3046 matches found
PT-2026-22870
Name of the Vulnerable Software and Affected Versions Enable Media Replace plugin for WordPress versions through 4.1.7 Description The Enable Media Replace plugin for WordPress has a flaw that allows unauthorized modification of data. This is due to an insufficient capability check within the...
Caddy is vulnerable to cross-origin config application via local admin API /load
commit: e0f8d9b2047af417d8faf354b675941f3dac9891 as-of 2026-02-04 channel: GitHub security advisory per SECURITY.md summary The local caddy admin API default listen 127.0.0.1:2019 exposes a state-changing POST /load endpoint that replaces the entire running configuration. When origin enforcement ...
CVE-2026-27589
Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, the local caddy admin API default listen 127.0.0.1:2019 exposes a state-changing POST /load endpoint that replaces the entire running configuration. When origin enforcement is not enabled enforceorigin not...
UBUNTU-CVE-2026-27589
Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, the local caddy admin API default listen 127.0.0.1:2019 exposes a state-changing POST /load endpoint that replaces the entire running configuration. When origin enforcement is not enabled enforceorigin not...
CVE-2026-27589 Caddy vulnerable to cross-origin config application via local admin API /load (caddy)
Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, the local caddy admin API default listen 127.0.0.1:2019 exposes a state-changing POST /load endpoint that replaces the entire running configuration. When origin enforcement is not enabled enforceorigin not...
Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.62 SP3 security update
Red Hat JBoss Core Services Apache HTTP Server 2.4.62 Service Pack 3 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
CVE-2026-2946
CVE-2026-2946 affects rymcu forest up to version 0.0.5. The vulnerability is in the function XssUtils.replaceHtmlCode (src/main/java/com/rymcu/forest/util/XssUtils.java) of the Article Content/Comments/Portfolio component, enabling cross-site scripting. The issue enables remote exploitation and t...
CVE-2026-23194 rust_binder: correctly handle FDA objects of length zero
In the Linux kernel, the following vulnerability has been resolved: rustbinder: correctly handle FDA objects of length zero Fix a bug where an empty FDA fd array object with 0 fds would cause an out-of-bounds error. The previous implementation used skip == 0 to mean "this is a pointer fixup", but...
CVE-2019-25344
Wondershare MobileGo 8.5.0 contains an insecure file permissions vulnerability that allows local users to modify executable files in the application directory. Attackers can replace the original MobileGo.exe with a malicious executable to create a new user account and add it to the Administrators...
CVE-2019-25344 MobileGo 8.5.0 - Insecure File Permissions
Wondershare MobileGo 8.5.0 contains an insecure file permissions vulnerability that allows local users to modify executable files in the application directory. Attackers can replace the original MobileGo.exe with a malicious executable to create a new user account and add it to the Administrators...
Security Bulletin: Apache Lucene PRISMA-2021-0081 X-Force 216835 security vulnerability
Summary Apache Lucene PRISMA-2021-0081 X-Force 216835 security vulnerability in FileNet Content Manager FNCM Content Search Services CSS/Enterprise Content Management Text Search ECMTS. CSS/ECMTS is affected and is potentially vulnerable. Vulnerability Details Refer to the security bulletins list...
[SECURITY] Fedora 42 Update: rust-procs-0.14.10-7.fc42
A modern replacement for ps...
Description of the security update for Word 2016: February 10, 2026 (KB5002839)
Description of the security update for Word 2016: February 10, 2026 KB5002839 Summary This security update resolves a Microsoft Outlook spoofing vulnerability and Microsoft Word spoofing vulnerability. To learn more about the vulnerabilities, see the following security advisories: Microsoft Commo...
[SECURITY] Fedora 43 Update: uv-0.9.30-2.fc43
An extremely fast Python package and project manager, written in Rust. Highlights: =E2=80=A2 A single tool to replace pip, pip-tools, pipx, poetry, pyenv, twi ne, virtualenv, and more. =E2=80=A2 10-100x faster than pip. =E2=80=A2 Provides comprehensive project management, with a universal lockf...
[SECURITY] Fedora 43 Update: atuin-18.6.1-10.fc43
Atuin replaces your existing shell history with a SQLite database, and records additional context for your commands. Additionally, it provides optional and fully encrypted synchronization of your history between machines, via an Atuin server...
CVE-2025-10314 Malicious Code Execution Vulnerability in Mitsubishi Small-Capacity UPS Shutdown Software FREQSHIP-mini for Windows
Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation FREQSHIP-mini for Windows versions 8.0.0 to 8.0.2 allows a local attacker to execute arbitrary code with system privileges by replacing service executable files EXE or DLLs in the installation directory with specially...
CVE-2025-10314
CVE-2025-10314 concerns Mitsubishi Electric Corporation FREQSHIP-mini for Windows (versions 8.0.0–8.0.2). Affected component is the installation directory’s service executables or DLLs, with root cause described as incorrect default permissions. Local attackers can execute arbitrary code with sys...
EVE Doesn't Protect Rootfs
Impact Measured boot validates BIOS, grub, kernel cmdline, and initrd but not the entire rootfs. Thus, an attacker can create an EVE-OS rootfs squashfs image with some files modified and take out the disk and replace the existing rootfs image without that being detected by measure boot and remote...
GHSA-5H7V-G49C-H887 EVE Doesn't Protect Rootfs
Impact Measured boot validates BIOS, grub, kernel cmdline, and initrd but not the entire rootfs. Thus, an attacker can create an EVE-OS rootfs squashfs image with some files modified and take out the disk and replace the existing rootfs image without that being detected by measure boot and remote...
Post-Quantum Identity-Based TLS for 5G Service-Based Architecture and Cloud-Native Infrastructure
Cloud-native application platforms and latency-sensitive systems such as 5G Core networks rely heavily on certificate-based Public Key Infrastructure PKI and mutual TLS to secure service-to-service communication. While effective, this model introduces significant operational and performance...