๐จ CVE-2026-39006
An issue in SNMP4J-Agent 3.8.3 allows a remote attacker to execute arbitrary code via the snmp4jCfgStoragePath component.
๐@cveNotify
An issue in SNMP4J-Agent 3.8.3 allows a remote attacker to execute arbitrary code via the snmp4jCfgStoragePath component.
๐@cveNotify
GitHub
security-advisories/CVE-2026-39006.md at main ยท EaEa0001/security-advisories
Contribute to EaEa0001/security-advisories development by creating an account on GitHub.
๐จ CVE-2026-39007
An issue in Observeinc's Observe v.2026-01-28 and before allows a remote attacker to obtain sensitive information via the CSV Log export component.
๐@cveNotify
An issue in Observeinc's Observe v.2026-01-28 and before allows a remote attacker to obtain sensitive information via the CSV Log export component.
๐@cveNotify
GitHub
Vulnerability_Publications/CVE-2026-39007 at main ยท Kettn/Vulnerability_Publications
This repository contains information on the CVE's I've found. - Kettn/Vulnerability_Publications
๐จ CVE-2026-39118
An issue in Iru, Inc Kandji Agent before v.4.7.5(5374) allows a local attacker to escalate privileges via a client validation gap to invoke restricted agent functionality.
๐@cveNotify
An issue in Iru, Inc Kandji Agent before v.4.7.5(5374) allows a local attacker to escalate privileges via a client validation gap to invoke restricted agent functionality.
๐@cveNotify
Iru
Kandji Agent Release 4.7.5 (5374)
This release includes miscellaneous bug fixes and performance improvements.
๐จ CVE-2026-39197
An issue in the /util/http/prelude.rs endpoint of Datadog, Inc Vector v0.54.0 allows attackers to cause a Denial of Service (DoS) via a crafted request or payload.
๐@cveNotify
An issue in the /util/http/prelude.rs endpoint of Datadog, Inc Vector v0.54.0 allows attackers to cause a Denial of Service (DoS) via a crafted request or payload.
๐@cveNotify
Gist
Reference for CVE-2026-39197
Reference for CVE-2026-39197. GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2026-48114
Metacat is data repository software that helps researchers preserve, share, and discover data. Versions 2.0.0 and and above contain an unauthenticated SQL injection in the /harvesterRegistration endpoint. HarvesterRegistration.dbInsert() builds an INSERT against HARVEST_SITE_SCHEDULE via string concatenation, using a quoteString() helper that performs raw single-quote wrapping without escaping. Three request parameters reach the sink: unit, contactEmail, and documentListURL. The servlet does not verify a real LDAP identity. Allowing the vulnerable insert to proceed. Since the PostgreSQL backend permits stacked queries via Statement.executeUpdate(), this vulnerability allows full read/write/execute access in the Metacat database context. The vulnerability was remediated in Metacat 3.0.0.
๐@cveNotify
Metacat is data repository software that helps researchers preserve, share, and discover data. Versions 2.0.0 and and above contain an unauthenticated SQL injection in the /harvesterRegistration endpoint. HarvesterRegistration.dbInsert() builds an INSERT against HARVEST_SITE_SCHEDULE via string concatenation, using a quoteString() helper that performs raw single-quote wrapping without escaping. Three request parameters reach the sink: unit, contactEmail, and documentListURL. The servlet does not verify a real LDAP identity. Allowing the vulnerable insert to proceed. Since the PostgreSQL backend permits stacked queries via Statement.executeUpdate(), this vulnerability allows full read/write/execute access in the Metacat database context. The vulnerability was remediated in Metacat 3.0.0.
๐@cveNotify
GitHub
Removed the harvester client for LTER. ยท NCEAS/metacat@820d595
Data repository software that helps researchers preserve, share, and discover data - Removed the harvester client for LTER. ยท NCEAS/metacat@820d595
๐จ CVE-2026-50870
An information disclosure vulnerability in the configuration endpoint of Ben Busby whoogle-search v1.2.3 allows attackers to obtain sensitive information via a crafted GET request.
๐@cveNotify
An information disclosure vulnerability in the configuration endpoint of Ben Busby whoogle-search v1.2.3 allows attackers to obtain sensitive information via a crafted GET request.
๐@cveNotify
Gist
Reference for CVE-2026-50870
Reference for CVE-2026-50870. GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2026-50871
An OS command injection vulnerability in the media archiving and export pipeline component of kanishka-linux Reminiscence v0.3.0 allows attackers to execute arbitrary commands via supplying a crafted input.
๐@cveNotify
An OS command injection vulnerability in the media archiving and export pipeline component of kanishka-linux Reminiscence v0.3.0 allows attackers to execute arbitrary commands via supplying a crafted input.
๐@cveNotify
Gist
Reference for CVE-2026-50871
Reference for CVE-2026-50871. GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2026-50872
An issue in the loopback request handling component of fossar selfoss v2.20-SNAPSHOT allows attackers to execute arbitrary commands and obtain sensitive information via supplying a crafted HTTP request.
๐@cveNotify
An issue in the loopback request handling component of fossar selfoss v2.20-SNAPSHOT allows attackers to execute arbitrary commands and obtain sensitive information via supplying a crafted HTTP request.
๐@cveNotify
Gist
Reference for CVE-2026-50872
Reference for CVE-2026-50872. GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2026-50873
An arbitrary file upload vulnerability in the attachment handling component of flatnotes v5.5.4 allows attackers to execute arbitrary code via uploading a crafted HTML or SVG file.
