π¨ CVE-2026-58520
URL redirection to untrusted site ('open redirect') vulnerability in The Wikimedia Foundation Mediawiki - UrlShortener Extension allows Cross-Site Flashing.
This issue affects Mediawiki - UrlShortener Extension: from * before 1.43.9, 1.44.6, 1.45.4.
π@cveNotify
URL redirection to untrusted site ('open redirect') vulnerability in The Wikimedia Foundation Mediawiki - UrlShortener Extension allows Cross-Site Flashing.
This issue affects Mediawiki - UrlShortener Extension: from * before 1.43.9, 1.44.6, 1.45.4.
π@cveNotify
π¨ CVE-2026-14358
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in The Wikimedia Foundation Mediawiki - Charts Extension allows Cross-Site Scripting (XSS).
This issue affects Mediawiki - Charts Extension: from * before 1.43.9,1.44.6,1.45.4.
π@cveNotify
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in The Wikimedia Foundation Mediawiki - Charts Extension allows Cross-Site Scripting (XSS).
This issue affects Mediawiki - Charts Extension: from * before 1.43.9,1.44.6,1.45.4.
π@cveNotify
π¨ CVE-2026-58517
Improper neutralization of input terminators vulnerability in The Wikimedia Foundation Mediawiki - WikiLambda Extension allows Authentication Bypass.
This issue affects Mediawiki - WikiLambda Extension: from * before 1.43.9,1.44.6,1.45.4.
π@cveNotify
Improper neutralization of input terminators vulnerability in The Wikimedia Foundation Mediawiki - WikiLambda Extension allows Authentication Bypass.
This issue affects Mediawiki - WikiLambda Extension: from * before 1.43.9,1.44.6,1.45.4.
π@cveNotify
π¨ CVE-2024-1248
The silent Just-In-Time (JIT) provisioning feature in federated authentication implementations fails to properly segregate user roles during account creation when a federated user shares a username with a local user. This allows the provisioning process to overwrite existing roles of local users with roles assigned to the federated user.
Exploitation requires a federated identity provider (IDP) with silent JIT provisioning enabled and an attacker's knowledge of a local user's username. When these conditions are met, a malicious individual can leverage the JIT provisioning process to modify the roles of local users. The overwritten roles are limited to those defined within the federated IDP, typically granting minimal access rights unless explicitly configured otherwise by the federated IDP administrator.
π@cveNotify
The silent Just-In-Time (JIT) provisioning feature in federated authentication implementations fails to properly segregate user roles during account creation when a federated user shares a username with a local user. This allows the provisioning process to overwrite existing roles of local users with roles assigned to the federated user.
Exploitation requires a federated identity provider (IDP) with silent JIT provisioning enabled and an attacker's knowledge of a local user's username. When these conditions are met, a malicious individual can leverage the JIT provisioning process to modify the roles of local users. The overwritten roles are limited to those defined within the federated IDP, typically granting minimal access rights unless explicitly configured otherwise by the federated IDP administrator.
π@cveNotify
Wso2
Security Advisory WSO2-2024-3179/CVE-2024-1248
Documentation for WSO2 Security and Compliance
π¨ CVE-2026-14867
Credentials of built-in users are insecurely stored in the User directory of PcVue projects, all versions prior to 17.0.0. A local attacker could retrieve usersβ credentials.
Active Directory accounts are not affected by this vulnerability.
π@cveNotify
Credentials of built-in users are insecurely stored in the User directory of PcVue projects, all versions prior to 17.0.0. A local attacker could retrieve usersβ credentials.
Active Directory accounts are not affected by this vulnerability.
π@cveNotify
PcVue
Security Bulletins | PcVue
Stay informed with the latest PcVue security bulletins. Review updates, patches, and advisories to keep your system protected and up to date.
π¨ CVE-2026-14868
The encryption algorithm used to protect the configuration of user accounts, stored in the built-in user directory of PcVue projects, all versions prior to 17.0.0, is not strong enough for the level of protection required. A local attacker could alter the existing configuration and ultimately gain privileged access to the PcVue application.
π@cveNotify
The encryption algorithm used to protect the configuration of user accounts, stored in the built-in user directory of PcVue projects, all versions prior to 17.0.0, is not strong enough for the level of protection required. A local attacker could alter the existing configuration and ultimately gain privileged access to the PcVue application.
π@cveNotify
PcVue
Security Bulletins | PcVue
Stay informed with the latest PcVue security bulletins. Review updates, patches, and advisories to keep your system protected and up to date.
π¨ CVE-2026-47646
Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Customer Voice allows an unauthorized attacker to perform spoofing over a network.
π@cveNotify
Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Customer Voice allows an unauthorized attacker to perform spoofing over a network.
π@cveNotify
π¨ CVE-2026-46215
In the Linux kernel, the following vulnerability has been resolved:
drm: Set old handle to NULL before prime swap in change_handle
There was a potential race condition in change_handle. The ioctl
briefly had a single object with two idr entries; a concurrent
gem_close could delete the object and remove one of the handles
while leaving the other one dangling, which could subsequently
be dereferenced for a use-after-free.
To fix this, do the same dance that gem_close itself does.
(f6cd7daecff5 drm: Release driver references to handle before making it available again)
First idr_replace the old handle to NULL. Later, if the prime
operations are successful, actually close it.
create_tail required a similar dance to avoid a similar problem.
(bd46cece51a3 drm/gem: Fix race in drm_gem_handle_create_tail())
It idr_allocs the new handle with NULL, then swaps in the correct
object later to avoid races. We don't need to do that here, since
the only operations that could race are drm_prime, and
change_handle holds the prime lock for the entire duration.
v2: cleanups of error paths
π@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
drm: Set old handle to NULL before prime swap in change_handle
There was a potential race condition in change_handle. The ioctl
briefly had a single object with two idr entries; a concurrent
gem_close could delete the object and remove one of the handles
while leaving the other one dangling, which could subsequently
be dereferenced for a use-after-free.
To fix this, do the same dance that gem_close itself does.
(f6cd7daecff5 drm: Release driver references to handle before making it available again)
First idr_replace the old handle to NULL. Later, if the prime
operations are successful, actually close it.
create_tail required a similar dance to avoid a similar problem.
(bd46cece51a3 drm/gem: Fix race in drm_gem_handle_create_tail())
It idr_allocs the new handle with NULL, then swaps in the correct
object later to avoid races. We don't need to do that here, since
the only operations that could race are drm_prime, and
change_handle holds the prime lock for the entire duration.
v2: cleanups of error paths
π@cveNotify
π¨ CVE-2026-12352
This vulnerability allows an unauthenticated actor to bypass authentication and gain access to restricted resources on the device.
π@cveNotify
This vulnerability allows an unauthenticated actor to bypass authentication and gain access to restricted resources on the device.
π@cveNotify
Digi
Security Center | Digi International
Digi's one stop location for all the security news, information and resources related to our products and services.
π¨ CVE-2026-12948
A stored cross-site scripting (XSS) vulnerability in the web management interface of the Digi PortServer TS, Digi One SP, Digi One SP IA, and Digi One IA allows a remote, authenticated administrator to inject script into certain system configuration fields. The script subsequently executes in the browser of a user who views the affected pages (CWE-79).
π@cveNotify
A stored cross-site scripting (XSS) vulnerability in the web management interface of the Digi PortServer TS, Digi One SP, Digi One SP IA, and Digi One IA allows a remote, authenticated administrator to inject script into certain system configuration fields. The script subsequently executes in the browser of a user who views the affected pages (CWE-79).
π@cveNotify
Digi
Security Center | Digi International
Digi's one stop location for all the security news, information and resources related to our products and services.
π¨ CVE-2026-59709
Ghostfolio's PUT /api/v1/portfolio/holding/:dataSource/:symbol/tags endpoint fails to verify Access.permissions field when processing the Impersonation-Id header, allowing read-only access grantees to modify portfolio holding tags. Attackers with valid read-only share tokens can assign or remove tags on victim holdings, corrupting portfolio categorization and reports.
