1848 matches found
EUVD-2026-13310
OpenClaw versions prior to 2026.2.26 server-http contains an authentication bypass vulnerability in gateway authentication for plugin channel endpoints due to path canonicalization mismatch between the gateway guard and plugin handler routing. Attackers can bypass authentication by sending reques...
SUSE-SU-2026:0914-1 Security update for 389-ds
This update for 389-ds fixes the following issues: - CVE-2025-14905: Fixed heap buffer overflow due to improper size calculation in schemaattrenumcallback callback bsc1258727...
EUVD-2026-10686
Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges over a network...
CVE-2026-30969 Coral Server has insufficient agent authentication in session communication channels
Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, Coral Server did not enforce strong authentication between agents and the server within an active session. This could allow an attacker who...
Centreon 安全漏洞
Centreon is a set of open-source system monitoring tools developed by the French company Centreon. This product primarily provides monitoring functions for resources such as networks, systems, and applications. Centreon has security vulnerabilities; these vulnerabilities stem from the lack of...
Oracle Linux 8 : virt:kvm_utils3 (ELSA-2026-50118)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-50118 advisory. - Limit recursion in ri-records CVE-2021-3622 resolves: rhbz1976194 - Bounds check for block exceeding page length CVE-2021-3504 resolves: rhbz1950501...
CVE-2026-23859
Dell Wyse Management Suite (WMS) versions prior to 5.5 contain a Client-Side Enforcement of Server-Side Security weakness that could allow a remote, high-privilege attacker to bypass protection mechanisms. The CVSS 3.1 vector (AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N) yields a base score of 2.7 (LOW)....
Authentication Bypass on FastAPI Routes (Job API, OTel API) When Basic Auth Enabled
Summary When MLflow is started with authentication enabled --app-name basic-auth and served via uvicorn ASGI, the FastAPI permission middleware only enforces authentication on /gateway/ routes. All other FastAPI routes -- including the Job API /ajax-api/3.0/jobs/ and the OpenTelemetry trace...
WordPress plugin g-FFL Checkout code issue vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...
PT-2026-3906
Name of the Vulnerable Software and Affected Versions Grist versions prior to 1.7.9 Description Grist is spreadsheet software that utilizes Python as its formula language. When configured to run formulas in the Pyodide sandbox GRIST SANDBOX FLAVOR set to pyodide, a crafted spreadsheet formula can...
Release of Invalid Pointer or Reference
Overview Magick.NET-Q8-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Release of Invalid Pointer or Reference
Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
MiracleLinux 3 : mysql-5.0.77-4.2.1.AXS3 (AXSA:2010-125:02)
The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2010-125:02 advisory. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many...
CVE-2023-43766
Certain WithSecure products allow Local privilege escalation via the lhz archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for...
CVE-2023-43767
Certain WithSecure products allow Denial of Service via the aepack archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 1...
CVE-2022-38731
Qaelum DOSE 18.08 through 21.1 before 21.2 allows Directory Traversal via the loadimages name parameter. It allows a user to specify an arbitrary location on the server's filesystem from which to load an image. Only images are displayed to the attacker. All other files are loaded but not displaye...
CVE-2019-18791
Lexmark printer MS812 and multiple older generation Lexmark devices have a stored XSS vulnerability in the embedded web server. The vulnerability can be exploited to expose session credentials and other information via the users web browser...
CVE-2019-11497
In Couchbase Server 5.0.0, when an invalid Remote Cluster Certificate was entered as part of the reference creation, XDCR did not parse and check the certificate signature. It then accepted the invalid certificate and attempted to use it to establish future connections to the remote cluster. This...
CVE-2020-7533
CWE-287: Improper Authentication vulnerability exists which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests...
CVE-2020-10043
A vulnerability has been identified in SICAM MMU All versions V2.05, SICAM SGU All versions, SICAM T All versions V2.18. The web server could allow Cross-Site Scripting XSS attacks if unsuspecting users are tricked into accessing a malicious link...