CVE-2026-44184

Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, Cleanuparr's global CORS policy reflects every request Origin and combines it with AllowCredentials. When DisableAuthForLocalAddresses ...

Decidim's comments API allows access to all commentable resources

Impact The root level commentable field in the API allows access to all commentable resources within the platform, without any permission checks. All Decidim instances are impacted that have not secured the /api endpoint. The /api endpoint is publicly available with the default configuration...

CVE-2025-0137 PAN-OS: Improper Neutralization of Input in the Management Web Interface

An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious authenticated read-write administrator to impersonate another legitimate authenticated PAN-OS administrator. The attacker must have network access to the...

Palo Alto Networks PAN-OS 10.1.x < 10.1.14-h9 / 10.2.x < 10.2.7-h24 / 11.1.x < 11.1.6-h1 / 11.2.x < 11.2.4-h4 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 10.1.x prior to 10.1.14-h9 or 10.2.x prior to 10.2.7-h24 or 11.1.x prior to 11.1.6-h1 or 11.2.x prior to 11.2.4-h4. It is, therefore, affected by a vulnerability. An unauthenticated file deletion vulnerability in the Palo Alto...

About Authentication Bypass – PAN-OS (CVE-2024-0012) vulnerability

About Authentication Bypass - PAN-OS CVE-2024-0012 vulnerability. An unauthenticated attacker with network access to the Palo Alto device web management interface could gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other...