13714 matches found
CVE-2026-46366
phpMyFAQ before 4.1.2 contains an information disclosure vulnerability in the getIdFromSolutionId method that lacks permission filtering, allowing unauthenticated attackers to enumerate restricted FAQ entries and read their titles via the /solutionidid.html endpoint. Attackers can sequentially...
CVE-2026-46366
phpMyFAQ before 4.1.2 contains an information disclosure vulnerability in the getIdFromSolutionId method that lacks permission filtering, allowing unauthenticated attackers to enumerate restricted FAQ entries and read their titles via the /solutionidid.html endpoint. Attackers can sequentially...
EUVD-2026-30602
phpMyFAQ before 4.1.2 contains an information disclosure vulnerability in the getIdFromSolutionId method that lacks permission filtering, allowing unauthenticated attackers to enumerate restricted FAQ entries and read their titles via the /solutionidid.html endpoint. Attackers can sequentially...
CVE-2026-46366 phpMyFAQ - Unauthenticated Information Disclosure via getIdFromSolutionId Permission Bypass
phpMyFAQ before 4.1.2 contains an information disclosure vulnerability in the getIdFromSolutionId method that lacks permission filtering, allowing unauthenticated attackers to enumerate restricted FAQ entries and read their titles via the /solutionidid.html endpoint. Attackers can sequentially...
CVE-2026-46366 phpMyFAQ - Unauthenticated Information Disclosure via getIdFromSolutionId Permission Bypass
phpMyFAQ before 4.1.2 contains an information disclosure vulnerability in the getIdFromSolutionId method that lacks permission filtering, allowing unauthenticated attackers to enumerate restricted FAQ entries and read their titles via the /solutionidid.html endpoint. Attackers can sequentially...
phpMyFAQ 安全漏洞
phpMyFAQ is a multilingual, fully database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.2 contained security vulnerabilities. These vulnerabilities stemmed from a lack of permission filtering in the getIdFromSolutionId method. This allowed unauthorized attacker...
PT-2026-41368
phpMyFAQ before 4.1.2 contains an information disclosure vulnerability in the getIdFromSolutionId method that lacks permission filtering, allowing unauthenticated attackers to enumerate restricted FAQ entries and read their titles via the /solution id id.html endpoint. Attackers can sequentially...
Linux Distros Unpatched Vulnerability : CVE-2026-8555
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in GTK in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium...
Linux Distros Unpatched Vulnerability : CVE-2026-8391
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11...
Important: Red Hat Security Advisory: Network Observability 1.11.2 for OpenShift
Network Observability 1.11 for Red Hat OpenShift. Network flows collector and monitoring solution...
CVE-2026-42645
Cross-Site Request Forgery CSRF vulnerability in Dmitry V. CEO of "UKR Solution" Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders allows Cross Site Request Forgery.This issue affects Barcode Scanner with Inventory & Order Manager: fro...
Malicious code in @uipath/solution-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 54c97ae73d789e83ab3e7d3a4aa60b13004ed8ddfba42a1b2941598b16e6ade5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3575 Malicious code in @uipath/solution-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 54c97ae73d789e83ab3e7d3a4aa60b13004ed8ddfba42a1b2941598b16e6ade5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3574 Malicious code in @uipath/solution-packager (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6487ed6520bb356b10f79e676ab8025235c19230de13836f08cf630171420426 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Linux Distros Unpatched Vulnerability : CVE-2026-43295
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rapidio: replace riofreenet with kfree in rioscanallocnet When idtab allocation fails, net is not registered with rioaddnet yet, so kfreenet is sufficient to...
Security Bulletin: Multiple vulnerabilities in IBM DevOps Solution Workbench
Summary Multiple vulnerabilities were addressed in IBM DevOps Solution Workbench version 5.1.2 Vulnerability Details CVEID:CVE-2026-6951 DESCRIPTION: Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution RCE due to an incomplete fix for CVE-2022-25912 that block...
io.github.andrekurait.trafficcapture:dockerSolution (>=0.1.3 <=0.1.5), io.github.andrekurait.trafficcapture:trafficCaptureProxyServer (>=0.1.3 <=0.1.5) +6 more potentially affected by unknown CVE via org.opensearch.plugin:opensearch-security (=2.11.1.0)
org.opensearch.plugin:opensearch-security MAVEN version =2.11.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.opensearch.plugin:opensearch-security and may be impacted: - io.github.andrekurait.trafficcapture:dockerSolution =0.1.3, =0.1.3, =0.1....
GHSA-99QV-G4X9-MGC3 phpMyFAQ has unauthenticated FAQ permission bypass via getFaqBySolutionId fallback query
Summary The public /solutionidid.html route calls Faq::getIdFromSolutionId in phpmyfaq/src/phpMyFAQ/Faq.php:1312. That query joins faqdata with faqcategoryrelations solely by solutionid and returns the matching FAQ's id, lang, thema title, and categoryid with no permission filter. An...
phpMyFAQ has unauthenticated FAQ permission bypass via getFaqBySolutionId fallback query
Summary The public /solutionidid.html route calls Faq::getIdFromSolutionId in phpmyfaq/src/phpMyFAQ/Faq.php:1312. That query joins faqdata with faqcategoryrelations solely by solutionid and returns the matching FAQ's id, lang, thema title, and categoryid with no permission filter. An...
Linux Distros Unpatched Vulnerability : CVE-2026-43257
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: cx88: Add missing unmap in sndcx88hwparams In error path, add cx88alsadmaunmap to release resource acquired by cx88alsadmamap. CVE-2026-43257 Note that...