11 matches found
axonflow-sdk-go: Webhook signing-key (HMAC-SHA256) not exposed by SDK type, preventing signature verification
Summary The AxonFlow SDK's WebhookSubscription or equivalent type did not expose the HMAC-SHA256 signing key returned by the platform's CreateWebhook endpoint. Without access to the secret through the typed SDK API, callers had no path to verify the X-AxonFlow-Signature header on incoming webhook...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004637)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004637 advisory. In the Linux kernel 5.5.0 and newer, the bpf verifier kernel/bpf/verifier.c did not properly restrict the register bounds for 32-bit operations, leading to...
CVE-2024-9676 affecting package podman for versions less than 5.6.1-2
CVE-2024-9676 affecting package podman for versions less than 5.6.1-2. An upgraded version of the package is available that resolves this issue...
CVE-2025-57758
Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, the table access voter in the back end doesn't check if a user is allowed to access the corresponding module. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround involves not relying...
CVE-2023-28121
An issue in WooCommerce Payments plugin for WordPress versions 5.6.1 and lower allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the...
CVE-2024-2422
LenelS2 NetBox access control and event monitoring system was discovered to contain an authenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands...
CVE-2024-2422 LenelS2 NetBox Improper Neutralization of Argumented Delimiters
LenelS2 NetBox access control and event monitoring system was discovered to contain an authenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands...
CVE-2024-3926
The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customattributes value in widgets in all versions up to, and including, 5.6.1 due to insufficient input sanitization...
Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2016-06214)
Adobe Experience Manager is an enterprise content management solution that helps you streamline the management and delivery of your content and assets. A cross-site scripting vulnerability exists in Adobe Experience Manager 5.6.1, 6.0, 6.1, which can be exploited by remote attackers to inject...
Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2016-06216)
Adobe Experience Manager is an enterprise content management solution that helps you streamline the management and delivery of your content and assets. A cross-site scripting vulnerability exists in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2, which can be exploited by remote attackers to...
Adobe Experience Manager (AEM) Multiple Vulnerabilities (APSB16-05) - Active Check
Adobe Experience Manager AEM is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...