379 matches found
CVE-2026-25937 GLPI has a MFA bypass
GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, a malicious actor with knowledge of a user's credentials can bypass MFA and steal their account. Version 11.0.6 fixes the issue...
CVE-2026-25937 GLPI has a MFA bypass
GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, a malicious actor with knowledge of a user's credentials can bypass MFA and steal their account. Version 11.0.6 fixes the issue...
CVE-2026-25936
GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, an authenticated user can perfom a SQL injection. Version 11.0.6 fixes the issue...
EulerOS Virtualization 2.12.1 : python-pip (EulerOS-SA-2026-1457)
According to the versions of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests...
Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2026-1544)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2026-1867 WP Front User Submit < 5.0.6 - Unauthenticated Sensitive Information Exposure
The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6 allows passing a URL parameter to regenerate a .json file based on demo data that it initially creates. If an administrator modifies the demo form and enables admin notifications in the Guest posting / Frontend...
EUVD-2026-10710
@appium/support has a Zip Slip arbitrary file write in its ZIP extraction...
PT-2026-24585
🚨 CVE-2026-1867 The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6 allows passing a URL parameter to regenerate a .json file based on demo data that it initially creates. If an administrator modifies the demo form and enables admin notifications in the Guest posting...
CVE-2026-30973
Appium is an automation framework that provides WebDriver-based automation possibilities for a wide range platforms. Prior to 7.0.6, @appium/support contains a ZIP extraction implementation extractAllTo via ZipExtractor.extract with a path traversal Zip Slip check that is non-functional. The chec...
CVE-2026-28222
Wagtail CVE-2026-28222 is a stored XSS affecting TableBlock in StreamField. Prior to versions 6.3.8, 7.0.6, 7.2.3, and 7.3.1, an attacker with page creation/edit permissions could craft TableBlock class attributes that render arbitrary JavaScript when viewed by higher-privilege users. This is not...
CVE-2026-24114
An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Failure to validate pPortMapIndex may lead to buffer overflows when using strcpy...
CVE-2026-27452 ASN.1 TypeScript Library: Decoding an INTEGER could leak the underlying ArrayBuffer
ASN.1 TypeScript ESM library, including codecs for Basic Encoding Rules BER and Distinguished Encoding Rules DER. In versions 11.0.5 and below, in some cases, decoding an INTEGER could leak the underlying ArrayBuffer. This issue is expected to be fixed in version 11.0.6...
CVE-2026-1769
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Xerox CentreWare on Windows allows Stored XSS.This issue affects CentreWare: through 7.0.6. Consider upgrading Xerox® CentreWare Web® to v7.2.2.25 via the software available on Xerox.com...
EUVD-2026-5635
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Xerox CentreWare on Windows allows Stored XSS.This issue affects CentreWare: through 7.0.6. Consider upgrading Xerox® CentreWare Web® to v7.2.2.25 via the software available on Xerox.com...
CVE-2026-1769
Xerox CentreWare Web on Windows is affected by a Stored XSS in CentreWare Web versions through 7.0.6. The vulnerability arises from improper neutralization of input during web page generation, allowing malicious scripts to be stored and potentially executed in the context of other users’ sessions...
UBUNTU-CVE-2026-23953
Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML configuration e.g a member of the ‘incus’ group can create an environment variable containing newlines, which can be used to add additional...
CVE-2025-67960
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in purethemes WorkScout-Core workscout-core allows Reflected XSS.This issue affects WorkScout-Core: from n/a through = 1.7.06...
CVE-2026-24061
creationtimestamp| type| source ---|---|--- 2026-01-21 08:01:25+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mcw7ecrteg25 2026-01-21 09:38:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mcwers7abk2t 2026-01-21 12:18:21+00:00| seen|...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004011)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004011 advisory. In the Linux kernel before 5.0.6, there is a NULL pointer dereference in dropsysctltable in fs/proc/procsysctl.c, related to putlinks, aka CID-23da9588037e. Tenable...
CVE-2026-22036
Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation. This...