Ghost is a Node
Description
Ghost is a Node
AI Analyst Comment
Remediation
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Search and filter 17426 vulnerabilities with AI analyst insights
Ghost is a Node
Ghost is a Node
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
UptimeFlare is a serverless uptime monitoring & status page solution, powered by Cloudflare Workers
UptimeFlare is a serverless uptime monitoring & status page solution, powered by Cloudflare Workers
---METADATA---
VENDOR: UptimeFlare
PRODUCT: UptimeFlare
AFFECTED_VERSIONS: See vendor advisory for affected versions
---END_METADATA---
Description Summary:
UptimeFlare, a monitoring solution powered by Cloudflare Workers, contains a security vulnerability that could impact serverless monitoring operations.
Executive Summary:
A security vulnerability in the UptimeFlare serverless monitoring solution could allow attackers to disrupt monitoring services or access sensitive configuration data.
Vulnerability Details
CVE-ID: CVE-2026-29779
Affected Software: UptimeFlare (Cloudflare Workers based)
Affected Versions: See vendor advisory for affected versions
Vulnerability: UptimeFlare, which utilizes Cloudflare Workers for monitoring, has a vulnerability that could potentially allow an attacker to interfere with its serverless functions. The specific nature of the flaw likely involves improper handling of environment variables or unauthorized access to the status page configuration.
Business Impact
With a CVSS score of 7.5, this vulnerability is considered High severity. Successful exploitation could lead to "false positive" monitoring alerts, the silencing of legitimate downtime notifications, or the exposure of sensitive API keys used for monitoring, directly impacting operational visibility and response times.
Remediation Plan
Immediate Action: Update the UptimeFlare deployment to the latest version and rotate any secrets or API keys stored within the environment.
Proactive Monitoring: Audit Cloudflare Worker execution logs for unauthorized invocations or changes to the monitoring logic.
Compensating Controls: Implement IP whitelisting for the status page administration and use Cloudflare's security features to limit worker execution to trusted sources.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of March 9, 2026, there is no public information indicating active exploitation of this vulnerability. Users of serverless monitoring tools should ensure their configurations are hardened against unauthorized access.
Analyst Recommendation
It is critical to maintain the security of monitoring infrastructure to ensure accurate operational reporting. Administrators should apply the latest UptimeFlare updates and perform a security audit of their Cloudflare Worker configurations immediately to mitigate risk.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
pyLoad is a free and open-source download manager written in Python
pyLoad is a free and open-source download manager written in Python
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In OpenXiangShan NEMU, when Smstateen is enabled, clearing mstateen0
In OpenXiangShan NEMU, when Smstateen is enabled, clearing mstateen0
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
NEMU (OpenXiangShan/NEMU) before v2025
NEMU (OpenXiangShan/NEMU) before v2025
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A local attacker who can execute privileged CSR operations (or can induce firmware to do so) performs carefully crafted reads/writes to menvcfg (e
A local attacker who can execute privileged CSR operations (or can induce firmware to do so) performs carefully crafted reads/writes to menvcfg (e
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in D-Link DWR-M960 1
A vulnerability was found in D-Link DWR-M960 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
OpenClaw versions prior to 2026
OpenClaw versions prior to 2026
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
OpenClaw versions prior to 2026
OpenClaw versions prior to 2026
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in D-Link DWR-M960 1
A vulnerability has been found in D-Link DWR-M960 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
OpenClaw versions prior to 2026
OpenClaw versions prior to 2026
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in D-Link DWR-M960 1
A flaw has been found in D-Link DWR-M960 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in D-Link DWR-M960 1
A vulnerability was detected in D-Link DWR-M960 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security vulnerability has been detected in D-Link DWR-M960 1
A security vulnerability has been detected in D-Link DWR-M960 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in Vaelsys 4
A flaw has been found in Vaelsys 4
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
NetBox versions 4
NetBox versions 4
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A security flaw has been discovered in Tosei Online Store Management System ネット店舗管理システム 1
A security flaw has been discovered in Tosei Online Store Management System ネット店舗管理システム 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
The ProSolution WP Client plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation, enabling potential Remote...
The ProSolution WP Client plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation, enabling potential Remote Code Execution.
---METADATA---
VENDOR: WordPress
PRODUCT: ProSolution WP Client
AFFECTED_VERSIONS: Up to and including 1.9.9
---END_METADATA---
Description Summary:
The ProSolution WP Client plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation, enabling potential Remote Code Execution.
Executive Summary:
A critical arbitrary file upload vulnerability in the ProSolution WP Client plugin allows unauthenticated attackers to achieve Remote Code Execution.
Vulnerability Details
CVE-ID: CVE-2026-2942
Affected Software: WordPress ProSolution WP Client Plugin
Affected Versions: Up to and including 1.9.9
Vulnerability: The proSol_fileUploadProcess function fails to validate file types, allowing unauthenticated attackers to upload malicious files (e.g., PHP scripts) to the server, resulting in Remote Code Execution.
Business Impact
The 9.8 CVSS score reflects the extreme risk of total server compromise. Attackers can upload web shells to gain persistent, unauthorized access to the site, steal data, or deface the website.
Remediation Plan
Immediate Action: Update the ProSolution WP Client plugin to the latest version immediately. If an update is unavailable, deactivate and remove the plugin.
Proactive Monitoring: Scan the site for any unauthorized files in the uploads directory and review server access logs for suspicious requests to uploaded files.
Compensating Controls: Use a WAF to restrict file uploads and block attempts to access or execute scripts in user-writable directories.
Exploitation Status
Public Exploit Available: No
Analyst Notes: As of Apr 8, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Arbitrary file upload vulnerabilities are critical and highly dangerous. Administrators must ensure the plugin is updated immediately to prevent remote attackers from taking control of the WordPress installation.
Update WordPress is vulnerable to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
The Linksy Search and Replace plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'linksy...
The Linksy Search and Replace plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'linksy_search_and_replace_item_details' function in all versions up to, and including, 1
Update WordPress plugin/theme to the latest version. Review WordPress security settings and remove if no longer needed.
A vulnerability was determined in Zaher1307 tiny_web_server up to 8d77b1044a0ca3a5297d8726ac8aa2cf944d481b
A vulnerability was determined in Zaher1307 tiny_web_server up to 8d77b1044a0ca3a5297d8726ac8aa2cf944d481b
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in SourceCodester Student Result Management System 1
A vulnerability has been found in SourceCodester Student Result Management System 1
---METADATA---
VENDOR: SourceCodester
PRODUCT: Student Result Management System
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A vulnerability has been identified in SourceCodester Student Result Management System 1, potentially allowing for unauthorized data access or system manipulation.
Executive Summary:
SourceCodester Student Result Management System 1 is affected by a high-severity vulnerability that puts sensitive academic records and system administrative controls at risk of compromise.
Vulnerability Details
CVE-ID: CVE-2026-2938
Affected Software: SourceCodester Student Result Management System
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability affects version 1 of the Student Result Management System. While the specific mechanism is not detailed, the flaw likely resides in the application's processing of remote requests, potentially allowing an attacker to bypass security controls.
Business Impact
The compromise of a student management system can lead to the unauthorized modification of grades, theft of personally identifiable information (PII), and loss of institutional trust. The CVSS score of 7.3 reflects a high severity, indicating that an exploit could have a major impact on the confidentiality and integrity of the educational database.
Remediation Plan
Immediate Action: Administrators must immediately update the Student Result Management System to the latest patched version to resolve the underlying security flaw.
Proactive Monitoring: Review application logs for any evidence of unauthorized database queries or attempts to bypass the login interface.
Compensating Controls: Restrict access to the management system to internal networks or via a secure VPN to reduce the attack surface available to external threats.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of February 23, 2026, there is no public information indicating active exploitation of this vulnerability. However, given the attractiveness of student data to malicious actors, the risk of a future exploit is considerable.
Analyst Recommendation
Given the high CVSS score and the sensitive nature of the data handled by this product, immediate patching is the only effective solution. Security teams should ensure that all instances of the SourceCodester Student Result Management System are identified and updated without delay.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
The Visitor Traffic Real Time Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'page_title' parameter in all versi...
The Visitor Traffic Real Time Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'page_title' parameter in all versions up to, and including, 8
---METADATA---
VENDOR: WordPress
PRODUCT: Visitor Traffic Real Time Statistics
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
The Visitor Traffic Real Time Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) via the 'page_title' parameter.
Executive Summary:
A Stored Cross-Site Scripting vulnerability in the Visitor Traffic Real Time Statistics plugin allows for malicious script injection, risking administrative session security.
Vulnerability Details
CVE-ID: CVE-2026-2936
Affected Software: WordPress Visitor Traffic Real Time Statistics
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The plugin fails to sanitize the 'page_title' parameter, enabling attackers to store malicious JavaScript on the server. When an administrator views the statistics, the script executes, potentially allowing for unauthorized actions or session theft.
Business Impact
With a CVSS score of 7.2, this vulnerability enables attackers to target site administrators. Successful exploitation could lead to full site control if administrative session cookies are compromised, resulting in significant business impact.
Remediation Plan
Immediate Action: Update the Visitor Traffic Real Time Statistics plugin to the latest version.
Proactive Monitoring: Monitor for anomalous behavior in the WordPress dashboard and review logs for suspicious script activity.
Compensating Controls: Employ a Web Application Firewall (WAF) to filter malicious input in the 'page_title' field.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of April 5, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Immediate patching of this plugin is required. Organizations should ensure that all WordPress plugins are kept up to date to defend against common injection vulnerabilities like XSS.
Update WordPress plugin/theme to the latest version. Review WordPress security settings and remove if no longer needed.
A weakness has been identified in UTT HiPER 810G up to 1
A weakness has been identified in UTT HiPER 810G up to 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
The Amelia Booking plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 9
The Amelia Booking plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 9
Update WordPress plugin/theme to the latest version. Review WordPress security settings and remove if no longer needed.
A vulnerability was determined in D-Link DWR-M960 1
A vulnerability was determined in D-Link DWR-M960 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was found in D-Link DWR-M960 1
A vulnerability was found in D-Link DWR-M960 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability has been found in D-Link DWR-M960 1
A vulnerability has been found in D-Link DWR-M960 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A flaw has been found in D-Link DWR-M960 1
A flaw has been found in D-Link DWR-M960 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was detected in D-Link DWR-M960 1
A vulnerability was detected in D-Link DWR-M960 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution Vulnerability
GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution Vulnerability
Apply security patches immediately for internet-facing systems. Monitor for exploitation attempts and review access logs.
Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz via Content component operations
Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz via Content component operations
---METADATA---
VENDOR: Apache
PRODUCT: OFBiz
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
CONFIDENCE: medium
MISSING: patch, technical_details
---END_METADATA---
Description Summary:
A Server-Side Request Forgery (SSRF) vulnerability exists in the Apache OFBiz Content component, potentially allowing unauthorized network requests.
Executive Summary:
A Server-Side Request Forgery vulnerability in Apache OFBiz poses a significant risk of unauthorized internal network interaction and data exposure.
Vulnerability Details
CVE-ID: CVE-2026-29226
Affected Software: Apache OFBiz
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This SSRF vulnerability occurs within the Content component operations, allowing an attacker to force the server to perform unauthorized requests to internal or external resources. The authentication requirement is currently unspecified, necessitating a review of the vendor’s security bulletin for access requirements.
Business Impact
Successful exploitation of this SSRF flaw could allow attackers to bypass perimeter security, probe internal network segments, or access sensitive services restricted to the local network. With a CVSS score of 7.3, this vulnerability represents a High risk, as it could lead to unauthorized data access or the exposure of internal infrastructure configurations.
Remediation Plan
Immediate Action: Monitor the Apache OFBiz security advisory page for the release of a patched version and apply updates immediately upon availability.
Proactive Monitoring: Review web server and application logs for unusual outbound requests originating from the OFBiz server, particularly those targeting internal IP addresses or sensitive local ports.
Compensating Controls: Implement strict egress filtering on the host firewall to restrict the server's ability to initiate unauthorized connections to internal network segments.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of May 20, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the severity of SSRF vulnerabilities in enterprise resource planning software, organizations should prioritize monitoring their OFBiz instances. It is critical to apply the official vendor patch as soon as it is released to mitigate the risk of internal network reconnaissance and potential data breaches.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
GStreamer RealMedia Demuxer Out-Of-Bounds Write Remote Code Execution Vulnerability
GStreamer RealMedia Demuxer Out-Of-Bounds Write Remote Code Execution Vulnerability
Apply security patches immediately for internet-facing systems. Monitor for exploitation attempts and review access logs.
GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability
GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability
Apply security patches immediately for internet-facing systems. Monitor for exploitation attempts and review access logs.
Incorrect privileges management and insufficient path filtering allow to read arbitrary file on the server via the cpdavd attachment download endpoint...
Incorrect privileges management and insufficient path filtering allow to read arbitrary file on the server via the cpdavd attachment download endpoints
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Insufficient ownership check in `clientarea.php` allows an authenticated client area user to submit requests using another user’s `addonId` without an...
Insufficient ownership check in `clientarea.php` allows an authenticated client area user to submit requests using another user’s `addonId` without any ownership validation leading to unauthorized access to the victim's account.
---METADATA---
VENDOR: HP
PRODUCT: Multiple Products
AFFECTED_VERSIONS: See vendor advisory
CONFIDENCE: medium
MISSING: versions, patch, exploit_status, technical_details
---END_METADATA---
Description Summary:
HP products are affected by an insufficient ownership check in clientarea.php, allowing authenticated users to access other accounts by manipulating the addonId parameter.
Executive Summary:
An insufficient ownership check within HP software allows authenticated users to access other accounts, resulting in unauthorized data exposure.
Vulnerability Details
CVE-ID: CVE-2026-29204
Affected Software: HP Multiple Products
Affected Versions: See vendor advisory
Vulnerability: This is an authorization bypass vulnerability located in clientarea.php. It allows an authenticated user to submit requests using another user’s addonId without validation, successfully leading to unauthorized access.
Business Impact
The CVSS score of 9.1 underscores the risk of unauthorized account access, which can lead to significant data breaches and privacy violations. This vulnerability allows attackers to bypass logical security boundaries, potentially exposing sensitive client or business information and causing substantial reputational damage.
Remediation Plan
Immediate Action: Apply the latest vendor security updates to all affected HP software deployments to enforce proper ownership validation.
Proactive Monitoring: Review application logs for suspicious activity, specifically looking for users attempting to access addonId values that do not belong to their own authenticated session.
Compensating Controls: If a patch is unavailable, restrict access to the affected clientarea.php functionality via web application controls or internal access policies until remediation is complete.
Exploitation Status
Public Exploit Available: Not specified
Analyst Notes: As of May 12, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
This vulnerability represents a significant breakdown in authorization logic that must be addressed immediately. IT administrators should verify the versioning of their HP installations and apply the necessary patches provided by the vendor to prevent unauthorized account access.
Update HP Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing setting root permissions on arbitrary system files or dire...
A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing setting root permissions on arbitrary system files or directories
---METADATA---
VENDOR: cPanel
PRODUCT: Nova Plugin
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A symlink vulnerability in the cPanel Nova plugin's Cpanel::Nova::Connector allows for unauthorized modification of system file permissions.
Executive Summary:
A critical symlink vulnerability in the cPanel Nova plugin enables unauthorized modification of sensitive system files, potentially leading to full administrative takeover.
Vulnerability Details
CVE-ID: CVE-2026-29203
Affected Software: cPanel Nova Plugin (Cpanel::Nova::Connector)
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability exists due to a chmod call in the Cpanel::Nova::Connector that fails to properly handle symlinks. This allows an attacker to manipulate system file permissions, including those of sensitive root-owned files or directories.
Business Impact
A CVSS score of 8.8 underscores the gravity of this issue, as it permits attackers to override system security configurations. Exploiting this flaw can lead to unauthorized data access, privilege escalation, and the potential for complete system takeover by altering critical configuration files.
Remediation Plan
Immediate Action: Apply the vendor-provided security patch for the cPanel Nova plugin immediately to resolve the symlink handling error.
Proactive Monitoring: Monitor for unexpected changes to file permissions on critical system directories and review logs for any unauthorized use of the Nova connector.
Compensating Controls: Ensure that the web server process runs with the least privilege necessary and utilize file integrity monitoring (FIM) tools to detect unauthorized modifications.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of May 10, 2026, there is no public information indicating active exploitation of this vulnerability. However, the risk of arbitrary permission modification makes this a critical security concern for server infrastructure.
Analyst Recommendation
This vulnerability represents a significant risk to server integrity. Administrators must prioritize updating the cPanel Nova plugin to prevent attackers from leveraging this flaw to gain unauthorized administrative permissions on the server.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Insufficient input validation of the `plugin` parameter of the `create_user` plugin allows arbitrary Perl code execution on behalf of the already auth...
Insufficient input validation of the `plugin` parameter of the `create_user` plugin allows arbitrary Perl code execution on behalf of the already authenticated account's system user
---METADATA---
VENDOR: cPanel
PRODUCT: Nova Plugin
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
Insufficient input validation in the cPanel Nova plugin's create_user function allows for arbitrary Perl code execution.
Executive Summary:
A critical vulnerability in the cPanel Nova plugin allows authenticated users to execute arbitrary Perl code, leading to potential full system compromise.
Vulnerability Details
CVE-ID: CVE-2026-29202
Affected Software: cPanel Nova Plugin
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability stems from insufficient input validation of the plugin parameter within the create_user function. This flaw allows an authenticated account holder to execute arbitrary Perl code with the privileges of the system user running the plugin.
Business Impact
With a CVSS score of 8.8, this vulnerability poses a severe threat to hosting environments. Successful exploitation allows for privilege escalation and arbitrary code execution, enabling an attacker to gain full control over the server and access all hosted data.
Remediation Plan
Immediate Action: Update the cPanel Nova plugin to the latest vendor-provided version that includes the input validation patch.
Proactive Monitoring: Inspect system logs for unexpected execution of Perl scripts or anomalous processes initiated by the cPanel user.
Compensating Controls: Temporarily disable the create_user functionality within the Nova plugin if a patch cannot be immediately deployed.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of May 10, 2026, there is no public information indicating active exploitation of this vulnerability. However, the ability to execute code on the host system makes this a high-priority target for attackers.
Analyst Recommendation
The severity of this remote code execution flaw requires immediate patching. Administrators should audit their cPanel environments for the presence of the Nova plugin and ensure all updates are applied to mitigate the risk of server-wide compromise.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution Vulnerability
GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution Vulnerability
Apply security patches immediately for internet-facing systems. Monitor for exploitation attempts and review access logs.
phpBB before 3
phpBB before 3
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A NoSQL injection vulnerability in Rocket.Chat allows unauthenticated attackers to perform account takeovers of the first user when a specific OAuth c...
A NoSQL injection vulnerability in Rocket.Chat allows unauthenticated attackers to perform account takeovers of the first user when a specific OAuth configuration is present.
---METADATA---
VENDOR: Rocket.Chat
PRODUCT: Rocket.Chat
AFFECTED_VERSIONS: <8.3.0, <8.2.1, <8.1.2, <8.0.3, <7.13.5, <7.12.6, <7.11.6, <7.10.9
---END_METADATA---
Description Summary:
A NoSQL injection vulnerability in Rocket.Chat allows unauthenticated attackers to perform account takeovers of the first user when a specific OAuth configuration is present.
Executive Summary:
A critical NoSQL injection vulnerability in Rocket.Chat poses a severe risk of unauthorized account takeover, potentially granting attackers full administrative control over the platform.
Vulnerability Details
CVE-ID: CVE-2026-29198
Affected Software: Rocket.Chat
Affected Versions: <8.3.0, <8.2.1, <8.1.2, <8.0.3, <7.13.5, <7.12.6, <7.11.6, <7.10.9
Vulnerability: This is a NoSQL injection vulnerability occurring within the application's OAuth handling logic. The flaw allows unauthenticated remote attackers to manipulate database queries to gain unauthorized access to user accounts.
Business Impact
The exploitation of this vulnerability carries a critical business impact, as evidenced by its 9.8 CVSS score. Successful execution allows for account takeover, leading to potential data breaches, unauthorized disclosure of sensitive internal communications, and a complete compromise of the platform's integrity.
Remediation Plan
Immediate Action: Upgrade Rocket.Chat instances to the latest patched version immediately to remediate the injection vector.
Proactive Monitoring: Review authentication logs for unusual login patterns or multiple failed attempts targeting administrative or high-privileged accounts.
Compensating Controls: Deploy a Web Application Firewall (WAF) with updated rulesets configured to detect and block common NoSQL injection patterns targeting OAuth endpoints.
Exploitation Status
Public Exploit Available: No
Analyst Notes: As of Apr 23, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the ease of access and the severity of an account takeover, the potential for exploitation is high.
Analyst Recommendation
Given the critical nature of this vulnerability and the potential for full account takeover, administrators must prioritize patching. Failure to update leaves the organization vulnerable to credential theft and lateral movement within the environment.
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
ZITADEL is an open source identity management platform
ZITADEL is an open source identity management platform
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
ZITADEL is an open source identity management platform
ZITADEL is an open source identity management platform
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A critical XSS vulnerability in the Zitadel login V2 interface's /saml-post endpoint could lead to unauthorized account takeovers.
A critical XSS vulnerability in the Zitadel login V2 interface's /saml-post endpoint could lead to unauthorized account takeovers.
---METADATA---
VENDOR: Zitadel
PRODUCT: Zitadel Identity Management Platform
AFFECTED_VERSIONS: 4.0.0 to 4.11.1
---END_METADATA---
Description Summary:
A critical XSS vulnerability in the Zitadel login V2 interface's /saml-post endpoint could lead to unauthorized account takeovers.
Executive Summary:
Zitadel is vulnerable to a high-severity Cross-Site Scripting (XSS) attack that could allow attackers to hijack user sessions and take over accounts.
Vulnerability Details
CVE-ID: CVE-2026-29191
Affected Software: Zitadel
Affected Versions: 4.0.0 to 4.11.1
Vulnerability: The flaw is located in the /saml-post endpoint of the Login V2 interface. An attacker can inject malicious scripts into the SAML response, which are then executed in the context of the victim's session, potentially leading to account takeover.
Business Impact
As an identity management platform, a compromise of Zitadel has cascading effects across all integrated applications. An account takeover of an administrator could result in total control over user identities and access rights. The CVSS score of 9.3 reflects the critical impact on the organization's authentication infrastructure.
Remediation Plan
Immediate Action: Update Zitadel to version 4.12.0 or higher to patch the vulnerable SAML endpoint.
Proactive Monitoring: Monitor for unusual SAML assertions or suspicious activity on the /saml-post endpoint, particularly involving script tags or unexpected redirects.
Compensating Controls: Implement a strong Content Security Policy (CSP) to mitigate the impact of XSS vulnerabilities by restricting the execution of unauthorized scripts.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of Mar 7, 2026, there is no public information indicating active exploitation. However, XSS in an authentication flow is a high-value target for sophisticated actors.
Analyst Recommendation
Apply the 4.12.0 update immediately. Identity providers are high-value targets; ensuring the integrity of the login interface is essential for maintaining the security of the entire enterprise application ecosystem.
Update Zitadel Multiple Products to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
OpenEMR is a free and open source electronic health records and medical practice management application
OpenEMR is a free and open source electronic health records and medical practice management application
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Backstage is an open framework for building developer portals
Backstage is an open framework for building developer portals
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
SiYuan versions prior to 3.5.9 contain an unauthenticated reflected XSS vulnerability in the dynamic icon API endpoint, allowing JavaScript execution...
SiYuan versions prior to 3.5.9 contain an unauthenticated reflected XSS vulnerability in the dynamic icon API endpoint, allowing JavaScript execution via crafted SVG outputs.
---METADATA---
VENDOR: SiYuan
PRODUCT: SiYuan
AFFECTED_VERSIONS: Prior to version 3.5.9
---END_METADATA---
Description Summary:
SiYuan versions prior to 3.5.9 contain an unauthenticated reflected XSS vulnerability in the dynamic icon API endpoint, allowing JavaScript execution via crafted SVG outputs.
Executive Summary:
A critical unauthenticated reflected cross-site scripting (XSS) vulnerability in SiYuan allows remote attackers to execute arbitrary JavaScript and exfiltrate sensitive user data.
Vulnerability Details
CVE-ID: CVE-2026-29183
Affected Software: SiYuan Knowledge Management System
Affected Versions: Prior to version 3.5.9
Vulnerability: This flaw exists in the GET /api/icon/getDynamicIcon endpoint when the type parameter is set to 8. An unauthenticated attacker can provide malicious content that is embedded into an SVG output without proper escaping, leading to JavaScript execution in the context of the user's web session.
Business Impact
A successful exploit allows an attacker to perform actions on behalf of a logged-in user, potentially leading to the full compromise of the personal knowledge management system. With a CVSS score of 9.3, the risk is critical as it can result in the exfiltration of sensitive private notes, research, and authentication tokens, causing significant privacy breaches and data loss.
Remediation Plan
Immediate Action: Administrators and individual users must update SiYuan to version 3.5.9 or later immediately to patch the vulnerable API endpoint.
Proactive Monitoring: Security teams should review web server logs for suspicious requests to the /api/icon/getDynamicIcon endpoint, specifically looking for unusual characters or script tags in the query parameters.
Compensating Controls: Implementing a strict Content Security Policy (CSP) that restricts script execution and object-src can help mitigate the impact of XSS vulnerabilities if updates cannot be applied instantly.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of March 6, 2026, there is no public information indicating active exploitation of this vulnerability. However, because the flaw is unauthenticated and can be triggered via a simple URL, the likelihood of exploitation is extremely high once the technical details are widely known.
Analyst Recommendation
The severity of this reflected XSS vulnerability cannot be overstated given its unauthenticated nature and the sensitive data typically stored within SiYuan. It is highly recommended that all users apply the version 3.5.9 update immediately to protect their data from unauthorized exfiltration and session hijacking.
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Craft Commerce is an ecommerce platform for Craft CMS
Craft Commerce is an ecommerce platform for Craft CMS
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Craft Commerce is an ecommerce platform for Craft CMS
Craft Commerce is an ecommerce platform for Craft CMS
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2
A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
---METADATA---
VENDOR: Ghost Foundation
PRODUCT: Ghost
AFFECTED_VERSIONS: See vendor advisory for affected versions
---END_METADATA---
Description Summary:
A security vulnerability has been identified in the Ghost Node.js content management system that may impact system integrity.
Executive Summary:
The Ghost content management system is vulnerable to a security flaw that could allow attackers to compromise the Node.js-based application environment.
Vulnerability Details
CVE-ID: CVE-2026-29784
Affected Software: Ghost Foundation Ghost
Affected Versions: See vendor advisory for affected versions
Vulnerability: This vulnerability affects the Ghost CMS, a Node.js-based platform. While the specific technical mechanism is not fully detailed in the summary, the CVSS score suggests a significant flaw, likely related to improper input handling or a vulnerability in the underlying Node.js integration.
Business Impact
Successful exploitation could lead to unauthorized access to the CMS backend or the underlying server, potentially resulting in the defacement of websites or the theft of sensitive subscriber data. The CVSS score of 7.5 justifies a High severity rating, as it represents a significant risk to the availability and confidentiality of the hosted content.
Remediation Plan
Immediate Action: Update the Ghost CMS installation to the latest stable version to incorporate the necessary security fixes.
Proactive Monitoring: Review application logs for unusual administrative logins or unauthorized changes to site content and configurations.
Compensating Controls: Implement a robust Web Application Firewall (WAF) to detect and block common Node.js exploitation patterns and enforce strong multi-factor authentication for all users.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of March 9, 2026, there is no public information indicating active exploitation of this vulnerability. Security teams should remain vigilant as CMS platforms are frequent targets for automated exploitation scripts.
Analyst Recommendation
Maintaining an up-to-date CMS is critical for protecting web-facing assets. We recommend that administrators apply the latest Ghost updates immediately to mitigate the risk of unauthorized access and ensure the security of their digital publishing platform.