π@cveNotify
Ghostfolio's PUT /api/v1/portfolio/holding/:dataSource/:symbol/tags endpoint fails to verify Access.permissions field when processing the Impersonation-Id header, allowing read-only access grantees to modify portfolio holding tags. Attackers with valid read-only share tokens can assign or remove tags on victim holdings, corrupting portfolio categorization and reports.
π@cveNotify
GitHub
GitHub - ghostfolio/ghostfolio: Open Source Wealth Management Software. Angular + NestJS + Prisma + Nx + TypeScript π€
Open Source Wealth Management Software. Angular + NestJS + Prisma + Nx + TypeScript π€ - ghostfolio/ghostfolio
π¨ CVE-2026-59708
The GET /api/v1/public/:accessId/portfolio endpoint in ghostfolio accepts private access IDs without validating granteeUserId filtering, allowing unauthenticated access to full portfolio data. Attackers with a private access ID can retrieve sensitive portfolio information including holdings, quantities, buy prices, and performance metrics without authentication.
π@cveNotify
The GET /api/v1/public/:accessId/portfolio endpoint in ghostfolio accepts private access IDs without validating granteeUserId filtering, allowing unauthenticated access to full portfolio data. Attackers with a private access ID can retrieve sensitive portfolio information including holdings, quantities, buy prices, and performance metrics without authentication.
π@cveNotify
GitHub
GitHub - ghostfolio/ghostfolio: Open Source Wealth Management Software. Angular + NestJS + Prisma + Nx + TypeScript π€
Open Source Wealth Management Software. Angular + NestJS + Prisma + Nx + TypeScript π€ - ghostfolio/ghostfolio
π¨ CVE-2026-59806
Gradio before 6.20.0 contains an open redirect and server-side request forgery vulnerability that allows attackers to redirect users to arbitrary URLs or perform client-side SSRF by supplying unvalidated HTTP/HTTPS URLs to the file_fetch() function in the /gradio_api/file= endpoint. Attackers can craft a malicious FileData response targeting internal endpoints such as cloud metadata services to retrieve sensitive credentials including EC2 IAM role credentials.
π@cveNotify
Gradio before 6.20.0 contains an open redirect and server-side request forgery vulnerability that allows attackers to redirect users to arbitrary URLs or perform client-side SSRF by supplying unvalidated HTTP/HTTPS URLs to the file_fetch() function in the /gradio_api/file= endpoint. Attackers can craft a malicious FileData response targeting internal endpoints such as cloud metadata services to retrieve sensitive credentials including EC2 IAM role credentials.
π@cveNotify
GitHub
fix: serve /gradio_api/file=<url> via an SSRF-safe proxy (#13596) Β· gradio-app/gradio@1c5c538
* fix: harden CORS Host-header trust (#13594) and file= open redirect/SSRF (#13593)
CORS (#13594): CustomCORSMiddleware decided whether to apply the localhost-only
CORS restriction from the client...
CORS (#13594): CustomCORSMiddleware decided whether to apply the localhost-only
CORS restriction from the client...
π¨ CVE-2026-8650
Relative path traversal vulnerability in Progress MOVEit Transfer (Admin Settings module).
This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3.
π@cveNotify
Relative path traversal vulnerability in Progress MOVEit Transfer (Admin Settings module).
This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3.
π@cveNotify
Progress
Fixed Issues in 2026
This section outlines issues tracked and fixed by the MOVEit product team for the 2026 release. Note: See the What's New section for a broader summary of features and improvements.
π¨ CVE-2026-8651
Limited authentication bypass by spoofing vulnerability in Progress MOVEit Transfer (HTTPS module).
This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3.
π@cveNotify
Limited authentication bypass by spoofing vulnerability in Progress MOVEit Transfer (HTTPS module).
This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3.
π@cveNotify
Progress
Fixed Issues in 2026
This section outlines issues tracked and fixed by the MOVEit product team for the 2026 release. Note: See the What's New section for a broader summary of features and improvements.
π¨ CVE-2026-8800
Incorrect Authorization vulnerability in Progress MOVEit Transfer (Audit User module).
This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3.
π@cveNotify
Incorrect Authorization vulnerability in Progress MOVEit Transfer (Audit User module).
This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3.
