18274 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-55213
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1, when h2o processes a QPACK...
CVE-2026-56336
Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /private/sso/check-domain endpoint that returns internal orgid and providerid values. Attackers can enumerate email domains to build mappings of domains to organization UUIDs and SSO provider identifiers...
CVE-2026-56313
Capgo before 12.128.2 contains a cross-organization account disruption vulnerability in the SSO prelink endpoint. Attackers with org.update_settings permission and an active SSO provider can call the prelink-users endpoint to permanently remove email-based authentication for any user matching the...
CVE-2026-56313 Capgo - Cross-Organization Account Disruption via SSO Prelink Endpoint
Capgo before 12.128.2 contains a cross-organization account disruption vulnerability in the SSO prelink endpoint that allows enterprise administrators to delete password identities of users in foreign organizations. Attackers with org.updatesettings permission and an active SSO provider can call...
CVE-2026-56336 Capgo - Information Disclosure via Unauthenticated SSO check-domain Endpoint
Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /private/sso/check-domain endpoint that returns internal orgid and providerid values. Attackers can enumerate email domains to build mappings of domains to organization UUIDs and SSO provider identifiers...
CVE-2026-56313 Capgo - Cross-Organization Account Disruption via SSO Prelink Endpoint
Capgo before 12.128.2 contains a cross-organization account disruption vulnerability in the SSO prelink endpoint that allows enterprise administrators to delete password identities of users in foreign organizations. Attackers with org.updatesettings permission and an active SSO provider can call...
Chromium: CVE-2026-14128 Insufficient data validation in Chrome for iOS
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2026-13916 Inappropriate implementation in Chrome for iOS
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
GHSA-6W3M-4HHP-775Q vulnerabilities
Vulnerabilities for packages: keda-http-add-on, keda-http-add-on-fips...
CVE-2026-55213
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1, when h2o processes a QPACK instruction sent from the peer over HTTP/3, lib/http3/qpack.c might allocate an on-stack buffer as large as approximately 800 KB by calling...
CVE-2026-55213 h2o: musl libc stack overflow (QPACK)
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1, when h2o processes a QPACK instruction sent from the peer over HTTP/3, lib/http3/qpack.c might allocate an on-stack buffer as large as approximately 800 KB by calling...
CVE-2026-57807 WordPress OAuth Single Sign On - SSO (OAuth Client) plugin <= 38.5.8 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security Software Pvt Ltd. OAuth Single Sign On - SSO OAuth Client allows Password Recovery Exploitation. This issue affects OAuth Single Sign On - SSO OAuth Client: from n/a through 38.5.8...
CVE-2026-57807
The CVE-2026-57807 entry concerns miniOrange OAuth Single Sign On - SSO (OAuth Client) for WordPress, affected through version 38.5.8. The vulnerability is an Authentication Bypass via an alternate path or channel (broken authentication), enabling Password Recovery Exploitation. No exploitation d...
EUVD-2026-43028
Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security Software Pvt Ltd. OAuth Single Sign On - SSO OAuth Client allows Password Recovery Exploitation. This issue affects OAuth Single Sign On - SSO OAuth Client: from n/a through 38.5.8...
CVE-2026-54088
creationtimestamp| type| source ---|---|--- 2026-07-10 20:16:06+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqcxokhktk2v 2026-07-10 20:35:07+00:00| published-proof-of-concept| https://github.com/filebrowser/filebrowser/security/advisories/GHSA-m93h-4hw7-5qcm 2026-07-11...
CVE-2026-59162 Excelize: Negative shared-string index causes panic in GetCellValue and GetRows
Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, Excelize parses shared-string cell values with strconv.Atoi and checks only the upper bound before indexing the shared string slice, allowing an XLSX file containing a shared-string cell with ...
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to fix various security issues The following security issues were fixed: CVE-2026-31771: Bluetooth: Ignore HCIERRORCANCELLEDBYHOST on adv set terminated event bsc1264145. CVE-2026-43038: ipv6: icmp: clear skb2-cb in ip6errgenicmpv6unreach...
SUSE-SU-2026:2839-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 11 SP4 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-68324: scsi: imm: Fix use-after-free bug caused by unfinished delayed work bsc1255416. - CVE-2026-43198: tcp: fix potential race in tcpv6synrecvsock bsc1264610. ...
EUVD-2026-42780
A vulnerability was found in MyEMS up to 6.4.0. The affected element is the function onpost of the file myems-api/core/svg.py of the component Admin Backend. The manipulation of the argument newvalues'data' results in cross site scripting. The attack can be launched remotely. The exploit has been...
CVE-2026-15321
CVE-2026-15321 (MyEMS Admin Backend) affects myems-api/core/svg.py, function on_post, in MyEMS