494 matches found
CVE-2026-14793
A vulnerability was detected in Craft CMS up to 4.18.0.1. Affected is the function actionReorderSets of the file src/controllers/GlobalsController.php of the component reorder-sets Endpoint. The manipulation results in authorization bypass. The attack can be executed remotely. Upgrading to versio...
CVE-2026-14793
The vulnerability affects Craft CMS up to version 4.18.0.1, specifically the function actionReorderSets in src/controllers/GlobalsController.php of the reorder-sets Endpoint. The issue results in an authorization bypass and can be exploited remotely. A fix is available in version 4.18.1, with the...
CVE-2026-14793
A vulnerability was detected in Craft CMS up to 4.18.0.1. Affected is the function actionReorderSets of the file src/controllers/GlobalsController.php of the component reorder-sets Endpoint. The manipulation results in authorization bypass. The attack can be executed remotely. Upgrading to versio...
EUVD-2026-41804
A vulnerability was detected in Craft CMS up to 4.18.0.1. Affected is the function actionReorderSets of the file src/controllers/GlobalsController.php of the component reorder-sets Endpoint. The manipulation results in authorization bypass. The attack can be executed remotely. Upgrading to versio...
CVE-2026-14793 Craft CMS reorder-sets Endpoint GlobalsController.php actionReorderSets authorization
A vulnerability was detected in Craft CMS up to 4.18.0.1. Affected is the function actionReorderSets of the file src/controllers/GlobalsController.php of the component reorder-sets Endpoint. The manipulation results in authorization bypass. The attack can be executed remotely. Upgrading to versio...
CVE-2026-14191
CVE-2026-14191 describes an out-of-bounds heap write in WinRAR/UnRAR’s RAR5 recovery-volume (.rev) parser (RecVolumes5::ReadHeader). The RecItems vector is sized based on the first .rev file; subsequent .rev files supply an independent RecNum that is validated against that file’s TotalCount but n...
EUVD-2026-40746
Insufficient policy enforcement in Related-Website-Sets in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...
DEBIAN-CVE-2026-14059
Insufficient policy enforcement in Related-Website-Sets in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...
CVE-2026-14059
Insufficient policy enforcement in Related-Website-Sets in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...
CVE-2026-14059
Insufficient policy enforcement in Related-Website-Sets in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...
CVE-2026-14059
CVE-2026-14059 concerns Google Chrome (Chromium) and describes insufficient policy enforcement in the Related-Website-Sets mechanism. The vulnerability allows a remote attacker to leak cross-origin data via a crafted HTML page. Affected software version: Chrome prior to 150.0.7871.47 (Chromium ba...
CVE-2026-14059
Insufficient policy enforcement in Related-Website-Sets in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...
PT-2026-54334
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient policy enforcement in Related-Website-Sets allows a remote attacker to leak cross-origin data through the use of a crafted HTML page. Cross-origin data leakage occurs when ...
SUSE CVE-2026-53287
In the Linux kernel, the following vulnerability has been resolved: audit: fix incorrect inheritable capability in CAPSET records auditlogcapset records the effective capability set into the inheritable field due to a copy-paste error. Every CAPSET audit record therefore reports cappi process...
Linux Distros Unpatched Vulnerability : CVE-2026-49295
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted H.265 bitstream can cause an out-of-bounds array write in...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables – Disallowed timeout for anonymous sets. These parameters have never been used in the user space; hence, they are not allowed...
SUSE-SU-2026:2440-1 Security update for glibc
This update for glibc fixes the following issues: - CVE-2026-5928: libio: Fix ungetwc operating on byte stream bsc1262464, BZ 33998 - CVE-2026-5450: stdio-common: Fix buffer overflow in scanf %mc bsc1262465, BZ 34008 - CVE-2026-4046: Use pending character state in IBM1390, IBM1399 character sets...
EulerOS Virtualization 2.13.0 : glibc (EulerOS-SA-2026-2399)
According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Calling the scanf family of functions with a %mc malloc'd character match in the GNU C Library version 2.7 to version 2.43 with a...
EulerOS Virtualization 2.13.1 : glibc (EulerOS-SA-2026-2370)
According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Calling the scanf family of functions with a %mc malloc'd character match in the GNU C Library version 2.7 to version 2.43 with a...
EulerOS 2.0 SP11 : glibc (EulerOS-SA-2026-2205)
According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The iconv function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or...