853 matches found
CVE-2026-47736
Puma is a Ruby/Rack web server built for parallelism. From 5.5.0 until 7.2.1 and 8.0.2, when PROXY protocol v1 support is enabled, Puma reads incoming bytes into an internal buffer while waiting for CRLF to determine whether a PROXY v1 line is present, allowing an attacker that continuously sends...
openSUSE 16 Security Update : tiff (openSUSE-SU-2026:21289-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:21289-1 advisory. This update for tiff fixes the following issues - CVE-2026-12912: heap-based buffer overflow when processing crafted PixarLog-compressed TIFF...
CVE-2026-15496
A vulnerability was found in SonicCloudOrg sonic-agent up to 2.7.2. The impacted element is the function evalIsFailed of the file sonic-agent/src/main/java/org/cloud/sonic/agent/tests/script/GroovyScriptImpl.java of the component Groovy Script Handler. The manipulation results in os command...
CVE-2026-15496 SonicCloudOrg sonic-agent Groovy Script GroovyScriptImpl.java evalIsFailed os command injection
A vulnerability was found in SonicCloudOrg sonic-agent up to 2.7.2. The impacted element is the function evalIsFailed of the file sonic-agent/src/main/java/org/cloud/sonic/agent/tests/script/GroovyScriptImpl.java of the component Groovy Script Handler. The manipulation results in os command...
CVE-2026-15496
SonicCloudOrg sonic-agent (up to version 2.7.2) contains a remote os command injection in GroovyScriptImpl.evalIsFailed within Groovy Script Handler. The vulnerable function is in sonic-agent/src/main/java/org/cloud/sonic/agent/tests/script/GroovyScriptImpl.java. Exploitation is public and report...
EUVD-2026-22188
Open WebUI has Blind Server Side Request Forgery in its Image Edit Functionality...
CVE-2026-57690
Unauthenticated Cross Site Request Forgery CSRF in Werkstatt = 4.7.2 versions...
CVE-2026-57689
Subscriber Broken Access Control in Werkstatt = 4.7.2 versions...
CVE-2026-57689
The CVE-2026-57689 entry concerns the WordPress Werkstatt theme (versions up to 4.7.2) with a Broken Access Control flaw. Affected component: Werkstatt WordPress theme; root cause: broken access control mechanisms in version <= 4.7.2. Impact: unauthorized access to restricted functionality, as...
PT-2026-55031
Unauthenticated Cross Site Request Forgery CSRF in Werkstatt = 4.7.2 versions...
PT-2026-55030
Subscriber Broken Access Control in Werkstatt = 4.7.2 versions...
WordPress Werkstatt theme <= 4.7.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme Werkstatt versions = 4.7.2...
Linux Distros Unpatched Vulnerability : CVE-2025-61022
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in the sqlotbcolpreds component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...
EUVD-2025-210321
An issue in the timettodt component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...
EUVD-2025-210315
An issue in the sqlostripinjoin component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...
DEBIAN-CVE-2025-61024
An issue in the sqlotryinloop component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...
CVE-2025-61025
An issue in the sslrqstget component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...
DEBIAN-CVE-2025-61023
An issue in the stcompare component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...
CVE-2025-61020
An issue in the sqlostripinjoin component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...
DEBIAN-CVE-2025-61019
An issue in the sqlokeypartbest component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...