2169 matches found
CVE-2026-14165
Technical details are not publicly available in the provided documents. Monitor for updates on affected versions, root cause, and remediation.
EUVD-2026-42857
R-SOFT DMS stores superadmin credentials using a non-salted nested MD5 hash. This allows an attacker who obtain password hash to decode superadmin credentials. Critically, this password cannot be changed except by modifying the configuration file. This issue was fixed in version v3.17-2000...
CVE-2026-41879
R-SOFT DMS stores superadmin credentials using a non-salted nested MD5 hash. This allows an attacker who obtain password hash to decode superadmin credentials. Critically, this password cannot be changed except by modifying the configuration file. This issue was fixed in version v3.17-2000...
Kibana 7.x < 7.17.15 / 8.x < 8.11.1 Log Injection (ESA-2026-53)
The version of Kibana installed on the remote host is 7.x prior to 7.17.15 or 8.x prior to 8.11.1. It is, therefore, affected by a log injection vulnerability: - Improper Output Neutralization for Logs CWE-117 in Kibana can lead to log injection. An attacker can supply specially crafted input tha...
Critical: Red Hat Security Advisory: OpenShift Container Platform 4.17.55 bug fix and security update
Red Hat OpenShift Container Platform release 4.17.55 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.17. Red Hat Product Security has rated this update as having a...
PT-2026-56563
Name of the Vulnerable Software and Affected Versions NATS Server versions prior to 2.12.8 NATS Server versions prior to 2.11.17 Description An unauthenticated peer with network access to a leafnode listener with compression enabled can cause the server to crash. This occurs during the...
CVE-2026-14868
The encryption algorithm used to protect the configuration of user accounts, stored in the built-in user directory of PcVue projects, all versions prior to 17.0.0, is not strong enough for the level of protection required. A local attacker could alter the existing configuration and ultimately gai...
CVE-2026-14868
The issue involves PcVue projects where the encryption protecting user account configurations in the built‑in user directory is too weak for prior versions (
CVE-2026-14867 Insecure password storage in User directory
Credentials of built-in users are insecurely stored in the User directory of PcVue projects, all versions prior to 17.0.0. A local attacker could retrieve users’ credentials. Active Directory accounts are not affected by this vulnerability...
EUVD-2026-42031
Credentials of built-in users are insecurely stored in the User directory of PcVue projects, all versions prior to 17.0.0. A local attacker could retrieve users’ credentials. Active Directory accounts are not affected by this vulnerability...
PT-2026-56173
Name of the Vulnerable Software and Affected Versions PcVue versions prior to 17.0.0 Description Credentials for built-in users are stored insecurely within the User directory of projects. This allows a local attacker to retrieve these credentials. Active Directory accounts are not affected by th...
PT-2026-56174
Name of the Vulnerable Software and Affected Versions PcVue versions prior to 17.0.0 Description The encryption algorithm used to protect the configuration of user accounts within the built-in user directory of projects is insufficient. This weakness allows a local attacker to modify the existing...
EUVD-2026-41416
Craft CMS is a content management system CMS. Versions 5.0.0-RC1 and above, prior to 5.9.21 and versions 4.0.0-RC1 and above prior to 4.17.14 contain an authorization issue where a forced folder move can delete a conflicting destination folder without destination delete permission. Function...
PT-2026-55266
Name of the Vulnerable Software and Affected Versions Craft CMS versions 5.0.0-RC1 through 5.9.20 Craft CMS versions 4.0.0-RC1 through 4.17.13 Description An authorization issue exists where a forced folder move can delete a conflicting destination folder even if the user lacks the required...
WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.21 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by timomangcut in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.17.21...
UBUNTU-CVE-2026-54592
Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.3, Oj::Doceachchild, when invoked recursively over a deeply nested JSON document, overflows a fixed-size stack buffer and aborts the process, leading to DoS. In a two-step chain in...
IBM WebSphere Application Server Liberty 17.0.0.3 < 26.0.0.7 (7278572)
The version of IBM WebSphere Application Server Liberty running on the remote host is affected by a vulnerability as referenced in the 7278572 advisory. - IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forgery vulnerability with the...
CVE-2026-54898
Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2,Oj::Parserparse is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. The C engine holds a raw const byte pointer into the Ruby...
CVE-2026-44696
OpenProject is open-source, web-based project management software. Prior to 17.4.0, OpenProject's rich text markdown rendering pipeline uses Sanitize::Config::RELAXED:css for inline style sanitization. This configuration permits essentially all CSS properties in style attributes on permitted HTML...
CVE-2026-49355 OpenProject: Private work package data disclosure through single meeting agenda item API
OpenProject is open-source, web-based project management software. Prior to 17.4.0, GET /api/v3/meetings/:meetingid/agendaitems/:agendaitemid discloses private work package data from a linked work package that belongs to a private/inaccessible project. This vulnerability is fixed in 17.4.0...