592 matches found
CVE-2026-3209 fosrl Pangolin Role verifyApiKeyRoleAccess access control
A vulnerability has been found in fosrl Pangolin up to 1.15.4-s.3. This affects the function verifyRoleAccess/verifyApiKeyRoleAccess of the component Role Handler. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. The exploit has been disclosed to...
Faraday affected by SSRF via protocol-relative URL host override in build_exclusive_url
Impact Faraday's buildexclusiveurl method in lib/faraday/connection.rb uses Ruby's URImerge to combine the connection's base URL with a user-supplied path. Per RFC 3986, protocol-relative URLs e.g. //evil.com/path are treated as network-path references that override the base URL's host/authority...
BIT-GHOST-2026-24778 Ghost vulnerable to XSS via malicious Portal preview links
Ghost is an open source content management system. In Ghost versions 5.43.0 through 5.12.04 and 6.0.0 through 6.14.0, an attacker was able to craft a malicious link that, when accessed by an authenticated staff user or member, would execute JavaScript with the victim's permissions, potentially...
📄 Pragyan CMS 3.0 Blind SQL Injection
A critical blind SQL injection vulnerability exists in Pragyan CMS version 3.0 and earlier, affecting the main index endpoint. The vulnerability allows unauthenticated remote attackers to execute arbitrary SQL commands and potentially compromise the entire database. This issue is older research...
CVE-2026-24687
Umbraco Forms is a form builder that integrates with the Umbraco content management system. It's possible for an authenticated backoffice-user to enumerate and traverse paths/files on the systems filesystem and read their contents, on Mac/Linux Umbraco installations using Forms. As Umbraco Cloud...
CVE-2026-24414 Icinga for Windows certificate can have too-open permissions
The Icinga PowerShell Framework provides configuration and check possibilities to ensure integration and monitoring of Windows environments. In versions prior to 1.13.4, 1.12.4, and 1.11.2, permissions of the Icinga for Windows certificate directory grant every user read access, which results in...
PT-2026-5210
Name of the Vulnerable Software and Affected Versions Discourse versions prior to 3.5.4 Discourse versions prior to 2025.11.2 Discourse versions prior to 2025.12.1 Discourse versions prior to 2026.1.0 Description Discourse is an open source discussion platform. Moderators may be able to convert...
Rekor affected by Server-Side Request Forgery (SSRF) via provided public key URL
Summary /api/v1/index/retrieve supports retrieving a public key via a user-provided URL, allowing attackers to trigger SSRF to arbitrary internal services. Since the SSRF only can trigger GET requests, the request cannot mutate state. The response from the GET request is not returned to the calle...
Rekor's COSE v0.0.1 entry type nil pointer dereference in Canonicalize via empty Message
Summary Rekor’s cose v0.0.1 entry implementation can panic on attacker-controlled input when canonicalizing a proposed entry with an empty spec.message. validate returns nil success when message is empty, leaving sign1Msg uninitialized, and Canonicalize later dereferences v.sign1Msg.Payload. Impa...
Moonraker affected by LDAP search filter injection
Impact Instances of Moonraker configured with the ldap component enabled are vulnerable to LDAP search filter injection techniques via the login endpoint. The 401 error response message can be used to determine whether or not a search was successful, allowing for brute force methods to discover...
EUVD-2026-3318
Lobe Chat has IDOR in Knowledge Base File Removal that Allows Cross User File Deletion...
CVE-2026-23522
LobeChat is an open source chat application platform. Prior to version 2.0.0-next.193, knowledgeBase.removeFilesFromKnowledgeBase tRPC ep allows authenticated users to delete files from any knowledge base without verifying ownership. userId filter in the database query is commented out, so it's...
CVE-2026-23522
LobeChat is an open source chat application platform. Prior to version 2.0.0-next.193, knowledgeBase.removeFilesFromKnowledgeBase tRPC ep allows authenticated users to delete files from any knowledge base without verifying ownership. userId filter in the database query is commented out, so it's...
PT-2026-3475
Name of the Vulnerable Software and Affected Versions ESPHome versions 2025.9.0 through 2025.12.6 Description ESPHome is a system for remote microcontroller control via Home Automation systems. An integer overflow in the API component’s protobuf decoder can lead to denial-of-service attacks when...
GHSA-67RJ-PJG6-PQ59 Jervis Has a SHA-256 Hex String Padding Bug
Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovyL622-L626 padLeft32, '0' should be padLeft64, '0'. SHA-256 produces 32 bytes = 64 hex characters. Impact Inconsistent hash lengths when leadi...
GHSA-XF94-H87H-G9WR QuestDB UI's Web Console is Vulnerable to Cross-Site Scripting
A security flaw has been discovered in questdb ui up to 1.11.9. Impacted is an unknown function of the component Web Console. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Upgrading t...
CVE-2022-35916
OpenZeppelin Contracts is a library for secure smart contract development. Contracts using the cross chain utilities for Arbitrum L2, CrossChainEnabledArbitrumL2 or LibArbitrumL2, will classify direct interactions of externally owned accounts EOAs as cross chain calls, even though they are not...
Shakapacker has environment variable leak via EnvironmentPlugin that exposes secrets to client-side bundles
Summary Since 2017, the default webpack plugins have passed the entire process.env to EnvironmentPlugin. This pattern exposed ALL build environment variables to client-side JavaScript bundles whenever application code or any dependency referenced process.env.VARIABLENAME. This is not a regression...
SUSE CVE-2025-68113
ALTCHA is privacy-first software for captcha and bot protection. A cryptographic semantic binding flaw in ALTCHA libraries allows challenge payload splicing, which may enable replay attacks. The HMAC signature does not unambiguously bind challenge parameters to the nonce, allowing an attacker to...
GHSA-6GVQ-JCMP-8959 ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay
Impact A cryptographic semantic binding flaw in ALTCHA libraries allows challenge payload splicing, which may enable replay attacks. The HMAC signature does not unambiguously bind challenge parameters to the nonce, allowing an attacker to reinterpret a valid proof-of-work submission with a modifi...