52493 matches found
EUVD-2026-24963
chmod: --preserve-root bypassed by any path that resolves to root e.g. /../...
CVE-2026-8699
A stored Cross-Site Scripting XSS vulnerability has been identified in the web-based management interface of Archer C5 v6.8 routers, due to insufficient server-side validation and lack of proper output encoding of user-controlled input in a certain field. An attacker with administrative privilege...
CVE-2026-57997 Strapi users-permissions - JWT Algorithm Confusion via Missing Algorithm Configuration
Strapi users-permissions plugin fails to restrict JWT algorithms when plugin::users-permissions.jwt.algorithm is not explicitly configured, allowing acceptance of HS384 and HS512 tokens alongside HS256. Attackers possessing the jwtSecret can mint tokens with non-standard HMAC variants to bypass...
CVE-2026-57997 Strapi users-permissions - JWT Algorithm Confusion via Missing Algorithm Configuration
Strapi users-permissions plugin fails to restrict JWT algorithms when plugin::users-permissions.jwt.algorithm is not explicitly configured, allowing acceptance of HS384 and HS512 tokens alongside HS256. Attackers possessing the jwtSecret can mint tokens with non-standard HMAC variants to bypass...
CVE-2026-52921 netfilter: ipset: stop hash:* range iteration at end
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: stop hash: range iteration at end The following hash set variants: hash:ip,mark hash:ip,port hash:ip,port,ip hash:ip,port,net iterate IPv4 ranges with a 32-bit iterator. The iterator must stop once the last...
CVE-2026-52921
CVE-2026-52921 : In the Linux kernel, netfilter ipset hash:* range iteration could continue past the upper bound when iterating IPv4 ranges, due to a 32-bit iterator not stopping at the end. This allowed traversal state to move past the requested boundary and potentially affect retries. The issue...
CVE-2026-53622 Traefik: HTTP/3 mTLS bypass via exact SNI TLSOptions lookup for wildcard and mixed-case hosts
Traefik is an HTTP reverse proxy and load balancer. Prior to 3.7.3, there is a critical vulnerability in Traefik's HTTP/3 QUIC TLS configuration selection that allows unauthenticated clients to bypass router-specific mTLS enforcement. When HTTP/3 is enabled on an entrypoint, the TLS handshake...
CVE-2026-53622
CVE-2026-53622 concerns Traefik’s HTTP/3 (QUIC) TLS configuration selection. When HTTP/3 is enabled, the TLS handshake uses an exact, case-sensitive lookup of the SNI to choose a TLS config, which fails to match wildcard hosts or mixed-case hostnames. If a router enforces mTLS via TLSOptions and ...
CVE-2026-47203 Authelia Missing Username Canonicalization in Basic Auth (LDAP)
Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on SSO for applications via a web portal. In versions 4.38.0 through 4.39.19, when a user authenticates via Basic Auth i.e via the Authorization header with the Basic scheme on t...
Malicious code in speed4 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0766e347295e7a13e0604a89de30f662a24b690598f1e4b01edaac5400178347 [email protected] is not a functional Node package. package.json declares main: sw.js, but sw.js is a browser ServiceWorker importScripts'./8cfc2/hgshm.js...
PT-2026-50145
Name of the Vulnerable Software and Affected Versions Deno versions prior to 2.7.14 Description Deno's permission system on macOS enforces filesystem and execution restrictions by comparing requested paths against those supplied to --deny-read, --deny-write, --deny-run, or --deny-ffi. The...
SUSE CVE-2026-42768
Issue summary: The CMSdecrypt and PKCS7decrypt functions are vulnerable to Bleichenbacher-style attack when an attacker is able to provide the CMS or S/MIME messages and observe the error code and/or decryption output. Impact summary: The Bleichenbacher-style attack allows an attacker to use the...
PT-2026-49067
Name of the Vulnerable Software and Affected Versions File Browser affected versions not specified Description File Browser fails to properly validate symbolic links, allowing scoped users or unauthenticated public-share recipients to access files outside their intended directory boundaries. Whil...
Joern 4.0.556
Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...
Linux Distros Unpatched Vulnerability : CVE-2026-42768
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: The CMSdecrypt and PKCS7decrypt functions are vulnerable to Bleichenbacher-style attack when an attacker is able to provide the CMS or S/MIME...
EUVD-2026-35485
Issue summary: The CMSdecrypt and PKCS7decrypt functions are vulnerable to Bleichenbacher-style attack when an attacker is able to provide the CMS or S/MIME messages and observe the error code and/or decryption output. Impact summary: The Bleichenbacher-style attack allows an attacker to use the...
CVE-2026-42768
Issue summary: The CMSdecrypt and PKCS7decrypt functions are vulnerable to Bleichenbacher-style attack when an attacker is able to provide the CMS or S/MIME messages and observe the error code and/or decryption output. Impact summary: The Bleichenbacher-style attack allows an attacker to use the...
CVE-2026-42768 Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()
Issue summary: The CMSdecrypt and PKCS7decrypt functions are vulnerable to Bleichenbacher-style attack when an attacker is able to provide the CMS or S/MIME messages and observe the error code and/or decryption output. Impact summary: The Bleichenbacher-style attack allows an attacker to use the...
CVE-2026-42768
Issue summary: The CMSdecrypt and PKCS7decrypt functions are vulnerable to Bleichenbacher-style attack when an attacker is able to provide the CMS or S/MIME messages and observe the error code and/or decryption output. Impact summary: The Bleichenbacher-style attack allows an attacker to use the...
EUVD-2025-210083
A vulnerability has been identified in SIPROTEC 5 6MD84 CP300 All versions, SIPROTEC 5 6MD85 CP200 All versions, SIPROTEC 5 6MD85 CP300 All versions, SIPROTEC 5 6MD86 CP200 All versions, SIPROTEC 5 6MD86 CP300 All versions, SIPROTEC 5 6MD89 CP300 All versions, SIPROTEC 5 6MU85 CP300 All versions,...