ROS-20260605-73-0027

The vulnerability in Tomcat11 is related to deficiencies in the authentication process. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

ROS-20260605-73-0060

The vulnerability of the Layout component: Texts and fonts in Mozilla Firefox, Firefox ESR, and the email client Thunderbird are related to the use of memory after it is released. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility o...

ROS-20260605-73-0104

The vulnerability of the NSS component in Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to insufficient checking of unusual or exceptional states. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected informatio...

ROS-20260605-73-0001

The vulnerability of the Grafana monitoring and observation platform is related to the disclosure of information. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

ROS-20260529-73-0009

The vulnerability in Portainer-Ce is related to deficiencies in the authentication process. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

CVE-2026-5434

...

Next.js Framework 12.2.x < 15.5.16 / 16.x < 16.2.5 Information Disclosure

The Next.js Framework on the remote host is affected by an information disclosure vulnerability: - Applications using the Pages Router with i18n configured and middleware/proxy-based authorization can allow unauthorized access to protected page data through locale-less /next/data//.json requests...

ROS-20260515-73-0011

A vulnerability in the correlation function of the Grafana monitoring and surveillance platform is related to insufficient access controls. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to protected information...

CVE-2026-44573

Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, Applications using the Pages Router with i18n configured and middleware/proxy-based authorization can allow unauthorized access to protected page data through locale-less...

CVE-2026-44573

CVE-2026-44573 affects Next.js (Pages Router with i18n). From 12.2.0 up to but not including 15.5.16 and 16.2.5, middleware/proxy-based authorization can be bypassed for locale-less /_next/data//.json requests, allowing retrieval of SSR JSON for protected pages without authorization checks. The u...

CVE-2026-44573 Next.js: Middleware / Proxy bypass in Pages Router applications using i18n

Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, Applications using the Pages Router with i18n configured and middleware/proxy-based authorization can allow unauthorized access to protected page data through locale-less...

CVE-2026-44573 Next.js: Middleware / Proxy bypass in Pages Router applications using i18n

Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, Applications using the Pages Router with i18n configured and middleware/proxy-based authorization can allow unauthorized access to protected page data through locale-less...

CVE-2026-43652

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.5. An app may be able to access protected user data...

CVE-2025-9987

The Broadstreet plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.53.1 via the getsponsoredmeta AJAX action. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract data from password protect...

ROS-20260512-73-0022

A vulnerability in the Core component of the Oracle VM VirtualBox virtual machine is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker to gain access to read, modify, or delete protected information...

ROS-20260512-73-0021

A vulnerability in the Core component of the Oracle VM VirtualBox virtual machine is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker to gain access to read, modify, or delete protected information...

CVE-2026-28930

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.5. An app may be able to access protected user data...

CVE-2026-43652

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.5. An app may be able to access protected user data...

CVE-2026-43652

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.5. An app may be able to access protected user data...

CVE-2026-28930

CVE-2026-28930 affects macOS Tahoe; a permissions issue allowed an app to access protected user data. The RedHat/NCSC/EUVD/NVD/Nessus entries and related feeds confirm the root cause as a permissions restriction, with the resolution being the macOS Tahoe 26.5 security update that applies addition...