๐จ CVE-2026-48899
An improper access check allows privilege escalation through the com_users batch task.
๐@cveNotify
An improper access check allows privilege escalation through the com_users batch task.
๐@cveNotify
Joomla! Developer Networkโข
Joomla! Developer Network
The Flexible Platform Empowering Website Creators
๐จ CVE-2026-48900
An improper access check allowed low privileged users to edit the task types of existing scheduler tasks.
๐@cveNotify
An improper access check allowed low privileged users to edit the task types of existing scheduler tasks.
๐@cveNotify
Joomla! Developer Networkโข
Joomla! Developer Network
The Flexible Platform Empowering Website Creators
๐จ CVE-2026-48903
Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components.
๐@cveNotify
Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components.
๐@cveNotify
Joomla! Developer Networkโข
Joomla! Developer Network
The Flexible Platform Empowering Website Creators
๐จ CVE-2026-48904
An improper access check allows privelege escalation through the com_users group editing webservice endpoint.
๐@cveNotify
An improper access check allows privelege escalation through the com_users group editing webservice endpoint.
๐@cveNotify
Joomla! Developer Networkโข
Joomla! Developer Network
The Flexible Platform Empowering Website Creators
๐จ CVE-2026-48905
Lack of input filtering leads to an XSS vector in the HTML filter code.
๐@cveNotify
Lack of input filtering leads to an XSS vector in the HTML filter code.
๐@cveNotify
Joomla! Developer Networkโข
Joomla! Developer Network
The Flexible Platform Empowering Website Creators
๐จ CVE-2026-46745
Apache Airflow FAB Auth Manager contains an LDAP filter injection vulnerability (CWE-90) that allows unauthenticated attackers to exfiltrate directory data or bypass authentication. Upgrade to apache-airflow-providers-fab 3.6.4 or later. If immediate upgrade is not possible, disable LDAP authentication until the provider can be updated.
๐@cveNotify
Apache Airflow FAB Auth Manager contains an LDAP filter injection vulnerability (CWE-90) that allows unauthenticated attackers to exfiltrate directory data or bypass authentication. Upgrade to apache-airflow-providers-fab 3.6.4 or later. If immediate upgrade is not possible, disable LDAP authentication until the provider can be updated.
๐@cveNotify
GitHub
fix: the ldap authentication handler in the flask-ap... in override.py by orbisai0security ยท Pull Request #66417 ยท apache/airflow
Summary
Fix critical severity security issue in providers/fab/src/airflow/providers/fab/auth_manager/security_manager/override.py.
Vulnerability
Field
Value
ID
V-001
Severity
CRITICAL
Sc...
Fix critical severity security issue in providers/fab/src/airflow/providers/fab/auth_manager/security_manager/override.py.
Vulnerability
Field
Value
ID
V-001
Severity
CRITICAL
Sc...
๐จ CVE-2026-9078
Firefox for iOS displayed specially crafted right-to-left (RTL) and internationalized domain names (IDNs) incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portions of the displayed domain, causing attacker-controlled sites to appear as trusted origins. This vulnerability was fixed in Firefox for iOS 151.1.
๐@cveNotify
Firefox for iOS displayed specially crafted right-to-left (RTL) and internationalized domain names (IDNs) incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portions of the displayed domain, causing attacker-controlled sites to appear as trusted origins. This vulnerability was fixed in Firefox for iOS 151.1.
๐@cveNotify
bugzilla.mozilla.org
Access Denied
You are not authorized to access bug 2029371. To see this bug, you must
first log in to an account with the appropriate permissions.
first log in to an account with the appropriate permissions.
๐จ CVE-2026-42797
Exposure of Sensitive Information Through Data Queries vulnerability in Apache Syncope.
An administrator with adequate entitlements for Derived Schemas can create a malicious JEXL expression which allows any administrator with sufficient entitlements for User read to access User-related security-sensitive information.
This issue affects Apache Syncope: 3.0 through 3.0.16, 4.0 through 4.0.5, 4.1.0.
Users are recommended to upgrade to version 4.0.6 / 4.1.1, which fix this issue by further restricting the JEXL expression definition.
