MiracleLinux 8 : kernel-4.18.0-553.124.4.el8_10 (AXSA:2026-707:36)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-707:36 advisory. kernel: net: skbuff: propagate shared-frag marker through frag-transfer helpers CVE-2026-46300 kernel: ptrace: require CAPSYSPTRACE when task has no ...

CVE-2026-45054

CubeCart is an ecommerce software solution. Prior to 6.7.0, the admin orders-transactions listing page admin.php?g=orders&node=transactions builds a raw ORDER BY SQL fragment from the attacker-controlled $GET'sort' array without column or direction validation. Both the column key and the directio...

CVE-2026-45054

CubeCart is an ecommerce software solution. Prior to 6.7.0, the admin orders-transactions listing page admin.php?g=orders&node=transactions builds a raw ORDER BY SQL fragment from the attacker-controlled $GET'sort' array without column or direction validation. Both the column key and the directio...

CVE-2026-45054 CubeCart: Authenticated SQL Injection via `sort[]` Parameter in Admin Orders Transactions Listing

CubeCart is an ecommerce software solution. Prior to 6.7.0, the admin orders-transactions listing page admin.php?g=orders&node=transactions builds a raw ORDER BY SQL fragment from the attacker-controlled $GET'sort' array without column or direction validation. Both the column key and the directio...

CVE-2026-44376

CubeCart (v6.x) prior to 6.7.0 contains an unauthenticated Reflected XSS in the search feature. Root cause is a logic flaw in classes/catalogue.class.php that reflects unsanitized user input when a search returns exactly one product, bypassing existing filters. Consequences include the execution ...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetchKey function. An attacker can cause the server to make arbitrary HTTP requests to attacker-controlled destinations by crafting a JWT with malicious claim values that are interpolated into th...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetchKey function. An attacker can cause the server to make arbitrary HTTP requests to attacker-controlled destinations by crafting a JWT with malicious claim values that are interpolated into th...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetchKey function. An attacker can cause the server to make arbitrary HTTP requests to attacker-controlled destinations by crafting a JWT with malicious claim values that are interpolated into th...

CVE-2026-32301 Centrifugo: SSRF via unverified JWT claims interpolated into dynamic JWKS endpoint URL

Centrifugo is an open-source scalable real-time messaging server. Prior to 6.7.0, Centrifugo is vulnerable to Server-Side Request Forgery SSRF when configured with a dynamic JWKS endpoint URL using template variables e.g. tenant. An unauthenticated attacker can craft a JWT with a malicious iss or...

WordPress Jetpack CRM plugin <= 6.7.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Skalucy in WordPress Plugin Jetpack CRM versions = 6.7.0...

Tenable Security Center < 6.7.0 (TNS-2025-21)

According to its self-reported version, the Tenable Security Center running on the remote host is prior to 6.7.0. It is, therefore, affected by a vulnerability as referenced in the TNS-2025-21 advisory. - In Tenable Security Center versions prior to 6.7.0, an improper access control vulnerability...

CVE-2025-36636 Improper Access Control

In Tenable Security Center versions prior to 6.7.0, an improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope...

EUVD-2025-33302

In Tenable Security Center versions prior to 6.7.0, an improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope...

CVE-2025-36636

CVE-2025-36636 affects Tenable Security Center before version 6.7.0. The issue is an improper access control that allows an authenticated user to access areas outside their authorized scope, with impact described as none to confidentiality, and low integrity impact (CVSS 3.1: 4.3). Remediation is...

[R1] Security Center Version 6.7.0 Fixes One Vulnerability

R1 Security Center Version 6.7.0 Fixes One Vulnerability Arnie Cabral Wed, 10/08/2025 - 10:29 In Tenable Security Center versions prior to 6.7.0, an improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope...

PT-2023-23273 · Unknown · Startsharp +1

Name of the Vulnerable Software and Affected Versions: Serenity Serene versions prior to 6.7.0 StartSharp versions prior to 6.7.0 Description: An issue was discovered where the server response to a password reset request leaks the existence of users. If a password reset is attempted for a...

CVE-2022-35670

creationtimestamp| type| source ---|---|--- 2022-08-11 18:38:11+00:00| seen| https://t.me/cibsecurity/47984...

PT-2022-16410 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 6.7.0 and earlier Description: The issue allows team members to access some sensitive information by directly accessing the APIs. This is an unrestricted information disclosure issue that affects all users. Recommendations...

Cedar Gate EZ-NET 跨站脚本漏洞

Cedar Gate EZ-NET is an Internet portal application from Cedar UK. A cross-site scripting vulnerability exists in The Cedar Gate EZ-NET 6.5.5, 6.6.3, 6.7.0, and 6.8.0 that stems from The Cedar Gate EZ-NET 6.5.5, and 6.8.0 having a call to display messages to the user that do not correctly clean u...

Cisco Firepower Management Center 跨站脚本漏洞

Cisco Firepower Management Center is the nerve center for managing Cisco network security solutions, improving the effectiveness of Cisco network security solutions by providing centralized, integrated, and simplified management. A stored cross-site scripting vulnerability exists in the Web...