CVE-2026-11820

Module: plugins/modules/nexmo.py CVSS 3.1: 6.5 MEDIUM — AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Issue: apikey and apisecret are declared nolog=True at the input level, but both credentials are immediately URL-encoded into a GET request as query parameters, bypassing all nolog protection. Vulnerable...

PT-2026-47450

Name of the Vulnerable Software and Affected Versions WACRM versions prior to commit 73041bf Description An authorization bypass exists in the automation engine that allows authenticated attackers to access and modify contacts belonging to other tenants. By providing an arbitrary contact id in th...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : AIOHTTP vulnerabilities (USN-8032-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8032-1 advisory. Charles Chan discovered that AIOHTTP incorrectly handled the decompression of compressed requests. A remote...

PT-2025-48995

Name of the Vulnerable Software and Affected Versions eyoucms version 1.7.1 Description The software is susceptible to an XML External Entity XXE injection. A remote attacker can exploit this by sending a specially crafted POST request body, potentially leading to a denial of service...

CVE-2019-14276

WUSTL XNAT 1.7.5.3 allows XXE attacks via a POST request body...