EUVD-2026-37027

A flaw was found in GNOME localsearch previously known as tracker-miners MP3 Extractor, specifically within the tracker-extract-mp3 component. This heap buffer overflow vulnerability occurs when processing specially crafted MP3 files containing malformed ID3v2.3 COMM Comment tags. An attacker cou...

EUVD-2026-36862

Subscriber Privilege Escalation in Amelia = 2.3 versions...

CVE-2026-12197

The CVE-2026-12197 affects Ruijie EG105G-P (firmware 2.340). The issue resides in the nslookup function of /cgi-bin/luci/api/diagnose (JSON-RPC Diagnose Endpoint), where manipulating the params.target argument leads to command injection. It enables remote initiation of an attack, with an exploit ...

CVE-2026-49051

Missing Authorization vulnerability in Prasad Kirpekar WP Meta and Date Remover allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Meta and Date Remover: from n/a through 2.3.6...

CVE-2026-45748 Termix Vulnerable to Remote Code Execution via SSH Tunnel Forward Command Injection

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The POST /ssh/tunnel/connect endpoint in Termix prior to version 2.3.2 builds an SSH tunnel command by interpolating user-controlled host record fields endpointIP, endpointUsername,...

EUVD-2026-34873

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/filemanager/ssh/resolvePath endpoint in Termix is vulnerable to OS command injection. The endpoint uses double-quote escaping for shell command...

CVE-2026-45743 Termix has a File-Manager Session Hijack via Missing Ownership Check (IDOR)

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. 16 file-manager endpoints in Termix prior to version 2.3.2 do not verify that the requesting user owns the SSH session identified by sessionId. An authenticated attacker who knows or...

PT-2026-47022

Name of the Vulnerable Software and Affected Versions Termix versions prior to 2.3.2 Description The File Manager component of this web-based server management platform contains a command injection flaw. The endpoint "/ssh/file manager/ssh/resolvePath" unsafely processes the path parameter,...

Termix 安全漏洞

Termix is a server management platform developed by Karmaa’s individual developers. Versions of Termix prior to 2.3.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack of verification by 16 file manager endpoints to ensure that the requesting user had an SSH session...

CVE-2025-53345

Missing Authorization vulnerability leading to code execution after installing malicious vulnerable plugin in ThimPress Thim Core. This issue affects Thim Core: from n/a through 2.3.3...

Casdoor 安全漏洞

Casdoor is an open-source platform developed by Casdoor that supports various authentication and authorization protocols. Versions of Casdoor 2.362.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the SAML service provider’s failure to validate the...

CVE-2026-46620

e107 is a content management system CMS. Prior to 2.3.5, e107 CMS does not properly enforce CSRF token validation on comment moderation actions. The problem comes down to how sessionhandler::check handles CSRF tokens. Instead of requiring a token on every state-changing request, it only validates...

Linux Distros Unpatched Vulnerability : CVE-2026-42783

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - rust-sequoia-openpgp - None Ubuntu Linux - openpgp: Don't imply missing key flags from key type CVE-2026-42783 Note that Nessus relies on the...

EUVD-2026-28861

Grimmory is a self-hosted digital library. Prior to version 2.3.1, a stored cross-site scripting XSS vulnerability in Grimmory's browser-based EPUB reader allows an attacker to embed arbitrary JavaScript in a crafted EPUB file. When a victim opens the book, the script executes in their browser wi...

GHSA-XV9C-MJW8-79GF Sidekiq-cron is vulnerable to a cross-site scripting (xss) vulnerability via crafted URL

Sidekiq-cron thru 2.3.1, an open-source scheduling add-on for Sidekiq, is vulnerable to a cross-site scripting xss vulnerability via crafted URL being rended from cron.erb...

CVE-2026-42220

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, an authenticated user can call GET /api/settings and retrieve sensitive configuration values, including node.secret. The same node.secret is accepted by AuthRequired through the X-Node-Secret header or nodesecret...

WordPress Anti-Spam Protection – No API Key, GDPR Friendly plugin <= 2.3.7 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Anti-Spam by Fullworks : GDPR Compliant Spam Protection versions = 2.3.7...

OPENSUSE-SU-2026:20658-1 Security update for himmelblau

This update for himmelblau fixes the following issues: Update to version 2.3.9+git0.a9fd29b. Security issues fixed: - CVE-2026-34397: Fixed naming collision that can lead to local privilege escalation bsc1261324. Other updates and bugfixes: - update aws-lc-sys to 0.39.0 for security fixes - updat...

CVE-2026-38935

A reflected cross-site scripting XSS vulnerability exists in diskover-community = 2.3.5 in public/view.php via the doctype parameter...

CVE-2026-38934

CVE-2026-38934 affects diskoverdata diskover-community v2.3.5 and earlier. The issue is a Cross-Site Request Forgery vulnerability in public/settings_process.php that permits a remote attacker to escalate privileges and access sensitive information. The CVE details provide a high-severity impact ...