1824 matches found
MINI-297Q-JW2C-WVP9
Bulletin has no description...
External Media without Import <=1.1.2 - Authenticated Blind Server-Side Request Forgery
WordPress External Media without Import plugin through 1.1.2 is susceptible to authenticated blind server-side request forgery. The plugin has no authorization and does not ensure that media added via URLs are external media, which can allow any authenticated users, including subscribers, to obta...
CVE-2026-44454
Coder is vulnerable to command injection in the dotfiles registry module, exploitable via crafted dotfiles_uri values and the mode=auto workflow. Root cause: unsanitized user input interpolated into shell commands, enabling arbitrary code execution inside a provisioned workspace, especially when ...
EUVD-2026-42074
The GET /api/v1/public/:accessId/portfolio endpoint in ghostfolio accepts private access IDs without validating granteeUserId filtering, allowing unauthenticated access to full portfolio data. Attackers with a private access ID can retrieve sensitive portfolio information including holdings,...
EUVD-2026-42069
An improper access check allows privileged users to overwrite media files without editing permissions...
DEBIAN-CVE-2026-33630
Bulletin has no description...
CVE-2026-8926
A flaw was found in curl. When curl is configured to use a .netrc file for credentials and a URL is provided with a username but no password, curl may incorrectly retrieve and use the password for a different user from the .netrc file for the same host. This could lead to unauthorized information...
DEBIAN-CVE-2026-55380
Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile.open read image dimensions from the GD 2.x header and stored them in self.size without calling Image.decompressionbombcheck, allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This iss...
BIT-TOMCAT-2026-53434 Apache Tomcat: Invalid CRL configuration doesn't trigger failure for FFM Connector
Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM based connector. This issue affects Apache Tomcat: from 11.0.0 through 11.0.22, from 10.1.0 through 10.1.55, from 9.0.83 through 9.0.118. Users are recommended to upgrade to version 11.0.23,...
DEBIAN-CVE-2026-58213
Bulletin has no description...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the repository feed endpoints. An attacker can access private repository commit data by using API tokens that lack the required repository scope. Remediation Upgrade github.com/go-gitea/gitea/routers/web/feed...
MINI-7C59-4PMJ-GM2V
Bulletin has no description...
MINI-WXWC-J2R5-857G
Bulletin has no description...
MINI-35VF-RF4X-8FFV
Bulletin has no description...
ECHO-496E-C070-4EC0
Bulletin has no description...
MINI-RR87-XCRX-GM2X
Bulletin has no description...
CGA-67PX-Q2R2-V28W
Bulletin has no description...
EUVD-2026-41255
The User Registration & Membership WordPress plugin before 5.2.0 does not enforce payment completion before activating a paid membership subscription, allowing unauthenticated users after self-registering an account through the open registration flow to obtain an active subscription on any paid...
MINI-FMP6-8VGX-3W55
Bulletin has no description...
Allocation of Resources Without Limits or Throttling
Overview github.com/elastic/fleet-server/internal/pkg/api is a control server to manage a fleet of elastic-agents. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the upload endpoint. An attacker can exhaust system memory by submitting...