π@cveNotify
Progress
Fixed Issues in 2026
This section outlines issues tracked and fixed by the MOVEit product team for the 2026 release. Note: See the What's New section for a broader summary of features and improvements.
π¨ CVE-2026-8801
Path equivalence: vulnerability in Progress MOVEit Transfer (File Upload modules).
This issue affects MOVEit Transfer: before 2025.0.8, from 2025.1.0 before 2025.1.4.
π@cveNotify
Path equivalence: vulnerability in Progress MOVEit Transfer (File Upload modules).
This issue affects MOVEit Transfer: before 2025.0.8, from 2025.1.0 before 2025.1.4.
π@cveNotify
Progress
Fixed Issues in 2026
This section outlines issues tracked and fixed by the MOVEit product team for the 2026 release. Note: See the What's New section for a broader summary of features and improvements.
π¨ CVE-2026-0288
Multiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent (TSA) component of Palo Alto Networks PAN-OS software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition or potentially execute arbitrary code by sending specially crafted network traffic.
The security risk posed by this issue is minimized when the User-ID Terminal Server Agent connectivity is restricted to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://docs.paloaltonetworks.com/ngfw/help/10-2/user-identification/device-user-identification-terminal-services-agents#:~:text=To%20minimize%20security%20risk%2C%20restrict%20TS%20Agent%20connectivity%20to%20trusted%20internal%20IP%20addresses%20only. .
Panorama is not impacted by this vulnerability.
π@cveNotify
Multiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent (TSA) component of Palo Alto Networks PAN-OS software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition or potentially execute arbitrary code by sending specially crafted network traffic.
The security risk posed by this issue is minimized when the User-ID Terminal Server Agent connectivity is restricted to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://docs.paloaltonetworks.com/ngfw/help/10-2/user-identification/device-user-identification-terminal-services-agents#:~:text=To%20minimize%20security%20risk%2C%20restrict%20TS%20Agent%20connectivity%20to%20trusted%20internal%20IP%20addresses%20only. .
Panorama is not impacted by this vulnerability.
π@cveNotify
Palo Alto Networks Product Security Assurance
Palo Alto Networks Security Advisories
Palo Alto Networks Security Advisories - Latest information and remediations available for vulnerabilities concerning Palo Alto Networks products and services.
π¨ CVE-2026-15173
pcapng file parser crash in Wireshark 4.6.0 to 4.6.6 allows denial of service
π@cveNotify
pcapng file parser crash in Wireshark 4.6.0 to 4.6.6 allows denial of service
π@cveNotify
GitLab
Darwin DPIB UUID option rewrite heap overflow (#21285) Β· Issues Β· Wireshark Foundation / Wireshark Β· GitLab
Mitchell Benjamin reported the following: I would like to privately report a heap-buffer-overflow in Wireshark 4.6.6's pcapng Darwin DPIB rewrite path. Summary:...
π¨ CVE-2026-15174
Catapult DCT2000 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
π@cveNotify
Catapult DCT2000 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
π@cveNotify
GitLab
Buffer overlow/segfault in Catapult DCT2000 dissector via not check no_ddi_entries in header (#21270) Β· Issues Β· Wireshark Foundationβ¦
From Michael Bommarito on the security list: In attach_fp_info() (epan/dissectors/packet-catapult-dct2000.c), the E-DCH branch reads p_fp_info->no_ddi_entries from the parsed outhdr_values[] block and then loops over that value...
π¨ CVE-2026-58207
NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a client able to send account-scoped connection monitoring requests could crash the server by supplying Connz pagination Offset and Limit values that overflowed internal arithmetic before the response window was safely bounded. This issue is fixed in versions 2.14.3 and 2.12.12.
π@cveNotify
NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a client able to send account-scoped connection monitoring requests could crash the server by supplying Connz pagination Offset and Limit values that overflowed internal arithmetic before the response window was safely bounded. This issue is fixed in versions 2.14.3 and 2.12.12.
π@cveNotify
GitHub
[FIXED] Connz/Subsz pagination panic on Offset+Limit integer overflow Β· nats-io/nats-server@2ae0471
Signed-off-by: Maurice van Veen <github@mauricevanveen.com>