7454 matches found
CVE-2026-32642
A flaw was found in Apache Artemis and Apache ActiveMQ Artemis. An authenticated user can exploit this incorrect authorization vulnerability by attempting to create a non-durable Java Message Service JMS topic subscription on an address that does not exist. If the user has "createDurableQueue"...
Incorrect Authorization
Overview org.apache.activemq:artemis-openwire-protocol is a package for activemq. Affected versions of this package are vulnerable to Incorrect Authorization in the OpenWire protocol when an authenticated user with the createDurableQueue permission but without the createAddress permission attempt...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the OpenWire protocol when an authenticated user with the createDurableQueue permission but without the createAddress permission attempts to create a non-durable JMS topic subscription on a non-existent addres...
CVE-2026-32642
Incorrect Authorization CWE-863 vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscription on an address that doesn't exist with an authenticated user which has the "createDurableQueue"...
Security Bulletin: Multiple vulnerabilities in IBM MQ Operator and Queue manager container images
Summary Multiple vulnerabilities were addressed in IBM MQ Operator and Queue manager container images Vulnerability Details CVEID:CVE-2025-9086 DESCRIPTION: 1. A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same...
CVE-2026-4617
A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. The impacted element is the function ValidateToken of the file /php/apipatientcheckin.php of the component Patient Check-In Module. Executing a manipulation can lead to improper authorization. It i...
CVE-2026-4617
A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. The impacted element is the function ValidateToken of the file /php/apipatientcheckin.php of the component Patient Check-In Module. Executing a manipulation can lead to improper authorization. It i...
CVE-2026-4617
The CVE-2026-4617 entry concerns SourceCodester Patients Waiting Area Queue Management System 1.0. The vulnerability affects the Patient Check-In Module, specifically the ValidateToken function in /php/api_patient_checkin.php. A manipulated token can cause improper authorization, and exploitation...
PT-2026-27284
Name of the Vulnerable Software and Affected Versions SourceCodester Patients Waiting Area Queue Management System version 1.0 Description A flaw exists in the Patient Check-In Module of the software, specifically within the ValidateToken function located in the /php/api patient checkin.php file...
Discourse Information Disclosure Vulnerability (CNVD-2026-17271)
Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an information disclosure vulnerability that originates when the ipaddress of a tagged user is exposed to any user...
Siemens SIMATIC S7-1500 Improper Input Validation(CVE-2025-38457)
In the Linux kernel, the following vulnerability has been resolved: net/sched: Abort tcmodifyqdisc if parent class does not exist Lion's patch 1 revealed an ancient bug in the qdisc API. Whenever a user creates/modifies a qdisc specifying as a parent another qdisc, the qdisc API will, during...
Siemens SIMATIC S7-1500 NULL Pointer Dereference (CVE-2025-38468)
"In the Linux kernel, the following vulnerability has been resolved: net/sched: Return NULL when htblookupleaf encounters an empty rbtree htblookupleaf has a BUGON that can trigger with the following: tc qdisc del dev lo root tc qdisc add dev lo root handle 1: htb default 1 tc class add dev lo...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.2.25 contained security vulnerabilities. These vulnerabilities stemmed from access control issues in signal reaction notification processing, which could allow unauthorized sender...
CVE-2026-33422
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the ipaddress of a flagged user is exposed to any user who can access the review queue, including users who should not be able to see IP addresses. Versions 2026.3.0-latest.1, 2026.2.1, a...
CVE-2026-33422 Discourse exposes ip_address of flagged user
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the ipaddress of a flagged user is exposed to any user who can access the review queue, including users who should not be able to see IP addresses. Versions 2026.3.0-latest.1, 2026.2.1, a...
CVE-2026-33422 Discourse exposes ip_address of flagged user
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the ipaddress of a flagged user is exposed to any user who can access the review queue, including users who should not be able to see IP addresses. Versions 2026.3.0-latest.1, 2026.2.1, a...
CVE-2026-33422
Discourse (open‑source discussion platform) has a vulnerability where the ip_address of a flagged user is exposed to any user who can access the review queue prior to patches. Affected versions are 2026.3.0-latest.1, 2026.2.1, and 2026.1.2. The issue is mitigated by the patches in those versions;...
CVE-2026-33422 Discourse exposes ip_address of flagged user
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the ipaddress of a flagged user is exposed to any user who can access the review queue, including users who should not be able to see IP addresses. Versions 2026.3.0-latest.1, 2026.2.1, a...
EUVD-2026-13900
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the ipaddress of a flagged user is exposed to any user who can access the review queue, including users who should not be able to see IP addresses. Versions 2026.3.0-latest.1, 2026.2.1, a...
CVE-2026-33422
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the ipaddress of a flagged user is exposed to any user who can access the review queue, including users who should not be able to see IP addresses. Versions 2026.3.0-latest.1, 2026.2.1, a...