327 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: afs: Fixed the failure condition due to the merge preference rule syzbot reported a lock that remained held when returning to user space1. This occurs because if argc is less than 0 and the function returns directly, the held...
Admidio 跨站请求伪造漏洞
Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Prior to Admidio 5.0.9, there was a cross-site request forgeing vulnerability. This...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes through the updateUserPreference process. An attacker can alter restricted financial attributes by sending crafted API requests to modify their own hourlyrat...
Apache Tomcat: Configured cipher preference order not preserved
Configured cipher preference order not preserved vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.16 through 11.0.18, from 10.1.51 through 10.1.52, from 9.0.114 through 9.0.115. Users are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue...
CVE-2026-34769
A flaw was found in Electron, a framework for building desktop applications. This vulnerability arises from an undocumented commandLineSwitches webPreference that allows arbitrary command-line switches to be appended to the renderer process. A remote attacker could exploit this by providing...
CVE-2026-34769 Electron: Renderer command-line switch injection via undocumented commandLineSwitches webPreference
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, an undocumented commandLineSwitches webPreference allowed arbitrary switches to be appended to the renderer process command line. Ap...
EUVD-2026-18937
Electron: Renderer command-line switch injection via undocumented commandLineSwitches webPreference...
Electron: Renderer command-line switch injection via undocumented commandLineSwitches webPreference
Impact An undocumented commandLineSwitches webPreference allowed arbitrary switches to be appended to the renderer process command line. Apps that construct webPreferences by spreading untrusted configuration objects may inadvertently allow an attacker to inject switches that disable renderer...
KLA90974 Multiple vulnerabilities in Apache Tomcat
Multiple vulnerabilities were found in Apache Tomcat. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Configured cipher preference order not preserved...
EUVD-2026-13341
Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have two authorization issues in the chat direct message API. First, when creating a direct message channel or adding users to an existing one, the targetgroups parameter was passed direct...
CVE-2026-33410
Summary: CVE-2026-33410 affects Discourse before patches 2026.3.0-latest.1, 2026.2.1, and 2026.1.2. There are two authorization issues in the chat direct message API. First, during direct message channel creation or when adding users, the target_groups parameter is passed directly to the user res...
MAL-2026-1859 Malicious code in stylelint-preference (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9bcab12465d2562c808eb72d7be466706aa9f7074bcbb6f7a56744484ecfe7d9 The package stylelint-preference was found to contain malicious code...
Malicious code in stylelint-preference (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9bcab12465d2562c808eb72d7be466706aa9f7074bcbb6f7a56744484ecfe7d9 The package stylelint-preference was found to contain malicious code...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the color mode preference process. An attacker can execute arbitrary JavaScript in the context of a higher-privileged user by injecting malicious scripts that trigger when the targeted user impersonates the...
CVE-2026-32612
Statamic is a Laravel and Git powered content management system CMS. Prior to 6.6.2, stored XSS in the control panel color mode preference allows authenticated users with control panel access to inject malicious JavaScript that executes when a higher-privileged user impersonates their account. Th...
SUSE CVE-2026-0997
Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 and Mattermost Plugin Zoom versions =1.11.0 fail to validate the authenticated user when processing /plugins/zoom/api/v1/channel-preference, which allows any logged-in user to change Zoom meeting restrictions for arbitrary...
WordPress Paytium: Mollie payment forms & donations plugin <= 4.3.7 - Missing Authorization in 'update_profile_preference' vulnerability
Missing Authorization in 'updateprofilepreference' vulnerability discovered by WordFence in WordPress Plugin Paytium versions = 4.3.7...
Mattermost Plugin Zoom allows any logged-in user to change Zoom meeting restrictions for arbitrary channels
Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 and Mattermost Plugin Zoom versions =1.11.0 fail to validate the authenticated user when processing /plugins/zoom/api/v1/channel-preference, which allows any logged-in user to change Zoom meeting restrictions for arbitrary...
EUVD-2026-6099
Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 and Mattermost Plugin Zoom versions =1.11.0 fail to validate the authenticated user when processing /plugins/zoom/api/v1/channel-preference, which allows any logged-in user to change Zoom meeting restrictions for arbitrary...
GHSA-2PHX-FRHF-XR55 Mattermost Plugin Zoom allows any logged-in user to change Zoom meeting restrictions for arbitrary channels
Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 and Mattermost Plugin Zoom versions =1.11.0 fail to validate the authenticated user when processing /plugins/zoom/api/v1/channel-preference, which allows any logged-in user to change Zoom meeting restrictions for arbitrary...