374 matches found
EUVD-2026-41212
Craft CMS: Sensitive File Disclosure / Server-Side File Read...
MINI-5J6X-P3XH-WQQV
Bulletin has no description...
CVE-2026-55792
Craft CMS is vulnerable in versions 4.0.0-RC1 through 4.17.x and 5.0.0-RC1 through 5.9.x due to dataUrl() being in the Twig sandbox allowlist. A control panel user with the utility:system-messages permission can embed a file-reading payload in system emails, causing the server to read targeted fi...
CVE-2026-55792 Craft CMS: Sensitive File Disclosure / Server-Side File Read
Craft CMS is a content management system CMS. In versions starting from 4.0.0-RC1 and prior to 4.18.0, and 5.0.0-RC1 and above, prior to 5.10.0, the dataUrl Twig function is included in Craft’s Twig sandbox allowlist, allowing any control panel user granted the utility:system-messages permission ...
MINI-5C7H-WFH5-C433
Bulletin has no description...
PT-2026-54860
Name of the Vulnerable Software and Affected Versions Craft CMS versions 4.0.0-RC1 through 4.17.9 Craft CMS versions 5.0.0-RC1 through 5.9.9 Description Control panel users with the utility:system-messages permission can embed a file-reading payload into system email templates because the dataUrl...
MINI-GXJ8-QV8R-H4XV
Bulletin has no description...
EUVD-2026-31395
golang.org/x/crypto/ssh: FIDO/U2F security key physical presence check can be bypassed...
golang.org/x/crypto: FIDO/U2F security key physical presence check can be bypassed
The Verify method for FIDO/U2F security key types [email protected], [email protected] did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior,...
MINI-X8W8-QXQV-J797
Bulletin has no description...
MINI-2F7M-R4QJ-FMG2
Bulletin has no description...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS : Go Cryptography vulnerabilities (USN-8447-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8447-1 advisory. It was discovered that Go Cryptography did not properly handle SSH global request responses. ...
SUSE SLED15 / SLES15 Security Update : cosign (SUSE-SU-2026:2365-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2365-1 advisory. This update for cosign fixes the following issue - CVE-2026-39395: Incorrect attestation verification due to malformed...
Amazon Linux 2 : runfinch-finch, --advisory ALAS2DOCKER-2026-128 (ALASDOCKER-2026-128)
The version of runfinch-finch installed on the remote host is prior to 1.17.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-128 advisory. An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounde...
Amazon Linux 2 : containerd, --advisory ALAS2NITRO-ENCLAVES-2026-109 (ALASNITRO-ENCLAVES-2026-109)
The version of containerd installed on the remote host is prior to 2.1.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-109 advisory. An authenticated SSH client that repeatedly opened channels which were rejected by the server caused...
Important: nerdctl
Issue Overview: Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt ...
Amazon Linux 2 : nerdctl, --advisory ALAS2-2026-3334 (ALAS-2026-3334)
The version of nerdctl installed on the remote host is prior to 2.2.2-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3334 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing...
Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2026-1784)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1784 advisory. An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected...
CVE-2026-39831
A flaw was found in golang.org/x/crypto/ssh. The Verify method, responsible for FIDO/U2F security key types, did not properly check for user presence. This allowed signatures to be accepted without requiring a physical touch on the hardware security key. As a result, an attacker could potentially...
Linux Distros Unpatched Vulnerability : CVE-2026-39831
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Verify method for FIDO/U2F security key types [email protected], sk-ssh- [email protected] did not check the User Presence flag. Signatur...