617 matches found
EUVD-2026-43167
The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload that allows registered users uploading executable files and leads to full RCE...
PT-2026-57426
Name of the Vulnerable Software and Affected Versions Phoca Downloads affected versions not specified Description An authenticated arbitrary file upload issue exists in the Phoca Downloads extension. This flaw allows registered users to upload executable files, which can lead to remote code...
CVE-2026-53319
A flaw was found in the Linux kernel's block writeback throttling blk-wbt component. The wbtinitenabledefault function used a warning mechanism WARNONONCE for expected failure paths during memory allocation or if writeback throttling was already registered. This could lead to spurious warnings, b...
CVE-2026-53947
Ghost is a Node.js content management system. From 5.18.0 until 6.21.1, a discrepancy in responses from the members signin endpoints made it possible for an unauthenticated attacker to determine whether a given email address belongs to a registered member of a Ghost site. This vulnerability is...
CVE-2026-52979
In the Linux kernel, the following vulnerability has been resolved: net: psp: check for device unregister when creating assoc pspassocdevicegetlocked obtains a pspdev reference via pspdevgetforsock which uses pspdevtryget under RCU; it then acquires psd-lock and drops the reference. Before the lo...
CVE-2026-52979
In the Linux kernel, the following vulnerability has been resolved: net: psp: check for device unregister when creating assoc pspassocdevicegetlocked obtains a pspdev reference via pspdevgetforsock which uses pspdevtryget under RCU; it then acquires psd-lock and drops the reference. Before the lo...
GHSA-3W28-36P9-W929 Gogs's Unauthenticated Jupyter Notebook (ipynb) Sanitizer allows arbitrary data: URIs leading to XSS
Summary The Jupyter Notebook ipynb sanitizer endpoint at POST /-/api/sanitizeipynb allows arbitrary data: URIs without proper restrictions, potentially leading to Cross-Site Scripting XSS. The endpoint uses bluemonday.UGCPolicy with p.AllowURLSchemes"data" which permits all data URI schemes...
CVE-2026-48166 Filament: Timing-based user enumeration on login page
Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, the login page has an observable timing discrepancy that allows unauthenticated attackers to enumerate registered email addresses. The impact is limited to disclosing whether ...
CVE-2026-56081
Cap-go before 12.128.2 contains an authentication logic flaw allowing an attacker to register and take control of an account bound to a victim’s unverified email. By enabling two-factor authentication on the pre-registered account, the attacker can read and modify the account’s state and enforce ...
CVE-2026-54224
UBB.threads is vulnerable to Denial of Service DoS. By sending multiple concurrent requests to view any user profile on instances with many registered users, an authenticated attacker can easily exhaust database resources and completely deny access to the application for other users. Because vend...
GHSA-VMF9-XX9W-86WX PraisonAI ToolsMCPServer legacy SSE transport accepts attacker Host/Origin and exposes registered tools
PraisonAI ToolsMCPServer legacy SSE transport accepts attacker Host/Origin and exposes registered tools Summary praisonaiagents.mcp.ToolsMCPServer.runsse builds a Starlette MCP HTTP+SSE server around mcp.server.sse.SseServerTransport. The server exposes /sse and /messages/, but it does not valida...
GHSA-JQ35-7PRP-9V3F PyJWT: Algorithm allow-list bypass when decoding with `PyJWK` / `PyJWKClient` keys
!NOTE Scored assuming a deployment where algorithm policy functions as an authentication/authorization boundary. In deployments where the algorithm policy enforces crypto agility only, the practical confidentiality impact is lower and the issue is closer to an integrity-of-policy-enforcement bug...
CVE-2026-6046 Plugin bot username conflict allows user account to be used as bot identity in Mattermost Server
Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 fail to validate that a username returned during bot registration belongs to a bot account, which allows an unprivileged attacker to intercept private messages sent by plugins via direct message channels ...
PYSEC-2026-176
PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode or jwt.decodecomplete are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature...
PT-2026-43349
Chatwoot is a customer engagement suite. From 2.14.0 to before 4.13.0, a Pre-Account Takeover Pre-ATO vulnerability existed in Chatwoot's authentication flow. Because email confirmation was not enforced before an account became usable, an attacker could pre-register an email address they did not...
SocuSoft DVD Photo Slideshow Professional 安全漏洞
SocuSoft DVD Photo Slideshow Professional is an electronic photo album creation software from SocuSoft. A security vulnerability exists in SocuSoft DVD Photo Slideshow Professional version 8.07, which stems from a stack-based buffer overflow in the registered name field that could allow a local...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: iouring/afunix: Defer the garbage collection of registered files to iouring’s responsibility. Instead of having unixgc handle the registered files of iouring, we want iouring to handle them itself. The key here is to consider the...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Wifi: mt76 – Do not call mt76unregisterdevice on unregistered hardware devices. Attempting to probe a mt7921e PCI card without firmware results in a successful probe, but ieee80211registerhw is not called. When removing the drive...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: LAG, fixed the logic for MLX5LAGFLAGNDEVSREADY Set MLX5LAGFLAGNDEVSREADY only if both devices are registered. This ensures that both ldev-pfMLX5LAGP0.dev and ldev-pfMLX5LAGP1.dev have valid pointers when...
CVE-2018-25325 Woocommerce CSV Importer 3.3.6 Path Traversal File Deletion
Woocommerce CSV Importer 3.3.6 contains a path traversal vulnerability that allows any registered user to delete arbitrary files by submitting unescaped filenames through the deleteexportfile AJAX action. Attackers can craft POST requests with directory traversal sequences in the filename paramet...