CVE-2026-53043
In the Linux kernel, the following vulnerability has been resolved: ocfs2/dlm: validate qrnumregions in dlmmatchregions Patch series "ocfs2/dlm: fix two bugs in dlmmatchregions". In dlmmatchregions, the qrnumregions field from a DLMQUERYREGION network message is used to drive loops over the...
MINI-Q58C-458R-FF7M
Bulletin has no description...