13 matches found
jellyfin -- multiple vulnerabilities
The Jellyfin project reports: Jellyfin Server 10.11.10 fixes three security vulnerabilities: GHSA-f47c-m7gr-q92j: details pending disclosure GHSA-jg92-mrxq-vv75: details pending disclosure GHSA-wwwm-px48-fpvq: details pending disclosure...
CVE-2026-45393 Local privilege escalation to SYSTEM in Cribl Edge for Windows
A vulnerability chain in Cribl Edge for Windows before 4.17.1 allows a local authenticated user to escalate privileges to NT AUTHORITY\SYSTEM. Incorrect default permissions on the Windows installer's authentication directory CWE-276 expose a cryptographic secret used for JWT signing and...
PT-2026-35817
Name of the Vulnerable Software and Affected Versions django-s3file versions prior to 7.0.2 Description S3FileMiddleware is susceptible to relative path traversal, allowing an attacker to use a modified request to escape pre-signed upload locations. This enables the Django application to load fil...
CVE-2023-44988
CVE-2023-44988 affects the WordPress plugin WP Custom Admin Interface (versions
CVE-2023-30443
CVE-2023-30443 affects IBM Db2 for Linux/ UNIX/ Windows (incl. Db2 Connect Server) on 10.5, 11.1, and 11.5, with denial of service caused by a specially crafted query. Connected sources consistently describe multiple variants of the same vulnerability across IBM Db2 components and related Cloud P...
CVE-2023-48280
CVE-2023-48280 affects the WordPress plugin Consensu.io (
CVE-2024-24704
CVE-2024-24704 is a Broken Access Control (Missing Authorization) vulnerability in Load More Anything for WordPress (
CVE-2024-26320
CVE-2024-26320 is linked to a vulnerability in ownCloud prior to 10.13.3, described in OpenVAS as an improper input validation issue. The connected advisories indicate related problems including a Denial of Service in the Comments API and potential authentication bypass; remediation is available ...
CAN-2005-0100
The connected documents tie CVE-2005-0100 to Emacs across multiple advisories (Debian DSA-671-1, SLES9 Emacs update, Gentoo GLSA 200502-20, FreeBSD ports, Gentoo/Debian entries in OpenVAS). They provide CVSS context (base 7.5, vector AV:N/AC:L/Au:N/C:P/I:P/A:P) in OpenVAS entries, and mention upd...
CAN-2005-2960
The CVE CVE-2005-2960 is linked to cfengine and arises from insecure temporary-file handling that allows a local attacker to perform a symlink attack to overwrite files owned by the cfengine user (likely root). Connected documents describe vulnerable cfengine versions (e.g., cfengine <= 1.6.5 ...
CVE-2023-7217
The CVE-2023-7217 entry is supported by connected data indicating an integer overflow in libebml.so caused by improper validation of input sizes, which can lead to a crash. Affected component: libebml.so (EBML library). No explicit versions, products, exploit details, or remediation are provided ...
kobtanakorn.com Improper Access Control vulnerability OBB-3802770
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2020-17455
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided...