CVE Notify
19.2K subscribers
4 photos
196K links
Alert on the latest CVEs

Partner channel: @malwr
Download Telegram
🚨 CVE-2026-14358
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in The Wikimedia Foundation Mediawiki - Charts Extension allows Cross-Site Scripting (XSS).

This issue affects Mediawiki - Charts Extension: from * before 1.43.9,1.44.6,1.45.4.

πŸŽ–@cveNotify
🚨 CVE-2026-58517
Improper neutralization of input terminators vulnerability in The Wikimedia Foundation Mediawiki - WikiLambda Extension allows Authentication Bypass.

This issue affects Mediawiki - WikiLambda Extension: from * before 1.43.9,1.44.6,1.45.4.

πŸŽ–@cveNotify
🚨 CVE-2024-1248
The silent Just-In-Time (JIT) provisioning feature in federated authentication implementations fails to properly segregate user roles during account creation when a federated user shares a username with a local user. This allows the provisioning process to overwrite existing roles of local users with roles assigned to the federated user.

Exploitation requires a federated identity provider (IDP) with silent JIT provisioning enabled and an attacker's knowledge of a local user's username. When these conditions are met, a malicious individual can leverage the JIT provisioning process to modify the roles of local users. The overwritten roles are limited to those defined within the federated IDP, typically granting minimal access rights unless explicitly configured otherwise by the federated IDP administrator.

πŸŽ–@cveNotify
🚨 CVE-2026-14867
Credentials of built-in users are insecurely stored in the User directory of PcVue projects, all versions prior to 17.0.0. A local attacker could retrieve users’ credentials. 

Active Directory accounts are not affected by this vulnerability.

πŸŽ–@cveNotify
🚨 CVE-2026-14868
The encryption algorithm used to protect the configuration of user accounts, stored in the built-in user directory of PcVue projects, all versions prior to 17.0.0, is not strong enough for the level of protection required. A local attacker could alter the existing configuration and ultimately gain privileged access to the PcVue application.

πŸŽ–@cveNotify
🚨 CVE-2026-47646
Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Customer Voice allows an unauthorized attacker to perform spoofing over a network.

πŸŽ–@cveNotify
🚨 CVE-2026-46215
In the Linux kernel, the following vulnerability has been resolved:

drm: Set old handle to NULL before prime swap in change_handle

There was a potential race condition in change_handle. The ioctl
briefly had a single object with two idr entries; a concurrent
gem_close could delete the object and remove one of the handles
while leaving the other one dangling, which could subsequently
be dereferenced for a use-after-free.

To fix this, do the same dance that gem_close itself does.
(f6cd7daecff5 drm: Release driver references to handle before making it available again)
First idr_replace the old handle to NULL. Later, if the prime
operations are successful, actually close it.

create_tail required a similar dance to avoid a similar problem.
(bd46cece51a3 drm/gem: Fix race in drm_gem_handle_create_tail())
It idr_allocs the new handle with NULL, then swaps in the correct
object later to avoid races. We don't need to do that here, since
the only operations that could race are drm_prime, and
change_handle holds the prime lock for the entire duration.

v2: cleanups of error paths

πŸŽ–@cveNotify
🚨 CVE-2026-12352
This vulnerability allows an unauthenticated actor to bypass authentication and gain access to restricted resources on the device.

πŸŽ–@cveNotify
🚨 CVE-2026-12948
A stored cross-site scripting (XSS) vulnerability in the web management interface of the Digi PortServer TS, Digi One SP, Digi One SP IA, and Digi One IA allows a remote, authenticated administrator to inject script into certain system configuration fields. The script subsequently executes in the browser of a user who views the affected pages (CWE-79).

πŸŽ–@cveNotify
🚨 CVE-2026-59709
Ghostfolio's PUT /api/v1/portfolio/holding/:dataSource/:symbol/tags endpoint fails to verify Access.permissions field when processing the Impersonation-Id header, allowing read-only access grantees to modify portfolio holding tags. Attackers with valid read-only share tokens can assign or remove tags on victim holdings, corrupting portfolio categorization and reports.

πŸŽ–@cveNotify
🚨 CVE-2026-59708
The GET /api/v1/public/:accessId/portfolio endpoint in ghostfolio accepts private access IDs without validating granteeUserId filtering, allowing unauthenticated access to full portfolio data. Attackers with a private access ID can retrieve sensitive portfolio information including holdings, quantities, buy prices, and performance metrics without authentication.

πŸŽ–@cveNotify
🚨 CVE-2026-59806
Gradio before 6.20.0 contains an open redirect and server-side request forgery vulnerability that allows attackers to redirect users to arbitrary URLs or perform client-side SSRF by supplying unvalidated HTTP/HTTPS URLs to the file_fetch() function in the /gradio_api/file= endpoint. Attackers can craft a malicious FileData response targeting internal endpoints such as cloud metadata services to retrieve sensitive credentials including EC2 IAM role credentials.

πŸŽ–@cveNotify
🚨 CVE-2026-8650
Relative path traversal vulnerability in Progress MOVEit Transfer (Admin Settings module).

This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3.

πŸŽ–@cveNotify
🚨 CVE-2026-8651
Limited authentication bypass by spoofing vulnerability in Progress MOVEit Transfer (HTTPS module).

This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3.

πŸŽ–@cveNotify
🚨 CVE-2026-8800
Incorrect Authorization vulnerability in Progress MOVEit Transfer (Audit User module).

This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3.

πŸŽ–@cveNotify
🚨 CVE-2026-8801
Path equivalence: vulnerability in Progress MOVEit Transfer (File Upload modules).

This issue affects MOVEit Transfer: before 2025.0.8, from 2025.1.0 before 2025.1.4.

πŸŽ–@cveNotify
🚨 CVE-2026-0288
Multiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent (TSA) component of Palo Alto Networks PAN-OS software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition or potentially execute arbitrary code by sending specially crafted network traffic.

The security risk posed by this issue is minimized when the User-ID Terminal Server Agent connectivity is restricted to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://docs.paloaltonetworks.com/ngfw/help/10-2/user-identification/device-user-identification-terminal-services-agents#:~:text=To%20minimize%20security%20risk%2C%20restrict%20TS%20Agent%20connectivity%20to%20trusted%20internal%20IP%20addresses%20only. .

Panorama is not impacted by this vulnerability.

πŸŽ–@cveNotify
🚨 CVE-2026-58207
NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a client able to send account-scoped connection monitoring requests could crash the server by supplying Connz pagination Offset and Limit values that overflowed internal arithmetic before the response window was safely bounded. This issue is fixed in versions 2.14.3 and 2.12.12.

πŸŽ–@cveNotify
🚨 CVE-2026-58208
NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a WebSocket listener could route requests for the MQTT-over-WebSocket path into MQTT handling even when MQTT was not configured, allowing an unauthenticated client with access to the WebSocket listener to reach uninitialized MQTT state and crash the server process. This issue is fixed in versions 2.14.3 and 2.12.12.

πŸŽ–@cveNotify