8102 matches found
Giga Messenger WordPress - Cross-Site Scripting
Giga Messenger WordPress plugin = 2.3.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...
CVE-2026-49284
The CVE affects SimpleSAMLphp SP: the ACS path permits a response from an unexpected IdP when an unsigned Response/InResponseTo combines with a signed assertion lacking SubjectConfirmationData/InResponseTo. A response from IdP B can be bound to SP state created for IdP A, allowing bypass of IdP-s...
CVE-2026-49835
Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.1.0, the global wrapMetrics middleware records raw HTTP request path r.URL.Path and raw HTTP request method r.Method as Prometheus labels for latency and request count metric vectors before routing, allowing an...
CVE-2026-45309
CVE-2026-45309 affects AsyncSSH prior to 2.23.0. Root cause: the OpenSSH-style token %u in AuthorizedKeysFile was expanded from the remote username without rejecting path separators or .. segments, letting a username such as with traversal characters read an attacker-controlled authorized-keys fi...
CVE-2026-16017
A security flaw has been discovered in mosaxiv clawlet up to 0.2.10. Impacted is the function list/remove of the file tools/toolcron.go of the component cron Chat Tool. The manipulation results in missing authorization. The attack may be performed from remote. The exploit has been released to the...
CVE-2026-12705 Integrity mechanism of KNX-device FW-files can be bypassed in ABB Update Tool
Missing support for integrity check vulnerability in ABB KNX Update Tool ABB, ABB KNX Update Tool BJE. This issue affects KNX Update Tool ABB: through 2.0.175; KNX Update Tool BJE: through 2.0.175...
CVE-2026-62764
Improper Handling of Insufficient Privileges vulnerability in Apache Accumulo. An authenticated, but low-privileged user without system permissions may issue a remote command to gracefully shutdown system components compaction-coordinator, compactor, gc, manager, monitor, tserver, or sserver,...
CVE-2026-43977
wger is a free, open-source workout and fitness manager. In versions prior to 2.6, any authenticated user can read another user's private workout session notes, exercise history, and training statistics by calling the /logs/ and /stats/ actions on a routine they do not own. The vulnerability exis...
CVE-2026-43978 wger: Privilege escalation via trainer-login session chaining allows gym trainers to impersonate gym managers
wger is a free, open-source workout and fitness manager. In versions prior to 2.6, a gym trainer can escalate their session to any higher-privileged account gym manager, general manager by chaining two calls to the trainer-login endpoint. Once a trainer performs a legitimate switch into a...
CVE-2026-62309
CoreDNS is a DNS server written in Go. Prior to 1.14.4, a single 28-byte UDP datagram can crash the CoreDNS process when the proxyproto plugin is enabled because plugin/pkg/proxyproto/proxyproto.go PacketConn.ReadFrom handles a PROXY v2 header with non-UDP transport such as family byte 0x11,...
CVE-2026-44982
CVE-2026-44982 affects CrowdSec AppSec. The bug in pkg/appsec/request.go NewParsedRequestFromRequest reads the body using max(r.ContentLength, 0), causing HTTP/1.1 chunked and HTTP/2 without Content-Length to appear with an empty body, bypassing body-inspection rules (REQUEST_BODY, BODY_ARGS, ARG...
CVE-2026-53598
Prompty is a markdown file format .prompty for LLM prompts. Prior to 2.0.0-beta.2, Prompty loaders expanded $file:... references in .prompty frontmatter without enforcing that resolved paths stayed within the prompt directory or allowed roots, allowing an attacker-controlled prompt file to read...
CVE-2026-53598
The CVE-2026-53598 issue affects Prompty (.prompty) loaders that expanded ${file:...} references in frontmatter before 2.0.0-beta.2, allowing an attacker-controlled prompt to read local files via absolute paths, .. traversal, or symlink escapes. Root cause: path confinement was not enforced durin...
ROOT-APP-MAVEN-CVE-2026-45367 CVE-2026-45367 in io.root.ca.uhn.hapi.fhir:org.hl7.fhir.dstu2 - Patched by Root
Root has patched CVE-2026-45367 in the io.root.ca.uhn.hapi.fhir:org.hl7.fhir.dstu2 package for Root:Maven. Multiple fixed versions available...
CVE-2026-55445 Qinglong: Incomplete fix for CVE-2026-3965: Improper Authentication
Qinglong is a timed task management platform supporting Python3, JavaScript, Shell, and Typescript. Prior to 2.20.1, the init guard middleware in back/loaders/express.ts checks /api/user/init but not /open/user/init, while rewrite'/open/', '/api/$1' rewrites the whitelisted /open/ path after JWT...
CVE-2026-45533
DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase export-center deletion can accept path traversal sequences such as ../ in the bulk delete API endpoint and pass attacker-controlled identifiers to ExportCenterManage.delete, allowing recursive deletion of...
CVE-2026-45417
DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase datasource connection status checks concatenate configuration.getSchema into getTablesSql and execute the resulting SQL with executeQuery in io.dataease.datasource.provider.CalciteProvidercheckStatus,...
CVE-2026-45320
DataEase (open source data visualization/analysis tool) is affected by an SQL injection in dashboard variables. Prior to version 2.10.23, dashboard SQL variables (e.g., ${deptId}) are processed by SqlparserUtils.transFilter(), whose final branch returns raw user input for non-in and non-between o...
CVE-2026-59955
Apollo is a reliable configuration management system suitable for microservice configuration management scenarios. Prior to 2.5.2, Apollo ConfigService may allow unauthorized access to raw configuration data when AccessKey or management key authentication is enabled because requests under...
CVE-2025-32781 Apollo: Apollo Portal release endpoint allows cross-application configuration disclosure via releaseId
Apollo is a reliable configuration management system suitable for microservice configuration management scenarios. Prior to 2.5.0, Apollo Portal does not verify application and namespace permissions when an authenticated user requests a release by ID through GET /envs/env/releases/releaseId while...