9209 matches found
EUVD-2026-43565
OpenClaw Feishu tools npm package @openclaw/feishu in versions = 2026.6.6 could ignore per-account disablement. A lower-trust caller or a configured input path could perform actions that should have required a stronger authorization or policy check, resulting in unauthorized operations. The issue...
CVE-2026-57216 RabbitMQ: AMQP 1.0, AMQP 0-9-1, Stream Protocol loopback enforcement can lead to remote guest sessions due to listener-address loopback checks
RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, AMQP 0-9-1, AMQP 1.0, and Stream Protocol authentication can allow a loopback-restricted user such as guest to connect remotely when traffic is accepted through a trusted PROXY-protocol path and the backend...
CVE-2026-57216
CVE-2026-57216 affects RabbitMQ server prior to versions 3.13.15, 4.0.20, 4.1.11, and 4.2.6. The issue occurs when authentication via AMQP 0-9-1, AMQP 1.0, or Stream Protocol allows a loopback-restricted user (e.g., guest) to connect remotely if traffic is accepted through a trusted PROXY-protoco...
CVE-2026-55461
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the user edit flow stores url-previous from the attacker-controlled Referer header into Laravel’s intended URL session value and later uses redirect-intended... when redirectoption=back is submitted, allowing Snipe-IT to be used a...
EUVD-2026-42963
ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL is an open source identity management platform. From 3.0.0-rc.1 through 3.4.11 and from 4.0.0-rc.1 through 4.15.1, ZITADEL's external JWT Identity Provider validation in internal/idp/providers/jwt/session....
PT-2026-57301
Name of the Vulnerable Software and Affected Versions RabbitMQ versions prior to 3.13.15 RabbitMQ versions prior to 4.0.20 RabbitMQ versions prior to 4.1.11 RabbitMQ versions prior to 4.2.6 Description Authentication for AMQP 0-9-1, AMQP 1.0, and Stream Protocol allows a loopback-restricted user,...
CVE-2026-0285
A server-side request forgery SSRF vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator with network access to the management web interface to make unauthorized requests from the firewall to internal services. The security risk posed by this issue is minimize...
CVE-2026-0281
An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to the management web interface to obtain web session tokens. This requires a legitimate user to first click on a malicious link provided by the attacker. The...
EUVD-2026-42676
A server-side request forgery SSRF vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator with network access to the management web interface to make unauthorized requests from the firewall to internal services. The security risk posed by this issue is minimize...
CVE-2026-0285 PAN-OS: Server-Side Request Forgery Vulnerability in Management Web Interface
A server-side request forgery SSRF vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator with network access to the management web interface to make unauthorized requests from the firewall to internal services. The security risk posed by this issue is minimize...
CVE-2026-0285
CVE-2026-0285 : PAN-OS contains a server-side request forgery (SSRF) vulnerability that can be exploited by an authenticated administrator with network access to the management web interface, allowing unauthorized requests from the firewall to internal services. Affected relationships from the so...
CVE-2026-59208
n8n is an open source workflow automation platform. Prior to 2.27.4 and from 2.28.0 prior to 2.28.1, n8n instances configured with more than one trusted token-exchange issuer resolved external identities to local accounts using only the JWT sub claim and ignored the iss claim, allowing an attacke...
CVE-2026-42765
A flaw was found in OpenSSL. When an application is configured with specific non-default settings for certificate verification, including both Online Certificate Status Protocol OCSP response checking and partial chain verification, a NULL dereference can occur. This vulnerability can be triggere...
Important: Red Hat Security Advisory: RHTAS 1.4.2 - CLI Stack Release
The 1.4.2 release of the RHTAS CLIs. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.4 The RHTAS CLI Stack images for RHTAS 1.4.2...
CVE-2026-59928
A flaw was found in Mistune, a Python Markdown parser. A remote attacker could exploit this vulnerability by providing a specially crafted Markdown document containing numerous repeated or distinct reference-link definitions. This can lead to excessive processing, causing CPU exhaustion and a...
Important: Red Hat Security Advisory: RHTAS 1.4.2 - Red Hat Trusted Artifact Signer Release
The 1.4.2 release of Red Hat Trusted Artifact Signer OpenShift Operator. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.4 The RHTAS Operator can be used with OpenShift Container Platform 4.17, 4.18, 4.19, 4.20...
Important: Red Hat Security Advisory: RHTAS 1.4.2 - Red Hat Trusted Artifact Signer Release
The 1.4.2 release of Red Hat Trusted Artifact Signer OpenShift Operator. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.4 The RHTAS Operator can be used with OpenShift Container Platform 4.17, 4.18, 4.19, 4.20...
Important: Red Hat Security Advisory: RHTAS 1.4.2 - Red Hat Trusted Artifact Signer Release
The 1.4.2 release of Red Hat Trusted Artifact Signer OpenShift Operator. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.4 The RHTAS Operator can be used with OpenShift Container Platform 4.17, 4.18, 4.19, 4.20...
Important: Red Hat Security Advisory: RHTAS 1.4.2 - Red Hat Trusted Artifact Signer Release
The 1.4.2 release of Red Hat Trusted Artifact Signer OpenShift Operator. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.4 The RHTAS Operator can be used with OpenShift Container Platform 4.17, 4.18, 4.19, 4.20...
EUVD-2026-42553
Authorization bypass through User-Controlled key vulnerability in PAVO Financial Technology Solutions Inc. PAVO Pay allows Exploitation of Trusted Identifiers. This issue affects PAVO Pay: through 09072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...