393557 matches found
CVE-2026-63096
Dendrite through 0.13.8 contains a server-side request forgery vulnerability that allows unauthenticated attackers to cause the server to open outbound TLS connections to arbitrary hosts and ports by supplying an unvalidated serverName parameter to the legacy media download endpoint. Attackers ca...
CVE-2026-9588 Authenticated Stored Cross-Site Scripting (XSS) in Switchvox SMB Web Portal
A stored cross-site scripting XSS vulnerability exists in Sangoma Switchvox SMB Edition 8.3 104997 within the voicemail notification template functionality. The submitmodifyvoicemailtemplate endpoint fails to properly sanitize HTML content supplied by authenticated users, allowing malicious...
CVE-2026-9587 Authenticated Local File Inclusion (LFI) in Switchvox SMB Web Portal
An authenticated local file inclusion vulnerability exists in Sangoma Switchvox SMB Edition 8.3 104997. The playfile functionality accepts user-controlled input through the soundpath parameter and fails to properly validate file paths before accessing the underlying filesystem. By supplying...
CVE-2026-9585 Unauthenticated Reflected Cross-Site Scripting (XSS) in Switchvox SMB Web Portal
An unauthenticated reflected cross-site scripting XSS vulnerability exists in Sangoma Switchvox SMB Edition version 8.3 104997. The application fails to properly sanitize the portal parameter supplied to the invalidbrowser and invalidbrowserlogin handlers. User-supplied data is reflected into...
CVE-2026-63096 Dendrite 0.13.8 SSRF via Unauthenticated Legacy Media Download Endpoint
Dendrite through 0.13.8 contains a server-side request forgery vulnerability that allows unauthenticated attackers to cause the server to open outbound TLS connections to arbitrary hosts and ports by supplying an unvalidated serverName parameter to the legacy media download endpoint. Attackers ca...
CVE-2026-63096 Dendrite 0.13.8 SSRF via Unauthenticated Legacy Media Download Endpoint
Dendrite through 0.13.8 contains a server-side request forgery vulnerability that allows unauthenticated attackers to cause the server to open outbound TLS connections to arbitrary hosts and ports by supplying an unvalidated serverName parameter to the legacy media download endpoint. Attackers ca...
CVE-2026-63094
SigNoz through 0.133.0 contains an open redirect vulnerability in the SSO authentication flow that allows unauthenticated attackers to steal session tokens from any user on instances configured with Google OAuth, SAML, or OIDC. Attackers can call the unauthenticated sessions context endpoint with...
CVE-2026-63094
SigNoz through 0.133.0 contains an open redirect vulnerability in the SSO authentication flow that allows unauthenticated attackers to steal session tokens from any user on instances configured with Google OAuth, SAML, or OIDC. Attackers can call the unauthenticated sessions context endpoint with...
CVE-2026-63094 SigNoz 0.133.0 SSO OAuth State Manipulation Session Token Theft
SigNoz through 0.133.0 contains an open redirect vulnerability in the SSO authentication flow that allows unauthenticated attackers to steal session tokens from any user on instances configured with Google OAuth, SAML, or OIDC. Attackers can call the unauthenticated sessions context endpoint with...
EUVD-2026-45177
SigNoz through 0.133.0 contains an open redirect vulnerability in the SSO authentication flow that allows unauthenticated attackers to steal session tokens from any user on instances configured with Google OAuth, SAML, or OIDC. Attackers can call the unauthenticated sessions context endpoint with...
Exploit for Use After Free in Linux Linux_Kernel
CVE-2026-43499 for realme RMX5200 CVE-2026-43499 local privil...
CVE-2026-59252
Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet, resulting in denial of service for legitimate clients. When the mpp Elixir library is configured as fee payer feepayer: true, the MPP.Methods.Tempo payment meth...
EEF-CVE-2026-59252 Missing gas_limit validation in mpp Tempo fee-payer enables wallet drain
Summary Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet, resulting in denial of service for legitimate clients. When the mpp Elixir library is configured as fee payer fee\payer: true, the MPP.Methods.Tempo...
CVE-2026-59252 Missing gas_limit validation in mpp Tempo fee-payer enables wallet drain
Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet, resulting in denial of service for legitimate clients. When the mpp Elixir library is configured as fee payer feepayer: true, the MPP.Methods.Tempo payment meth...
CVE-2026-59252 Missing gas_limit validation in mpp Tempo fee-payer enables wallet drain
Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet, resulting in denial of service for legitimate clients. When the mpp Elixir library is configured as fee payer feepayer: true, the MPP.Methods.Tempo payment meth...
EUVD-2026-45160
Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet, resulting in denial of service for legitimate clients. When the mpp Elixir library is configured as fee payer feepayer: true, the MPP.Methods.Tempo payment meth...
CVE-2026-59252
Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet, resulting in denial of service for legitimate clients. When the mpp Elixir library is configured as fee payer feepayer: true, the MPP.Methods.Tempo payment meth...
CVE-2026-59252
The CVE-2026-59252 entry describes a missing gas_limit validation in ZenHive mpp when configured as a fee payer (fee_payer: true). The MPP.Methods.Tempo payment method co-signs and broadcasts a client-supplied EVM transaction without ensuring the client-supplied gas_limit is sufficient, allowing ...
Security Bulletin: Multiple vulnerabilities in IBM Guardium Unified Discovery and Classification (GUDC) container images
Summary Security vulnerabilities have been addressed in the IBM Guardium Unified Discovery and Classification GUDC container images Vulnerability Details CVEID:CVE-2025-0167 DESCRIPTION: When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password use...
CVE-2026-15094
The WP Hotel Booking plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'checkindate' parameter in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrar...