CVE Notify
19.2K subscribers
4 photos
196K links
Alert on the latest CVEs

Partner channel: @malwr
Download Telegram
🚨 CVE-2026-59709
Ghostfolio's PUT /api/v1/portfolio/holding/:dataSource/:symbol/tags endpoint fails to verify Access.permissions field when processing the Impersonation-Id header, allowing read-only access grantees to modify portfolio holding tags. Attackers with valid read-only share tokens can assign or remove tags on victim holdings, corrupting portfolio categorization and reports.

πŸŽ–@cveNotify
🚨 CVE-2026-59708
The GET /api/v1/public/:accessId/portfolio endpoint in ghostfolio accepts private access IDs without validating granteeUserId filtering, allowing unauthenticated access to full portfolio data. Attackers with a private access ID can retrieve sensitive portfolio information including holdings, quantities, buy prices, and performance metrics without authentication.

πŸŽ–@cveNotify
🚨 CVE-2026-59806
Gradio before 6.20.0 contains an open redirect and server-side request forgery vulnerability that allows attackers to redirect users to arbitrary URLs or perform client-side SSRF by supplying unvalidated HTTP/HTTPS URLs to the file_fetch() function in the /gradio_api/file= endpoint. Attackers can craft a malicious FileData response targeting internal endpoints such as cloud metadata services to retrieve sensitive credentials including EC2 IAM role credentials.

πŸŽ–@cveNotify
🚨 CVE-2026-8650
Relative path traversal vulnerability in Progress MOVEit Transfer (Admin Settings module).

This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3.

πŸŽ–@cveNotify
🚨 CVE-2026-8651
Limited authentication bypass by spoofing vulnerability in Progress MOVEit Transfer (HTTPS module).

This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3.

πŸŽ–@cveNotify
🚨 CVE-2026-8800
Incorrect Authorization vulnerability in Progress MOVEit Transfer (Audit User module).

This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3.

πŸŽ–@cveNotify
🚨 CVE-2026-8801
Path equivalence: vulnerability in Progress MOVEit Transfer (File Upload modules).

This issue affects MOVEit Transfer: before 2025.0.8, from 2025.1.0 before 2025.1.4.

πŸŽ–@cveNotify
🚨 CVE-2026-0288
Multiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent (TSA) component of Palo Alto Networks PAN-OS software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition or potentially execute arbitrary code by sending specially crafted network traffic.

The security risk posed by this issue is minimized when the User-ID Terminal Server Agent connectivity is restricted to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://docs.paloaltonetworks.com/ngfw/help/10-2/user-identification/device-user-identification-terminal-services-agents#:~:text=To%20minimize%20security%20risk%2C%20restrict%20TS%20Agent%20connectivity%20to%20trusted%20internal%20IP%20addresses%20only. .

Panorama is not impacted by this vulnerability.

πŸŽ–@cveNotify
🚨 CVE-2026-58207
NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a client able to send account-scoped connection monitoring requests could crash the server by supplying Connz pagination Offset and Limit values that overflowed internal arithmetic before the response window was safely bounded. This issue is fixed in versions 2.14.3 and 2.12.12.

πŸŽ–@cveNotify
🚨 CVE-2026-58208
NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a WebSocket listener could route requests for the MQTT-over-WebSocket path into MQTT handling even when MQTT was not configured, allowing an unauthenticated client with access to the WebSocket listener to reach uninitialized MQTT state and crash the server process. This issue is fixed in versions 2.14.3 and 2.12.12.

πŸŽ–@cveNotify
🚨 CVE-2026-58211
NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a client could be registered as the configured no_auth_user through a parser path used when the first client operation was not CONNECT, bypassing user-level connection restrictions such as allowed_connection_types or proxy_required that normal authentication would apply. This issue is fixed in versions 2.14.3 and 2.12.12.

πŸŽ–@cveNotify
🚨 CVE-2026-47646
Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Customer Voice allows an unauthorized attacker to perform spoofing over a network.

πŸŽ–@cveNotify
🚨 CVE-2026-60109
Zeek before 8.0.9 contains a null pointer dereference vulnerability in its Kerberos protocol analyzer that allows unauthenticated remote attackers to crash the sensor by sending a crafted KRB_ERROR message with error-code 25 (KDC_ERR_PREAUTH_REQUIRED) containing a PA-DATA element with padata-type 2, 3, 11, or 19. Attackers can exploit a parser and analyzer state mismatch where proc_padata() dereferences an uninitialized pa_data_element field selected by the wrong parsing arm, triggering a crash via a single UDP or TCP packet to port 88 without any credentials or prior authentication.

πŸŽ–@cveNotify
🚨 CVE-2026-59206
n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an authenticated user with the default workflow:create permission could pollute Object.prototype through a crafted workflow saved, updated, or imported via the workflow API, allowing unauthenticated requests to be treated as a privileged user and exposing user and project listing endpoints. This issue is fixed in versions 1.123.61, 2.27.4, and 2.28.1.

πŸŽ–@cveNotify
🚨 CVE-2026-15191
A flaw has been found in mettle sendportal up to 3.0.1. This vulnerability affects unknown code of the file vendor/mettle/sendportal-core/src/Http/Requests/CampaignStoreRequest.php of the component Campaign Creation Endpoint. Executing a manipulation can lead to authorization bypass. The attack can be executed remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

πŸŽ–@cveNotify
🚨 CVE-2026-15192
A vulnerability has been found in mettle sendportal up to 3.0.1. This issue affects the function sendgrid/postmark/postal/mailjet of the component APIv1 Webhooks. The manipulation leads to missing authentication. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

πŸŽ–@cveNotify
🚨 CVE-2026-15193
A vulnerability was determined in AidanPark openclaw-android up to 0.4.0. The affected element is an unknown function of the file android/app/src/main/java/com/openclaw/android/JsBridge.kt of the component Android WebView Bridge. This manipulation causes os command injection. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance.

πŸŽ–@cveNotify
🚨 CVE-2026-15194
A security flaw has been discovered in Open5GS 2.7.7. This affects the function amf_context_final of the file src/amf/context.c of the component AMF. Performing a manipulation results in use after free. The attack is only possible with local access. The exploit has been released to the public and may be used for attacks.

πŸŽ–@cveNotify