๐@cveNotify
Exposure of Sensitive Information Through Data Queries vulnerability in Apache Syncope.
An administrator with adequate entitlements for Derived Schemas can create a malicious JEXL expression which allows any administrator with sufficient entitlements for User read to access User-related security-sensitive information.
This issue affects Apache Syncope: 3.0 through 3.0.16, 4.0 through 4.0.5, 4.1.0.
Users are recommended to upgrade to version 4.0.6 / 4.1.1, which fix this issue by further restricting the JEXL expression definition.
๐@cveNotify
๐จ CVE-2026-38587
An Insecure Direct Object Reference (IDOR) vulnerability was discovered in ONLYOFFICE DocSpace before 3.2.1. The flaw exists in multiple REST API endpoints. This allows authenticated users with low-level permissions (User or Guest) to retrieve sensitive information, such as the Owner's unique identifier (ID) and profile information, which should only be accessible to administrators.
๐@cveNotify
An Insecure Direct Object Reference (IDOR) vulnerability was discovered in ONLYOFFICE DocSpace before 3.2.1. The flaw exists in multiple REST API endpoints. This allows authenticated users with low-level permissions (User or Guest) to retrieve sensitive information, such as the Owner's unique identifier (ID) and profile information, which should only be accessible to administrators.
๐@cveNotify
GitHub
DocSpace/CHANGELOG.md at master ยท ONLYOFFICE/DocSpace
ONLYOFFICE DocSpace is a room-based collaborative platform which allows organizing a clear file structure depending on users' needs or project goals. Flexible access permissions and user ro...
๐จ CVE-2026-48683
FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read vulnerability in the NetFlow v9 data flowset processor. In src/netflow_plugin/netflow_v9_collector.cpp, the Data template branch (lines 1695-1702) iterates over flow records without performing a per-iteration bounds check against the packet end pointer. In contrast, the Options template branch (lines 1709-1719) correctly checks 'if (pkt + offset + field_template->total_length > packet_end)' before each iteration. The Data branch omits this check entirely. Since template definitions are sent by the network peer (and are unauthenticated UDP), an attacker can craft templates that cause the parser to read arbitrary memory past the packet buffer. This can leak sensitive memory contents or cause a crash.
๐@cveNotify
FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read vulnerability in the NetFlow v9 data flowset processor. In src/netflow_plugin/netflow_v9_collector.cpp, the Data template branch (lines 1695-1702) iterates over flow records without performing a per-iteration bounds check against the packet end pointer. In contrast, the Options template branch (lines 1709-1719) correctly checks 'if (pkt + offset + field_template->total_length > packet_end)' before each iteration. The Data branch omits this check entirely. Since template definitions are sent by the network peer (and are unauthenticated UDP), an attacker can craft templates that cause the parser to read arbitrary memory past the packet buffer. This can leak sensitive memory contents or cause a crash.
๐@cveNotify
GitHub
GitHub - pavel-odintsov/fastnetmon: Very fast DDoS sensor with sFlow/Netflow/IPFIX/SPAN support
Very fast DDoS sensor with sFlow/Netflow/IPFIX/SPAN support - pavel-odintsov/fastnetmon
๐จ CVE-2026-48684
FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read in the NetFlow v9 options template parser. In process_netflow_v9_options_template() (src/netflow_plugin/netflow_v9_collector.cpp), the scope parsing loop (lines 224-229) iterates until scopes_offset reaches the attacker-controlled option_scope_length value, reading netflow9_template_flowset_record_t structures at each step. No bounds check validates that (zone_address + scopes_offset + sizeof(record)) stays within the flowset. The same issue affects the options field loop (lines 241-257) with option_length. Furthermore, option_scope_length is not validated to be a multiple of sizeof(netflow9_template_flowset_record_t), potentially causing misaligned reads. An attacker can trigger reads past the end of the UDP packet buffer.
