40671 matches found
CVE-2026-56087
Dell ThinOS 10, versions prior to 260510.2100 contain a Protection Mechanism Failure vulnerability. An attacker with physical access could potentially exploit this vulnerability, leading to unauthorized access to encrypted data...
EUVD-2026-44741
Dell ThinOS 10, versions prior to 260510.2100 contain a Protection Mechanism Failure vulnerability. An attacker with physical access could potentially exploit this vulnerability, leading to unauthorized access to encrypted data...
CVE-2026-56087
Dell ThinOS 10 is affected in all versions prior to 2605_10.2100. The vulnerability is a Protection Mechanism Failure that could allow an attacker with physical access to bypass protections and gain unauthorized access to encrypted data. Impact is supported by the CVSS data indicating high confid...
EUVD-2026-44751
PyTorch Lightning through 2.6.5, fixed in commit d710d68, contains a remote code execution vulnerability in the loadstate function that imports and executes attacker-controlled module names from checkpoint instantiator hyperparameters. Attackers can craft malicious checkpoint files that bypass...
CVE-2026-61740 LightRAG: Authentication bypass: hardcoded DEFAULT_TOKEN_SECRET and public /auth-status defeat LIGHTRAG_API_KEY protection
LightRAG provides simple and fast retrieval-augmented generation. Prior to 1.5.4, when LightRAG is deployed with LIGHTRAGAPIKEY set but AUTHACCOUNTS unset, X-API-Key protection can be bypassed because lightrag/api/auth.py falls back to a hardcoded DEFAULTTOKENSECRET, /auth-status and /login can...
CVE-2026-61740
LightRAG vulnerability CVE-2026-61740 affects LightRAG prior to v1.5.4. When LIGHTRAG_API_KEY is set but AUTH_ACCOUNTS is unset, authentication protection can be bypassed: lightrag/api/auth.py falls back to a hardcoded DEFAULT_TOKEN_SECRET, /auth-status and /login can mint guest JWTs, and combine...
Grafana <= 6.7.1 - Cross-Site Scripting
Grafana through 6.7.1 contains an unauthenticated stored cross-site scripting vulnerability due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot...
WordPress Secure Copy Content Protection and Content Locking <2.8.2 - SQL Injection
WordPress Secure Copy Content Protection and Content Locking plugin before 2.8.2 contains a SQL injection vulnerability. The plugin does not escape the sccpid parameter of the ayssccpresultsexportfile AJAX action, available to both unauthenticated and authenticated users, before using it in a SQL...
Arcserve Unified Data Protection - Authentication Bypass
An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in the edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin function within wizardLogin. id: CVE-2024-0799 info: name: Arcserve Unified Data Protection -...
CVE-2026-48295
CAI Content Credentials is affected by an Insufficiently Protected Credentials vulnerability that could result in disclosure of sensitive information. An attacker could leverage this vulnerability to gain unauthorized read access. Exploitation of this issue does not require user interaction...
CVE-2026-50646
Protection mechanism failure in .NET Framework allows an unauthorized attacker to execute code locally...
CVE-2026-47305
Protection mechanism failure in Visual Studio allows an unauthorized attacker to execute code locally...
CVE-2026-45075
Summary : Symfony's GET-only method checks in #[IsGranted], #[IsSignatureValid], and #[IsCsrfTokenValid] can be bypassed by HEAD requests, causing header leakage and potential side effects as HEAD is routed to the GET handler. This affects Symfony framework versions prior to 7.4.12 and 8.0.12. Im...
CVE-2026-34348
Protection mechanism failure in Windows Event Logging Service allows an authorized attacker to disclose information over a network...
CVE-2026-34348
CVE-2026-34348 affects the Windows Event Logging Service. The issue is a protection mechanism failure that can allow an authorized attacker to disclose information over a network. According to the available records, the exploit surface is network-based with low privileges required and no user int...
CVE-2026-10669 Xtensa MPU `arch_buffer_validate()` integer-overflow lets a user thread bypass syscall pointer validation
On Xtensa SoCs built with CONFIGXTENSAMPU and CONFIGUSERSPACE, archbuffervalidate in arch/xtensa/core/mpu.c — the architecture hook that verifies a user-mode-supplied buffer is accessible to the calling user thread with the requested permission — defaulted its return value to 0 access permitted a...
CVE-2026-10669
Summary (CVE-2026-10669) : On Xtensa SoCs with CONFIG_XTENSA_MPU and CONFIG_USERSPACE, arch_buffer_validate() erroneously permits access when the buffer size rounds to a wrap of the 32-bit address space, bypassing MPU checks. This can let an unprivileged user-thread validate or copy memory it sho...
Visual Studio Remote Code Execution Vulnerability
Protection mechanism failure in Visual Studio allows an unauthorized attacker to execute code locally...
.NET Framework Remote Code Execution Vulnerability
Protection mechanism failure in .NET Framework allows an unauthorized attacker to execute code locally...
SUSE-SU-2026:2968-1 Security update for python-Authlib
This update for python-Authlib fixes the following issues - CVE-2026-41425: Prior to 1.6.11, there is no CSRF protection on the cache feature in authlib.integrations.starletteclient.OAuth bsc1263114. - CVE-2026-44681: Prior to 1.6.12 and 1.7.1, an unauthenticated open redirect in Authlib's...