Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the login process. An attacker can determine the existence of valid usernames by submitting login attempts and analyzing the differences in error messages returned by the system. Remediation Upgrade rucio-webui ...

CVE-2026-27593

Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 6.3.3 and 5.73.10, an attacker may leverage a vulnerability in the password reset feature to capture a user's token and reset the password on their behalf. The attacker must know the email address of a valid...

GHSA-JXQ9-79VJ-RGVW Statamic is vulnerable to account takeover via password reset link injection

Impact An attacker may leverage a vulnerability in the password reset feature to capture a user's token and reset the password on their behalf. The attacker must know the email address of a valid account on the site, and the actual user must blindly click the link in their email even though they...

Static Web Server affected by timing-based username enumeration in Basic Authentication due to early response on invalid usernames

Summary A Timing-based username enumeration in Basic Authentication vulnerability due to early response on invalid usernames could allow attackers to identify valid users and focus their efforts on targeted brute-force or credential-stuffing attacks. Details SWS validates the provided username...

Ubuntu: Security Advisory (USN-8050-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ROS-20260220-73-0008

A vulnerability in the totalvalidblockcount function of the fs/f2fs/f2fs.h library of the Linux kernel is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

CVE-2026-26320 OpenClaw macOS deep link confirmation truncation can conceal executed agent message

OpenClaw is a personal AI assistant. OpenClaw macOS desktop client registers the openclaw:// URL scheme. For openclaw://agent deep links without an unattended key, the app shows a confirmation dialog that previously displayed only the first 240 characters of the message, but executed the full...

USN-8050-1 trafficserver vulnerability

Masakazu Kitajo discovered that Apache Traffic Server did not properly handle the Valid Host header field. An attacker could possibly use this issue to cause a denial of service DoS...

USN-8050-1: Apache Traffic Server vulnerability

Masakazu Kitajo discovered that Apache Traffic Server did not properly handle the Valid Host header field. An attacker could possibly use this issue to cause a denial of service DoS...

PT-2026-20391

Not properly invalidated session vulnerability in Graylog Web Interface, version 2.2.3, due to incorrect management of session invalidation after new logins. The application generates a new 'sessionId' each time a user authenticates, but does not invalidate previously issued session identifiers,...

PT-2026-8094

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description The reported issue has been marked as rejected by NIST in the official CVE List, indicating it is not a valid or recognized vulnerability. No search results fro...

Malicious Package

Overview envoy1 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

CVE-2019-25338

DokuWiki 2018-04-22b contains a username enumeration vulnerability in its password reset functionality that allows attackers to identify valid user accounts. Attackers can submit different usernames to the password reset endpoint and distinguish between existing and non-existing accounts by...

Privilege Escalation

@cubejs-backend/server-core is vulnerable to Privilege Escalation. The vulnerability is due to improper authorization validation of specially crafted requests using a valid API token, which allows an attacker to escalate privileges beyond their intended access level...

CVE-2026-23901

Observable Timing Discrepancy vulnerability in Apache Shiro. This issue affects Apache Shiro: from 1., 2. before 2.0.7. Users are recommended to upgrade to version 2.0.7 or later, which fixes the issue. Prior to Shiro 2.0.7, code paths for non-existent vs. existing users are different enough, tha...

Cube Core is vulnerable to privilege escalation via a specially crafted request

Impact It is possible to make a specially crafted request with a valid API token that leads to privilege escalation. Affected Versions: ≥= 0.27.19 Mitigation: Upgrade to a patched version: - 1.5.13 and later regular release - 1.4.2 active LTS release - 1.0.14 end-of-life LTS release References Th...

GHSA-V226-32C7-X2V7 Cube Core is vulnerable to privilege escalation via a specially crafted request

Impact It is possible to make a specially crafted request with a valid API token that leads to privilege escalation. Affected Versions: ≥= 0.27.19 Mitigation: Upgrade to a patched version: - 1.5.13 and later regular release - 1.4.2 active LTS release - 1.0.14 end-of-life LTS release References Th...

Improper Handling of Case Sensitivity

Overview github.com/filebrowser/filebrowser/v2/http is a web file browser. Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity due to improper handling of case sensitivity in the userPutHandler function. An attacker can gain unauthorized access to user accoun...

CVE-2026-25958 Cube privilege escalation via a specially crafted request

Cube is a semantic layer for building data applications. From 0.27.19 to before 1.5.13, 1.4.2, and 1.0.14, it is possible to make a specially crafted request with a valid API token that leads to privilege escalation. This vulnerability is fixed in 1.5.13, 1.4.2, and 1.0.14...

CVE-2026-25958

Cube (semantic layer) versions 0.27.19 up to before 1.5.13, 1.4.2, and 1.0.14 are vulnerable to privilege escalation via a specially crafted request with a valid API token. The issue is fixed in 1.5.13, 1.4.2, and 1.0.14. CVSS v3.1 base score 7.7 (HIGH) with attack vector Network, attack complexi...