๐@cveNotify
An arbitrary file upload vulnerability in the attachment handling component of flatnotes v5.5.4 allows attackers to execute arbitrary code via uploading a crafted HTML or SVG file.
๐@cveNotify
Gist
Reference for CVE-2026-50873
Reference for CVE-2026-50873. GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2026-50874
An OS command injection vulnerability in the /manage/features/media component of kanishka-linux Reminiscence v0.3.0 allows attackers to execute arbitrary commands via supplying a crafted input.
๐@cveNotify
An OS command injection vulnerability in the /manage/features/media component of kanishka-linux Reminiscence v0.3.0 allows attackers to execute arbitrary commands via supplying a crafted input.
๐@cveNotify
Gist
Reference for CVE-2026-50874
Reference for CVE-2026-50874. GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2026-50875
Incorrect access control in the /{form}/webhooks/{webhook} endpoint of Deck9 Input v2.0.1 allows authenticated attackers to arbitrarily modify or delete another tenant's webhook via a crafted request.
๐@cveNotify
Incorrect access control in the /{form}/webhooks/{webhook} endpoint of Deck9 Input v2.0.1 allows authenticated attackers to arbitrarily modify or delete another tenant's webhook via a crafted request.
๐@cveNotify
Gist
Reference for CVE-2026-50875
Reference for CVE-2026-50875. GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2026-50876
A cross-site scripting (XSS) vulnerability in Deck9 Input v2.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
๐@cveNotify
A cross-site scripting (XSS) vulnerability in Deck9 Input v2.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
๐@cveNotify
Gist
Reference for CVE-2026-50876
Reference for CVE-2026-50876. GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2026-50877
An issue in Zhoros SuperBin v1.0.0 allows attackers to execute a directory traversal via supplying files with names containing traversal characters.
๐@cveNotify
An issue in Zhoros SuperBin v1.0.0 allows attackers to execute a directory traversal via supplying files with names containing traversal characters.
๐@cveNotify
Gist
Reference for CVE-2026-50877
Reference for CVE-2026-50877. GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2026-50880
An issue in the sendmail transport integration component of YouTransfer v1.0.6 allows attackers to execute arbitrary code via supplying a crafted request.
๐@cveNotify
An issue in the sendmail transport integration component of YouTransfer v1.0.6 allows attackers to execute arbitrary code via supplying a crafted request.
๐@cveNotify
Gist
Reference for CVE-2026-50880
Reference for CVE-2026-50880. GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2026-50881
Incorrect access control in the impworks Bonsai v6.0 allows authenticated attackers with Editor privileges to escalate privileges to Administrator and execute unauthorized account, password, and configuration changes.
๐@cveNotify
Incorrect access control in the impworks Bonsai v6.0 allows authenticated attackers with Editor privileges to escalate privileges to Administrator and execute unauthorized account, password, and configuration changes.
๐@cveNotify
Gist
Reference for CVE-2026-50881
Reference for CVE-2026-50881. GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2026-50882
An issue in the /api/v0/pastes endpoint of anna-is-cute paste v0.1.1 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
๐@cveNotify
An issue in the /api/v0/pastes endpoint of anna-is-cute paste v0.1.1 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
๐@cveNotify
Gist
Reference for CVE-2026-50882
Reference for CVE-2026-50882. GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2026-50883
An HTML injection vulnerability in the /src/highlight.rs component of matze wastebin v3.4.1 allows attackers to execute arbitrary scripts via a crafted payload.
๐@cveNotify
An HTML injection vulnerability in the /src/highlight.rs component of matze wastebin v3.4.1 allows attackers to execute arbitrary scripts via a crafted payload.
๐@cveNotify
Gist
Reference for CVE-2026-50883
Reference for CVE-2026-50883. GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2026-50884
Incorrect access control in statping-ng v0.93.0 allows attackers to escalate privileges to Administrator and access sensitive components.
๐@cveNotify
Incorrect access control in statping-ng v0.93.0 allows attackers to escalate privileges to Administrator and access sensitive components.
๐@cveNotify
Gist
Reference for CVE-2026-50884
Reference for CVE-2026-50884. GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2026-50885
Incorrect access control in the share-based read endpoints of Sismics Docs (Teedy) v1.11 allow unauthorized attackers to access sensitive endpoints via a crafted request.
๐@cveNotify
Incorrect access control in the share-based read endpoints of Sismics Docs (Teedy) v1.11 allow unauthorized attackers to access sensitive endpoints via a crafted request.
๐@cveNotify
Gist
Reference for CVE-2026-50885
Reference for CVE-2026-50885. GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2026-50886
Incorrect access control in the webhook management component of Project Firefly III v6.5.9 allows attackers to scan internal resources via a crafted POST request.
๐@cveNotify
Incorrect access control in the webhook management component of Project Firefly III v6.5.9 allows attackers to scan internal resources via a crafted POST request.
๐@cveNotify
Gist
Reference for CVE-2026-50886
Reference for CVE-2026-50886. GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2026-50887
A Server-Side Request Forgery (SSRF) in the automatic short URL title resolution component of shlink v5.0.1 allows attackers to scan internal resources via supplying a crafted longUrl.
๐@cveNotify
A Server-Side Request Forgery (SSRF) in the automatic short URL title resolution component of shlink v5.0.1 allows attackers to scan internal resources via supplying a crafted longUrl.
๐@cveNotify
Gist
Reference for CVE-2026-50887
Reference for CVE-2026-50887. GitHub Gist: instantly share code, notes, and snippets.