๐@cveNotify
FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read in the NetFlow v9 options template parser. In process_netflow_v9_options_template() (src/netflow_plugin/netflow_v9_collector.cpp), the scope parsing loop (lines 224-229) iterates until scopes_offset reaches the attacker-controlled option_scope_length value, reading netflow9_template_flowset_record_t structures at each step. No bounds check validates that (zone_address + scopes_offset + sizeof(record)) stays within the flowset. The same issue affects the options field loop (lines 241-257) with option_length. Furthermore, option_scope_length is not validated to be a multiple of sizeof(netflow9_template_flowset_record_t), potentially causing misaligned reads. An attacker can trigger reads past the end of the UDP packet buffer.
๐@cveNotify
GitHub
GitHub - pavel-odintsov/fastnetmon: Very fast DDoS sensor with sFlow/Netflow/IPFIX/SPAN support
Very fast DDoS sensor with sFlow/Netflow/IPFIX/SPAN support - pavel-odintsov/fastnetmon
๐จ CVE-2026-48685
FastNetMon Community Edition through 1.2.9 has out-of-bounds memory access because it incorrectly parses BGP path attributes with the extended length flag set. In src/bgp_protocol.hpp, the parse_raw_bgp_attribute() function correctly identifies when extended_length_bit is set and sets length_of_length_field to 2, but then reads only a single byte for the attribute value length (attribute_value_length = value[2] at line 173). Per RFC 4271 Section 4.3, when the Extended Length bit is set, the Attribute Length field is two octets and the value should be read as a 16-bit big-endian integer from value[2] and value[3]. As a result, any attribute longer than 255 bytes has its length silently truncated to the low byte (e.g., 300 bytes = 0x012C is read as 0x2C = 44 bytes). The remaining 256 bytes are then misinterpreted as subsequent attributes, causing cascading parse failures and potential out-of-bounds memory access.
๐@cveNotify
FastNetMon Community Edition through 1.2.9 has out-of-bounds memory access because it incorrectly parses BGP path attributes with the extended length flag set. In src/bgp_protocol.hpp, the parse_raw_bgp_attribute() function correctly identifies when extended_length_bit is set and sets length_of_length_field to 2, but then reads only a single byte for the attribute value length (attribute_value_length = value[2] at line 173). Per RFC 4271 Section 4.3, when the Extended Length bit is set, the Attribute Length field is two octets and the value should be read as a 16-bit big-endian integer from value[2] and value[3]. As a result, any attribute longer than 255 bytes has its length silently truncated to the low byte (e.g., 300 bytes = 0x012C is read as 0x2C = 44 bytes). The remaining 256 bytes are then misinterpreted as subsequent attributes, causing cascading parse failures and potential out-of-bounds memory access.
๐@cveNotify
GitHub
GitHub - pavel-odintsov/fastnetmon: Very fast DDoS sensor with sFlow/Netflow/IPFIX/SPAN support
Very fast DDoS sensor with sFlow/Netflow/IPFIX/SPAN support - pavel-odintsov/fastnetmon
๐จ CVE-2025-43357
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to fingerprint the user.
๐@cveNotify
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to fingerprint the user.
๐@cveNotify
Apple Support
About the security content of iOS 26 and iPadOS 26 - Apple Support
This document describes the security content of iOS 26 and iPadOS 26.
๐จ CVE-2025-43403
An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26. An app may be able to access sensitive user data.
๐@cveNotify
An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26. An app may be able to access sensitive user data.
๐@cveNotify
Apple Support
About the security content of macOS Tahoe 26 - Apple Support
This document describes the security content of macOS Tahoe 26.
๐จ CVE-2025-46310
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26. An attacker with root privileges may be able to delete protected system files.
๐@cveNotify
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26. An attacker with root privileges may be able to delete protected system files.
๐@cveNotify
Apple Support
About the security content of macOS Tahoe 26 - Apple Support
This document describes the security content of macOS Tahoe 26.
๐จ CVE-2025-43289
A logic issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. A malicious app may be able to access sensitive user data.
๐@cveNotify
A logic issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. A malicious app may be able to access sensitive user data.
๐@cveNotify
Apple Support
About the security content of macOS Tahoe 26 - Apple Support
This document describes the security content of macOS Tahoe 26.
๐จ CVE-2025-43290
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to modify protected parts of the file system.
๐@cveNotify
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to modify protected parts of the file system.
๐@cveNotify
Apple Support
About the security content of macOS Tahoe 26 - Apple Support
This document describes the security content of macOS Tahoe 26.
๐จ CVE-2025-43306
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. A malicious app may be able to gain root privileges.
๐@cveNotify
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. A malicious app may be able to gain root privileges.
๐@cveNotify
Apple Support
About the security content of macOS Tahoe 26 - Apple Support
This document describes the security content of macOS Tahoe 26.
๐จ CVE-2026-8606
A Server-Side Request Forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause the server to issue HTTP requests to internal services via the security advisories package lookup feature. By directing requests to an internal management service and measuring response timing, an attacker could infer the values of sensitive environment variables, including signing secrets and private keys. Exploitation required GitHub Packages to be enabled; on instances not running in private mode the vulnerability was exploitable without authentication, otherwise any authenticated user could exploit it. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.21.1 and was fixed in versions 3.20.3, 3.19.7, 3.18.10, 3.17.16, and 3.16.19. This vulnerability was reported via the GitHub Bug Bounty program.
๐@cveNotify
A Server-Side Request Forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause the server to issue HTTP requests to internal services via the security advisories package lookup feature. By directing requests to an internal management service and measuring response timing, an attacker could infer the values of sensitive environment variables, including signing secrets and private keys. Exploitation required GitHub Packages to be enabled; on instances not running in private mode the vulnerability was exploitable without authentication, otherwise any authenticated user could exploit it. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.21.1 and was fixed in versions 3.20.3, 3.19.7, 3.18.10, 3.17.16, and 3.16.19. This vulnerability was reported via the GitHub Bug Bounty program.
๐@cveNotify
GitHub Docs
Release notes - GitHub Enterprise Server 3.16 Docs
Detailed information for all releases of the currently selected version of GitHub Enterprise Server.
๐จ CVE-2026-9312
A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to send crafted requests to internal services by exploiting insufficient input validation in an upload endpoint. By injecting path traversal content into request parameters, an attacker could bypass the intended request flow and redirect internal API calls, potentially accessing internal services and exposing sensitive credentials. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.22 and was fixed in versions 3.16.20, 3.17.17, 3.18.11, 3.19.8, 3.20.4, and 3.21.1. This vulnerability was reported via the GitHub Bug Bounty program.
๐@cveNotify
A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to send crafted requests to internal services by exploiting insufficient input validation in an upload endpoint. By injecting path traversal content into request parameters, an attacker could bypass the intended request flow and redirect internal API calls, potentially accessing internal services and exposing sensitive credentials. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.22 and was fixed in versions 3.16.20, 3.17.17, 3.18.11, 3.19.8, 3.20.4, and 3.21.1. This vulnerability was reported via the GitHub Bug Bounty program.
๐@cveNotify
GitHub Docs
Release notes - GitHub Enterprise Server 3.16 Docs
Detailed information for all releases of the currently selected version of GitHub Enterprise Server.
๐จ CVE-2026-9605
A flaw has been found in GNU libredwg up to 0.13.4.8160. This issue affects the function bit_read_RC of the file bits.c of the component Dwgbmp Utility. This manipulation causes heap-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. Patch name: 8f03865f37f5d4ffd616fef802acc980be54d300. Applying a patch is the recommended action to fix this issue.
๐@cveNotify
A flaw has been found in GNU libredwg up to 0.13.4.8160. This issue affects the function bit_read_RC of the file bits.c of the component Dwgbmp Utility. This manipulation causes heap-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. Patch name: 8f03865f37f5d4ffd616fef802acc980be54d300. Applying a patch is the recommended action to fix this issue.
๐@cveNotify
GitHub
CVE-Repos/libredwg/libredwg_6d6a339_heap_oob_write_read_2004_compressed_section.dwg at main ยท HackC0der/CVE-Repos
Contribute to HackC0der/CVE-Repos development by creating an account on GitHub.