2536 matches found
PT-2026-44507
Name of the Vulnerable Software and Affected Versions Oracle REST Data Services versions 24.2.0 through 26.1.0 Description An issue in the Core component allows a low privileged attacker with network access via HTTPS to compromise the system. Exploitation is difficult and requires human interacti...
PT-2026-43491
The Yoast SEO plugin for WordPress is vulnerable to Insecure Direct Object References in all versions up to, and including, 26.5. This is due to insufficient authorization checks in the Meta Search REST API endpoint that fail to verify post ownership. This makes it possible for authenticated...
ROS-20260524-73-0006
A vulnerability in the JGSS component of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is associated with a breach of the data protection mechanism. Exploitation of the vulnerability could allow a remote attacker to gain...
CVE-2026-8347
The CVE-2026-8347 entry affects Concrete CMS 9.5.0 and earlier, where the Express association Reorder dialog is vulnerable to IDOR and wrong-authorization-level handling, enabling cross-entity state tampering under view-only permissions. The issue is triggered by reliance on Express entity orderi...
CVE-2026-44409
There is an an information disclosure vulnerability in ZTE MU5250. Due to improper configuration of the access control mechanism, attackers can obtain information without authorization, causing the risk of information disclosure...
CVE-2026-44409
There is an an information disclosure vulnerability in ZTE MU5250. Due to improper configuration of the access control mechanism, attackers can obtain information without authorization, causing the risk of information disclosure...
CVE-2026-44409
Technical details about CVE-2026-44409 are not publicly available in the provided documents. No explicit affected versions, root cause specifics, exploit information, or mitigations are present. Monitor for updates from vendors and security feeds.
Astra Linux – Vulnerability in openjdk-11
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Hotspot. The supported versions affected by this vulnerability include Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0....
Astra Linux – Vulnerability in glib2.0
A flaw was discovered in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability enables a local attacker to...
SUSE SLES15 Security Update : java-1_8_0-openjdk (SUSE-SU-2026:1955-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1955-1 advisory. This update for java-180-openjdk fixes the following issues - CVE-2026-22007: APIs in the specified component can lead to an...
SUSE CVE-2026-44283
etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requests within transaction operations, to bypass RBAC authorization checks. An authenticated user...
CVE-2026-44283
etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requests within transaction operations, to bypass RBAC authorization checks. An authenticated user...
PT-2026-41199
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.11 Description The API endpoint '/api/v1/notes/note id' lacks proper authorization checks, allowing authenticated users to retrieve notes belonging to other users by guessing or enumerating note id UUIDs. This...
EUVD-2026-29362
Due to missing authorization check in SAP Strategic Enterprise Management Scorecard Wizard in Business Server Pages, an authenticated attacker could access information that they are otherwise unauthorized to view. This vulnerability also enables the attacker to change the default settings and...
CVE-2026-40132
Due to missing authorization check in SAP Strategic Enterprise Management Scorecard Wizard in Business Server Pages, an authenticated attacker could access information that they are otherwise unauthorized to view. This vulnerability also enables the attacker to change the default settings and...
GoJobs API 访问控制错误漏洞
The GoJobs API is a high-performance job platform REST API developed by Manav Mahesh Sanger. The GoJobs API has an access control vulnerability, which stems from the lack of authentication and authorization checks in the job retrieval endpoints. This vulnerability may allow unauthorized users to...
WordPress plugin Court Reservation – Manage Your Court Bookings Online SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
Dell ECS 安全漏洞
Dell ECS is an enterprise-level object storage solution from the American company Dell. Versions 3.8.1.0 to 3.8.1.7 of Dell ECS, as well as versions prior to 4.3.0.0 of Dell ObjectScale, have security vulnerabilities. These vulnerabilities stem from a certification bypass in Geo replication, whic...
Important: java-17-amazon-corretto
Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalV...
BIT-JRE-2023-22006
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle...