21545 matches found
CVE-2026-34327
Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attacker to perform spoofing over a network...
CGA-V5R8-HQ9W-74FR
Bulletin has no description...
CVE-2026-44365
REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-34429. Reason: This candidate is a duplicate of CVE-2026-34429. Notes: All CVE users should reference CVE-2026-34429 instead of this candidate...
CVE-2026-34327
Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-43585
OpenClaw before 2026.4.15 captures resolved bearer-auth configuration at startup, allowing revoked tokens to remain valid after SecretRef rotation. Gateway HTTP and WebSocket handlers fail to re-resolve authentication per-request, enabling attackers to use rotated-out bearer tokens for unauthoriz...
GHSA-R736-2678-FCRX FacturaScripts vulnerable to stored XSS via product reference in sales/purchases
Summary A stored Cross-Site Scripting XSS vulnerability exists in the product search modal of sales and purchases documents. An authenticated user with access to the warehouse module can create a product with a malicious reference that executes arbitrary JavaScript in the browser of any other use...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the referencia field in the product creation process. An attacker can execute arbitrary JavaScript in the browser of another authenticated user by injecting a crafted value into the referencia field, which i...
FacturaScripts vulnerable to stored XSS via product reference in sales/purchases
Summary A stored Cross-Site Scripting XSS vulnerability exists in the product search modal of sales and purchases documents. An authenticated user with access to the warehouse module can create a product with a malicious reference that executes arbitrary JavaScript in the browser of any other use...
CVE-2026-44243
GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository’s .git directory...
DEBIAN-CVE-2026-44243
GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository’s .git directory...
ECHO-A2CB-9FEB-100C From https://github.com/nltk/nltk/pull/3468 (merge commit 1056b32).
Bulletin has no description...
CVE-2026-44243
GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository’s .git directory...
CVE-2026-44243 GitPython: Path traversal in GitPython reference APIs allows arbitrary file write and delete outside the repository
GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository’s .git directory...
CVE-2026-44243
GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository’s .git directory...
CVE-2026-44243
GitPython (Python library for interacting with Git repositories) contains a path-traversal vulnerability in its reference APIs. Before version 3.1.48, attacker-controlled reference names can be used to cause writes, renames, or deletions of files outside the repository’s .git directory due to ins...
MINI-MQC4-M8MW-FVM4
Bulletin has no description...
MINI-XFCG-585V-RMXM
Bulletin has no description...
CVE-2026-33587
creationtimestamp| type| source ---|---|--- 2026-05-07 14:27:42+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlbgenzhu22n 2026-05-07 21:53:33+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mlc7bvidfi2g...
Microsoft Partner Center Spoofing Vulnerability
Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attacker to perform spoofing over a network...
ECHO-10F7-6099-CD97
Bulletin has no description...