CVE-2026-44825

Hardcoded credentials in the Basic Authentication setup tool bin/solr auth enable in Apache Solr versions 9.4.0 through 9.10.1 and 10.0.0 allows a remote attacker to gain full administrative access to the cluster via publicly known default credentials installed silently alongside the user-specifi...

CVE-2026-44825

Summary (CVE-2026-44825) : Apache Solr’s Basic Authentication bootstrap tool (bin/solr auth enable) contains hardcoded credentials, enabling remote attackers to gain full administrative access for Solr clusters running versions 9.4.0–9.10.1 and 10.0.0. The root cause is the inclusion of default c...

CLEANSTART-2026-AX33738 Security fixes for CVE-2025-54410, CVE-2026-32952, CVE-2026-33186, CVE-2026-40179, CVE-2026-42151, CVE-2026-42154, ghsa-4vq8-7jfc-9cvp, ghsa-8rm2-7qqf-34qm, ghsa-fw8g-cg8f-9j28, ghsa-p77j-4mvh-x3m3, ghsa-pjcq-xvwq-hhpj, ghsa-vffh-x6r8-xx99, ghsa-wg65-39gg-5wfj applied in versions: 8.18.1-r0, 9.1.10-r0, 9.4.0-r1

Multiple security vulnerabilities affect the elastic-beats package. These issues are resolved in later releases. See references for individual vulnerability details...

Information Disclosure in Confluence Data Center

This High severity Information Disclosure vulnerability was introduced in versions 9.1.0, 9.2.0, 9.3.1, 9.4.0, 9.5.1, 10.0.2, 10.1.0, and 10.2.0 of Confluence Data Center. This Information Disclosure vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

Drupal 代码问题漏洞

Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal Monster Menus prior to version 9.3.4, versions 9.4.0 through 9.4.2, which stems from the inclusion of an untrusted data deserialization vulnerability...

Drupal Monster Menus module < 9.3.4,9.4.0-9.4.1 - Unauthenticated Remote Code Execution (RCE) vulnerability

Unauthenticated Remote Code Execution RCE vulnerability discovered by Drew Webber in WordPress Module Monster Menus versions 9.3.4,9.4.0-9.4.1...

Atlassian Jira Service Management Data Center and Server < 5.4.21 / 5.12.x < 5.12.8 / 5.15.x < 5.16.0 (JSDSERVER-15309)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-15309 advisory. - This High severity Information Disclosure vulnerability was introduced in versions 9.4.0, 9.12.0, an...

Atlassian JIRA Data Center Security Vulnerability

Atlassian JIRA Data Center is the data center version of Atlassian JIRA from Atlassian Australia. A security vulnerability exists in Atlassian JIRA Data Center versions 9.4.0, 9.12.0, and 9.15.0. An attacker could view sensitive information by exploiting the vulnerability...

CVE-2024-25953

Dell PowerScale OneFS vulnerable to a local symbolik link (symlink) following issue in versions 9.4.0.x–9.7.0.x. Root cause: tracking/handling of UNIX symbolic links allows a highly privileged, local attacker to cause DoS and tamper with data (integrity) and DoS (availability). Impact per sources...

UBUNTU-CVE-2023-34244

GLPI is a free asset and IT management software package. Starting in version 9.4.0 and prior to version 10.0.8, a malicious link can be crafted by an unauthenticated user that can exploit a reflected XSS in case any authenticated user opens the crafted link. Users should upgrade to version 10.0.8...

Fortinet FortiNAC 安全漏洞

Fortinet FortiNAC is a zero-trust access solution from Fortinet, Inc. A security vulnerability exists in Fortinet FortiNAC versions 9.4.0 through 9.4.1, prior to 9.2.6, which stems from improper authorization...

PT-2023-9269 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions 9.4.0 through 10.0.5 Description: The issue is related to Cross-site Scripting XSS due to improper neutralization of input data during web page generation. An attacker can exploit this by persuading a victim to open a URL...