105086 matches found
CVE-2026-9083
A flaw was found in Keycloak. A realm administrator with the "manage-realm" role can exploit this vulnerability by submitting an arbitrary filesystem path as a keystore parameter when creating a key provider component. This allows the administrator to probe arbitrary filesystem paths, determining...
CVE-2026-54030
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.5, LibreChat's MCP OAuth implementation does not validate that the resource parameter from OAuth Protected Resource metadata RFC 9728 matches the configured MCP server URL, allowing a malicious MCP server to...
CVE-2026-9083 Keycloak: keycloak: information disclosure through arbitrary filesystem path probing
A flaw was found in Keycloak. A realm administrator with the "manage-realm" role can exploit this vulnerability by submitting an arbitrary filesystem path as a keystore parameter when creating a key provider component. This allows the administrator to probe arbitrary filesystem paths, determining...
EUVD-2026-39476
A flaw was found in Keycloak. A realm administrator with the "manage-realm" role can exploit this vulnerability by submitting an arbitrary filesystem path as a keystore parameter when creating a key provider component. This allows the administrator to probe arbitrary filesystem paths, determining...
CVE-2026-9083
CVE-2026-9083 (Keycloak) : A flaw allows a realm administrator with the manage-realm role to submit an arbitrary filesystem path as a keystore parameter when creating a key provider component, enabling probing of arbitrary filesystem paths and disclosure of files readable by the Keycloak process....
CVE-2026-9800 Keycloak: keycloak policy enforcer: authorization bypass via incorrect uri comparison
A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access UMA permission checks. By including the configured access-denied page path within a request URL, either as a path...
CVE-2026-45233 HTMLy CMS 3.1.1 Path Traversal via oldfile Parameter in Autosave
HTMLy CMS through 3.1.1 contains a path traversal vulnerability that allows low-privileged authenticated attackers to relocate arbitrary files by supplying directory traversal sequences in the oldfile parameter at the admin autosave endpoint. Attackers can pass unsanitized traversal sequences...
EUVD-2026-39459
HTMLy CMS through 3.1.1 contains a path traversal vulnerability that allows low-privileged authenticated attackers to relocate arbitrary files by supplying directory traversal sequences in the oldfile parameter at the admin autosave endpoint. Attackers can pass unsanitized traversal sequences...
CVE-2026-45233
The CVE details a path traversal in HTMLy CMS (up to version 3.1.1) where an authenticated, low-privilege user can relocate arbitrary files via the admin autosave endpoint. The root cause is unsanitized directory traversal sequences passed to file_exists() and rename() in admin.php without canoni...
CVE-2026-54030
CVE-2026-54030 affects LibreChat prior to version 0.8.5. The MCP OAuth implementation does not validate that the resource parameter from OAuth Protected Resource metadata (RFC 9728) matches the configured MCP server URL, enabling a malicious MCP server to steal access tokens intended for a legiti...
EUVD-2026-39443
The K2 frontend item.checkin task accepts an unauthenticated sigProFolder query parameter and uses it directly to address a JFolder::delete call under /media/k2/galleries/...
CVE-2026-48941 Joomla Extension - getk2.com - Unauthenticated folder delete in K2 extension for Joomla < 2.26
The K2 frontend item.checkin task accepts an unauthenticated sigProFolder query parameter and uses it directly to address a JFolder::delete call under /media/k2/galleries/...
CVE-2026-12755
Improper input validation in the PAM AD discovery endpoints in Devolutions Server 2026.2.4.0 through 2026.2.7.0 allows an authenticated user with the UserGroupsView permission to coerce server-side authentication to an attacker-controlled host, exposing PAM provider credentials as a NTLMv2...
CVE-2026-12755
Improper input validation in the PAM AD discovery endpoints in Devolutions Server 2026.2.4.0 through 2026.2.7.0 allows an authenticated user with the UserGroupsView permission to coerce server-side authentication to an attacker-controlled host, exposing PAM provider credentials as a NTLMv2...
EUVD-2026-39386
Improper input validation in the PAM AD discovery endpoints in Devolutions Server 2026.2.4.0 through 2026.2.7.0 allows an authenticated user with the UserGroupsView permission to coerce server-side authentication to an attacker-controlled host, exposing PAM provider credentials as a NTLMv2...
CVE-2026-53225
The CVE-2026-53225 issue affects the Linux kernel SCTP path: __sctp_rcv_asconf_lookup() in net/sctp/input.c may read uninitialized memory when a truncated IPv6 address parameter is declared in an ASCONF chunk. An unauthenticated peer could trigger reads of up to 16 bytes past the parameter if the...
EUVD-2026-39316
In the Linux kernel, the following vulnerability has been resolved: sctp: fix uninit-value in sctprcvasconflookup sctprcvasconflookup in net/sctp/input.c only checks that the ASCONF chunk can hold the ADDIP header and a parameter header, then calls af-fromaddrparam, which reads the full address 1...
CVE-2026-12937
The Tourfic – AI Powered Travel Booking, Hotel Booking & Car Rental WordPress Plugin plugin for WordPress is vulnerable to generic SQL Injection via the 'postid' parameter in all versions up to, and including, 2.22.7 due to insufficient escaping on the user supplied parameter and lack of sufficie...
CVE-2026-12937
CVE-2026-12937 concerns the Tourfic WordPress plugin (versions ≤ 2.22.7). The issue is a generic SQL Injection via the post_id parameter caused by insufficient escaping and lack of prepared statements in the vulnerable SQL path. The vulnerability is exploitable by unauthenticated users, who can a...
CVE-2026-12937 Tourfic <= 2.22.7 - Unauthenticated SQL Injection via 'post_id' Parameter
The Tourfic – AI Powered Travel Booking, Hotel Booking & Car Rental WordPress Plugin plugin for WordPress is vulnerable to generic SQL Injection via the 'postid' parameter in all versions up to, and including, 2.22.7 due to insufficient escaping on the user supplied parameter and lack of sufficie...