1121 matches found
EUVD-2026-32207
Incorrect Privilege Assignment vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through 4.08.253...
CVE-2026-42758
CVE-2026-42758 is a privilege-escalation vulnerability in the WordPress WebinarIgnition plugin (Saleswonder Team: Tobias WebinarIgnition). The issue is described as Incorrect Privilege Assignment and affects WebinarIgnition versions before 4.08.253. The vulnerability is categorized with a high/cr...
EUVD-2026-31913
Chatwoot is a customer engagement suite. From 2.2.0 to before 4.11.2, a SQL injection vulnerability exists in the conversation and contact filter APIs. When filtering by a custom attribute of type date or number using the isgreaterthan or islessthan operators, user-supplied values in the values...
CVE-2025-11482 Allocation of Resources Without Limits or Throttling in the OPC-UA Server
An Allocation of Resources Without Limits or Throttling vulnerability in the OPC-UA Server used in PPT30 Operating System versions before 1.8.0 may be used by an unauthenticated network-based attacker to permanently prevent legitimate users from interacting with the service...
CVE-2026-39965
TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain an SSRF via Open Redirect Bypass as the HTTP Request block and Code block validate the initial request URL via validateHttpReqUrl to block private IPs and cloud metadata hostnames. However, the HTTP clients ky and fetch follow 3...
Astra Linux – Vulnerability in Firefox and Thunderbird
Push notifications stored on disk in private browsing mode were not encrypted, potentially allowing the leakage of sensitive information. This vulnerability affects Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2...
Astra Linux – Vulnerability in Firefox and Thunderbird
When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird 91.4.0, Firefox ESR 91.4.0, and Firefox 95...
ISC BIND 9.20.0 < 9.20.23 / 9.20.9-S1 < 9.20.23-S1 / 9.21.0 < 9.21.22 Vulnerability (cve-2026-3593)
The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2026-3593 advisory. - A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0...
CVE-2026-6474 affecting package postgresql for versions less than 16.14-1
CVE-2026-6474 affecting package postgresql for versions less than 16.14-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-6472 affecting package postgresql for versions less than 16.14-1
CVE-2026-6472 affecting package postgresql for versions less than 16.14-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-35469 affecting package keda for versions less than 2.14.1-12
CVE-2026-35469 affecting package keda for versions less than 2.14.1-12. A patched version of the package is available...
CVE-2026-46720
Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics...
Open WebUI 路径遍历漏洞
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.6.10 had a path traversal vulnerability. This vulnerability arises when uploading audio files, where the file name originates from the original HTTP upload request a...
Amazon Linux 2 : gimp, --advisory ALAS2GIMP-2026-015 (ALASGIMP-2026-015)
The version of gimp installed on the remote host is prior to 2.8.22-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2GIMP-2026-015 advisory. A flaw was found in GIMP. A remote attacker could exploit an integer overflow vulnerability in the FITS image loader by providing ...
CVE-2026-20793
Unchecked return value for some IntelR QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result ma...
CVE-2026-6861 affecting package emacs for versions less than 29.4-4
CVE-2026-6861 affecting package emacs for versions less than 29.4-4. A patched version of the package is available...
EUVD-2026-28537
In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal...
Vim 操作系统命令注入漏洞
Vim is an open-source, cross-platform text editor developed by Vim developers. Versions of Vim prior to 9.2.0383 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the netrw standard plugin, which allowed for OS command injection. This could...
PHP 8.2.x < 8.2.31 Multiple Vulnerabilities
The version of PHP installed on the remote host is prior to 8.2.31. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.2.31 advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number...
CVE-2026-42438 OpenClaw 2026.4.9 < 2026.4.10 - Sender Policy Bypass in Host Media Attachment Reads
OpenClaw versions 2026.4.9 before 2026.4.10 contain a sender policy bypass vulnerability in the outbound host-media attachment read helper that allows unauthorized local file disclosure. Attackers with denied read access via toolsBySender or group policy can trigger host-media attachment loading ...