6840 matches found
SUSE CVE-2026-20676
This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A website may be able to track users through Safari web extensions...
EUVD-2026-12886
In the Linux kernel, the following vulnerability has been resolved: net: add proper RCU protection to /proc/net/ptype Yin Fengwei reported an RCU stall in ptypeseqshow and provided a patch. Real issue is that ptypeseqnext and ptypeseqshow violate RCU rules. ptypeseqshow runs under rcureadlock, an...
EUVD-2026-12841
The Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eventtype’ parameter in all versions up to, and including, 3.8.0 due to insufficient input sanitization and...
CVE-2026-3090 Post SMTP <= 3.8.0 - Unauthenticated Stored Cross-Site Scripting via 'event_type'
The Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eventtype’ parameter in all versions up to, and including, 3.8.0 due to insufficient input sanitization and...
CVE-2026-3090
The CVE-2026-3090 entry describes a Stored Cross-Site Scripting vulnerability in the Post SMTP WordPress plugin (versions up to 3.8.0). The issue is triggered by the event_type parameter and arises from insufficient input sanitization and output escaping. Exploitation requires unauthenticated acc...
MAL-2026-1647 Malicious code in adobe-tracking (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ea7322d0f5d2ca7aa6671313fe1f8f467c5db667987215e36535698aa5885df The package adobe-tracking was found to contain malicious code...
Malicious code in adobe-tracking (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ea7322d0f5d2ca7aa6671313fe1f8f467c5db667987215e36535698aa5885df The package adobe-tracking was found to contain malicious code...
[SECURITY] Fedora 44 Update: forgejo-14.0.3-1.fc44
Forgejo pronounced /for=CB=88d=CD=A1=CA=92e.jo/ is a lightweight software f orge. Use it to host git repositories, track their issues and allow people to contribute to them!...
PT-2026-26072
The Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘event type’ parameter in all versions up to, and including, 3.8.0 due to insufficient input sanitization and...
CVE-2026-26004
Sentry is a developer-first error tracking and performance monitoring tool. Versions prior to 26.1.0 have a cross-organization Insecure Direct Object Reference IDOR vulnerability in Sentry's GroupEventJsonView endpoint. Version 26.1.0 patches the issue...
Countering Current Geopolitical Cyber Threats With Qualys
Summary In response to the latest public sector threat intelligence on Iranian-linked threat activity, Qualys has released new intelligence capabilities within Qualys Vulnerability Management, Detection & Response VMDR to help organizations immediately assess their exposure. These updates extend...
Malicious code in tracking-service-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dbea868891563a569959fb4cb0283257c07da112b0e854b53431157e0a12af57 The package tracking-service-config was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-1457 Malicious code in tracking-service-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dbea868891563a569959fb4cb0283257c07da112b0e854b53431157e0a12af57 The package tracking-service-config was found to contain malicious code. Source: ossf-package-analysis...
apache-gravitino (>=1.2.0 <=1.2.1rc2), cloudquery-plugin-sdk (=0.1.52) +14 more potentially affected by CVE-2026-32274 via black (>=26.1.0 <=26.3.0)
black PYPI version =26.1.0, =1.2.0, =0.4.0, =0.2.2, =2.189.0, =0.12.0, =0.7.4, =0.8.0, =0.1.8, =2.54.8, =0.17.1, =1.2.1, =0.1.2, =0.1.3 and more Source cves: CVE-2026-32274 Source advisory: SNYK:PYTHON-BLACK-15518063...
CVE-2026-3099
A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or enforce the required incrementing nonce-count nc attribute. This vulnerability allows a remote attacker to capture a single valid...
UBUNTU-CVE-2026-3099
A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or enforce the required incrementing nonce-count nc attribute. This vulnerability allows a remote attacker to capture a single valid...
CVE-2026-3099
A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or enforce the required incrementing nonce-count nc attribute. This vulnerability allows a remote attacker to capture a single valid...
CVE-2026-3099 Libsoup: libsoup: authentication bypass via digest authentication replay attack
A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or enforce the required incrementing nonce-count nc attribute. This vulnerability allows a remote attacker to capture a single valid...
CVE-2026-3099 Libsoup: libsoup: authentication bypass via digest authentication replay attack
A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or enforce the required incrementing nonce-count nc attribute. This vulnerability allows a remote attacker to capture a single valid...
CVE-2026-3099
A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or enforce the required incrementing nonce-count nc attribute. This vulnerability allows a remote attacker to capture a single valid...