16812 matches found
GHSA-9CGQ-WP42-4RPQ Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface
Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface. A user with read access to pull requests may be able to cancel auto-merges scheduled by other users...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the web interface when canceling scheduled auto-merges. An attacker can terminate auto-merges scheduled by other users by leveraging read access to pull requests. Remediation Upgrade...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the web interface when canceling scheduled auto-merges. An attacker can terminate auto-merges scheduled by other users by leveraging read access to pull requests. Remediation Upgrade...
Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface
Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface. A user with read access to pull requests may be able to cancel auto-merges scheduled by other users...
ALGO 8180 IP Audio Alerter: Operating System Command Injection Vulnerability
ALGO 8180 IP Audio Alerter is an IP speaker developed by ALGO Corporation. The ALGO 8180 IP Audio Alerter has a vulnerability related to operating system command injection. This vulnerability stems from the lack of validation for user input strings in the web-based interface, which may lead to...
ALGO 8180 IP Audio Alerter: Operating System Command Injection Vulnerability
ALGO 8180 IP Audio Alerter is an IP speaker developed by ALGO Corporation. The ALGO 8180 IP Audio Alerter has a vulnerability related to operating system command injection. This vulnerability stems from the lack of validation for user input strings in the web-based interface, which may lead to...
ALGO 8180 IP Audio Alerter security vulnerability
ALGO 8180 IP Audio Alerter is an IP speaker developed by ALGO Corporation. The ALGO 8180 IP Audio Alerter has a security vulnerability; this vulnerability stems from the web-based user interface, which allows direct requests for URLs, potentially leading to information leakage...
ALGO 8180 IP Audio Alerter: Operating System Command Injection Vulnerability
ALGO 8180 IP Audio Alerter is an IP speaker developed by ALGO Corporation. The ALGO 8180 IP Audio Alerter has a vulnerability related to operating system command injection. This vulnerability stems from the lack of validation for user input strings in the web-based interface, which may lead to...
ALGO 8180 IP Audio Alerter information leakage vulnerability
ALGO 8180 IP Audio Alerter is an IP speaker developed by ALGO Corporation. The ALGO 8180 IP Audio Alerter has a vulnerability related to information leakage. This vulnerability stems from the lack of management for sensitive information in the web-based user interface, which may lead to informati...
ALGO 8180 IP Audio Alerter: Operating System Command Injection Vulnerability
ALGO 8180 IP Audio Alerter is an IP speaker developed by ALGO Corporation. The ALGO 8180 IP Audio Alerter has a vulnerability related to operating system command injection. This vulnerability stems from the lack of validation for user input strings in the web-based interface, which may lead to...
ALGO 8180 IP Audio Alerter: Operating System Command Injection Vulnerability
ALGO 8180 IP Audio Alerter is an IP speaker developed by ALGO Corporation. The ALGO 8180 IP Audio Alerter has a vulnerability related to operating system command injection. This vulnerability stems from the lack of validation for user input strings in the web-based interface, which may lead to...
ALGO 8180 IP Audio Alerter: Operating System Command Injection Vulnerability
ALGO 8180 IP Audio Alerter is an IP speaker developed by ALGO Corporation. The ALGO 8180 IP Audio Alerter has a vulnerability related to operating system command injection. This vulnerability stems from the lack of validation for user input strings in the web-based interface, which may lead to...
ALGO 8180 IP Audio Alerter: Operating System Command Injection Vulnerability
ALGO 8180 IP Audio Alerter is an IP speaker developed by ALGO Corporation. The ALGO 8180 IP Audio Alerter has a vulnerability related to operating system command injection. This vulnerability stems from the lack of validation for user input strings in the web-based interface, which may lead to...
CVE-2026-20888
Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface. A user with read access to pull requests may be able to cancel auto-merges scheduled by other users...
CVE-2026-20888
Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface. A user with read access to pull requests may be able to cancel auto-merges scheduled by other users...
CVE-2026-20888
Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface. A user with read access to pull requests may be able to cancel auto-merges scheduled by other users...
CVE-2026-20888
Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface. A user with read access to pull requests may be able to cancel auto-merges scheduled by other users...
CVE-2026-20055
Multiple vulnerabilities in the web-based management interface of Cisco Packaged Contact Center Enterprise Packaged CCE and Cisco Unified Contact Center Enterprise Unified CCE could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-base...
Vulnerabilities fixed in Cisco Unified Communications products
Cisco has fixed vulnerabilities in several Cisco Unified Communications products. The vulnerabilities include a critical vulnerability that allows unauthenticated remote attackers to execute arbitrary commands on the device's operating system. This is due to improper validation of user input in...
CVE-2026-23963 Mastodon missing length limits on list names, filter names, and filter keywords
Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.5.5, 4.4.12, and 4.3.18, the server does not enforce a maximum length for the names of lists or filters, or for filter keywords, allowing any user to set an arbitrarily long string as the name or...