EUVD-2026-36395

The JwtAccessTokenValidator class in Apache CXF fails to validate the 'aud' Audience claims of incoming JWT access tokens. This allows a JWT issued for one Resource Server to be successfully replayed against a completely different Resource Server, leading to Token Confusion/Routing attacks. Users...

CVE-2026-50627 Apache CXF: OAuth2: Missing JWT Audience and Issuer Validation in Access Token Validator

The JwtAccessTokenValidator class in Apache CXF fails to validate the 'aud' Audience claims of incoming JWT access tokens. This allows a JWT issued for one Resource Server to be successfully replayed against a completely different Resource Server, leading to Token Confusion/Routing attacks. Users...

WordPress Fediverse Embeds plugin <= 1.5.7 - Unauthenticated SSRF vulnerability

Unauthenticated SSRF vulnerability discovered by 0xBassia in WordPress Plugin Fediverse Embeds versions = 1.5.7...

CVE-2026-46693

A flaw was found in ImageMagick. An attacker able to connect to a magick -distribute-cache service could exploit a race condition to hijack a file descriptor in the server process. This could lead to unauthorized access to sensitive information...

WordPress Fediverse Embeds plugin <= 1.5.7 - Unauthenticated SSRF vulnerability

Unauthenticated SSRF vulnerability discovered by 0xBassia in WordPress Plugin Fediverse Embeds versions = 1.5.7...

Information Exposure

Element Call is vulnerable to Information Exposure. The vulnerability is due to analytics data including full page URLs and URL fragments being sent to a configured PostHog server, which allows an attacker with access to the analytics data to obtain sensitive information such as call encryption...

Qualitor <= v8.24 - Server-Side Request Forgery

Qualitor v8.24 was discovered to contain a Server-Side Request Forgery SSRF via the component /request/viewValidacao.php. id: CVE-2024-48360 info: name: Qualitor = v8.24 - Server-Side Request Forgery author: s4e-io severity: high description: | Qualitor v8.24 was discovered to contain a Server-Si...

Drawio <18.0.4 - Server-Side Request Forgery

Drawio prior to 18.0.4 is vulnerable to server-side request forgery. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information. id: CVE-2022-1713 info: name: Drawio 18.0.4 - Server-Side Request Forgery author: pikpikcu severity: high...

Ulterius Server < 1.9.5.0 - Directory Traversal

Ulterius Server before 1.9.5.0 allows HTTP server directory traversal via the process function in RemoteTaskServer/WebServer/HttpServer.cs. id: CVE-2017-16806 info: name: Ulterius Server 1.9.5.0 - Directory Traversal author: geeknik severity: high description: Ulterius Server before 1.9.5.0 allow...

Apache OFBiz < 18.12.11 - Remote Code Execution

The vulnerability allows attackers to bypass authentication to achieve a simple Server-Side Request Forgery SSRF id: CVE-2023-51467 info: name: Apache OFBiz 18.12.11 - Remote Code Execution author: your3cho severity: critical description: | The vulnerability allows attackers to bypass...

SUSE CVE-2026-11785

A flaw was found in 389 Directory Server. A type confusion in the SSO token extended operation handler causes partial stack address information to be disclosed in LDAP responses to authenticated users...

SUSE CVE-2026-11786

A flaw was found in 389 Directory Server. The LDIF parser reads past the end of a heap buffer when processing attribute types with trailing semicolons during database import, causing an out-of-bounds read detectable under memory instrumentation...

SUSE CVE-2026-11787

A flaw was found in 389 Directory Server. The ldaputf8prev function reads bytes before the start of a buffer without bounds checking, causing a heap buffer over-read in string filter parsing that may influence internal filter processing behavior...

SUSE CVE-2026-11788

A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocation failure before using a BER structure, allowing an unauthenticated remote attacker to crash the LDAP server when the system is under memory pressure...

SUSE CVE-2026-11789

A flaw was found in 389 Directory Server. The SMD5 password storage plugin performs unsigned integer underflow when computing salt length from a crafted password hash shorter than 16 bytes, causing a buffer over-read that crashes the LDAP server during authentication...

SUSE CVE-2026-11790

A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password storage plugin does not enforce an upper bound on the iteration count extracted from stored password hashes. A privileged attacker who can modify a user's password hash can cause excessive CPU consumption during authentication,...

SUSE CVE-2026-11792

A heap buffer overflow flaw was found in 389 Directory Server. When audit logging is enabled, the createmaskedentrystring function in auditlog.c copies a fixed-length password mask into a precisely-sized heap buffer without checking available space. If a short cleartext password is logged requiri...

SUSE CVE-2026-11793

A stack buffer overflow flaw was found in 389 Directory Server. The checkPrefix function in pw.c copies an attacker-controlled algorithm ID into a 256-byte stack buffer without bounds checking when parsing reversible-encrypted attribute values. An attacker with Directory Manager privileges can...

SUSE CVE-2026-11884

A heap buffer overflow flaw was found in 389 Directory Server. When serializing objectclass definitions, the ocsuperior SUP field length is omitted from buffer size calculations in readschemadse and schemaoctostring, but the field is still written via strcat. An attacker with Directory Manager...

CVE-2026-11933

A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is able to run server-side JavaScript for example, via $where or $function can cause the server to access...