164408 matches found
CVE-2026-20153
As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The...
CVE-2026-45793
CVE-2026-45793 affects Composer (PHP dependency manager). Prior to 1.10.28, 2.2.28, and 2.9.8, Composer\IO\BaseIO::loadConfiguration() validated GitHub tokens with ^[.A-Za-z0-9_]+$ and interpolated rejected tokens into an UnexpectedValueException. GitHub Actions GITHUB_TOKEN values formatted as g...
CVE-2026-45793 Composer: Github Actions issued GITHUB_TOKEN disclosure in GitHub Actions logs
Composer is a dependency Manager for the PHP language. Prior to 1.10.28, 2.2.28, and 2.9.8, Composer\IO\BaseIO::loadConfiguration validates GitHub OAuth tokens with the regex ^.A-Za-z0-9+$ and interpolates rejected tokens into an UnexpectedValueException; GitHub Actions GITHUBTOKEN values using t...
CVE-2026-20153 Cisco RoomOS Security Hardening Release - Input Validation Vulnerabilities
As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The...
CVE-2026-20153
Technical details (affected products/versions, root cause, impact, fixes) are not provided in the supplied documents. Monitor Cisco Security Advisory and CVE entry for updates.
CVE-2026-47159 Vaultwarden: Authentication Flow Information Disclosure in SSO Discovery Allows Organization Enumeration and Pre-Validation Token Exposure
Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's SSO discovery and pre-validation flow returned organization-related SSO metadata including organizationIdentifier values for arbitrary email addresses and allowed a valid pre-validation JWT to be obtained...
CVE-2026-47159
Vaultwarden (Rust) prior to 1.36.0 is affected by CVE-2026-47159, where the SSO discovery and pre-validation flow exposed organization-related SSO metadata, including organizationIdentifier values for arbitrary email addresses, and allowed obtaining a valid pre-validation JWT with only the discov...
CVE-2026-15779
Summary: CVE-2026-15779 concerns Samba’s pam_winbind when mkhomedir is enabled. pam_winbind chowns the target account’s home directory without validating that the path is not a critical system directory like “/”. On systems where / is a user home (a common default for system accounts), this can b...
CVE-2026-61451
The Grav API plugin grav-plugin-api before 1.0.4 does not validate the origin of the client-supplied adminbaseurl field in the POST /api/v1/auth/forgot-password endpoint. The sanitizeHttpUrl function only checks that the URL scheme is http/https and never verifies the host against the server's ow...
CVE-2026-56349
n8n before version 2.10.0 contains an input validation vulnerability in the Guardrail node that allows attackers to bypass default guardrail instructions. End users can craft malicious inputs to circumvent guardrail protections and compromise workflow integrity...
The vulnerability of the Directum Web Agent component of the Directum RX system, which arises due to insufficient validation of input data, allows a perpetrator to execute arbitrary code.
The vulnerability of the Directum Web Agent component of the Directum RX system exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using a specially crafted file...
CVE-2026-61451 Grav before 1.0.4 Password Reset Token Poisoning via admin_base_url
The Grav API plugin grav-plugin-api before 1.0.4 does not validate the origin of the client-supplied adminbaseurl field in the POST /api/v1/auth/forgot-password endpoint. The sanitizeHttpUrl function only checks that the URL scheme is http/https and never verifies the host against the server's ow...
EUVD-2026-44648
The Grav API plugin grav-plugin-api before 1.0.4 does not validate the origin of the client-supplied adminbaseurl field in the POST /api/v1/auth/forgot-password endpoint. The sanitizeHttpUrl function only checks that the URL scheme is http/https and never verifies the host against the server's ow...
EUVD-2026-44643
PraisonAI before 4.6.78 contains a remote code execution vulnerability in JobWorkflowExecutor.execinlinepython due to insufficient AST validation of workflow script steps. Attackers can create malicious YAML workflow files with import os statements followed by os.system calls that bypass sandbox...
EUVD-2026-44638
PraisonAI before 4.6.78 exposes the MCP HTTP-stream transport without authentication by default: the CLI --api-key option defaults to None, and the server only enforces Authorization/Bearer checks when an API key is configured. When an operator runs 'praisonai mcp serve --transport http-stream'...
CVE-2026-56400 open-webui - Remote Code Execution via CORS Misconfiguration and Session Validation
open-webui before 0.3.14 contains a cross-origin resource sharing misconfiguration allowing arbitrary origins with alloworigins= and authenticated requests to the /api/v1/functions endpoint. Attackers can execute arbitrary code on the openwebui instance by crafting malicious cross-site requests...
CVE-2026-56349 n8n - Guardrail Node Bypass via Crafted Input
n8n before version 2.10.0 contains an input validation vulnerability in the Guardrail node that allows attackers to bypass default guardrail instructions. End users can craft malicious inputs to circumvent guardrail protections and compromise workflow integrity...
EUVD-2026-44624
n8n before version 2.10.0 contains an input validation vulnerability in the Guardrail node that allows attackers to bypass default guardrail instructions. End users can craft malicious inputs to circumvent guardrail protections and compromise workflow integrity...
CVE-2026-14251
A flaw was found in the OpenShift GitOps operator. The ClusterRole reconciler does not validate resource ownership when reconciling ClusterRole objects. A namespace-scoped Argo CD instance can trigger deletion of a ClusterRole owned by a cluster-scoped Argo CD instance by crafting a name collisio...
Avid NEXIS Agent - Arbitrary File Read
Avid NEXIS E-series, F-series, PRO+, and System Director Appliance SDA+ before 2025.5.1 contain an unauthenticated arbitrary file read caused by improper validation of the filename parameter, letting unauthenticated attackers read sensitive files, exploit requires no authentication. id:...