Vuldb Updates

A vulnerability was found in Netty. It has been classified as problematic. Affected is an unknown function. The manipulation leads to allocation of resources. This vulnerability is referenced as CVE-2026-50560. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.

A vulnerability categorized as critical has been discovered in M2Team NanaZip up to 3.0.1000.0/6.0.1698.0/6.5.1742.0. Affected by this vulnerability is the function CByteBuffer::CopyFrom of the component Image Parser. Such manipulation leads to out-of-bounds read. This vulnerability is referenced as CVE-2026-47223. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability labeled as problematic has been found in parse-community parse-server up to 9.9.1-alpha.4. Affected is an unknown function of the component Password Endpoint. Such manipulation leads to information disclosure. This vulnerability is listed as CVE-2026-53725. The attack may be performed from remote. There is no available exploit. The affected component should be upgraded.

A vulnerability has been found in MariaDB Server up to 11.4.10/11.8.6/12.3.1 and classified as problematic. The affected element is an unknown function. Performing a manipulation results in incorrect authorization. This vulnerability is known as CVE-2026-44169. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

A vulnerability described as critical has been identified in Koel up to 9.3.4. Affected by this issue is the function Http::sink of the component DNS Resolution Handler. Executing a manipulation can lead to server-side request forgery. This vulnerability is registered as CVE-2026-47260. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is recommended.

A vulnerability classified as problematic has been found in Discourse up to 2026.1.3/2026.3.0/2026.4.0. This vulnerability affects unknown code of the file name/logs.json of the component SMTP Password Handler. This manipulation causes information disclosure. This vulnerability is tracked as CVE-2026-44784. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability has been found in Discourse up to 2026.1.3/2026.3.0/2026.4.0 and classified as problematic. The impacted element is an unknown function of the component Setting Handler. The manipulation leads to information disclosure. This vulnerability is documented as CVE-2026-47264. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability classified as critical has been found in apostrophecms apostrophe up to 3.6.0. This issue affects some unknown processing. Performing a manipulation results in os command injection. This vulnerability was named CVE-2026-42853. The attack needs to be approached locally. There is no available exploit.

A vulnerability described as problematic has been identified in nezhahq nezha up to 2.0.7. The impacted element is the function Send of the file /api/v1/notification. Such manipulation leads to incorrect authorization. This vulnerability is listed as CVE-2026-46717. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability has been found in HashThemes Hash Elements Plugin up to 1.5.4 on WordPress and classified as problematic. This affects an unknown part. Performing a manipulation results in exposure of sensitive system information to an unauthorized control sphere. This vulnerability is cataloged as CVE-2026-24618. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as critical was found in apostrophecms apostrophe up to 4.29.0. Impacted is an unknown function of the component Reset Handler. Executing a manipulation can lead to weak password recovery. The identification of this vulnerability is CVE-2026-45013. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Mattermost up to 10.11.15/10.11.16/11.5.4/11.6.1/11.6.x. The impacted element is an unknown function of the component Role Patch API. Such manipulation leads to incorrect authorization. This vulnerability is uniquely identified as CVE-2026-6739. The attack can be launched remotely. No exploit exists. You should upgrade the affected component.

A vulnerability was found in nezhahq nezha up to 2.0.13 and classified as problematic. This affects an unknown part of the component GET Request Handler. Such manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2026-49396. The attack may be launched remotely. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability has been found in Mattermost up to 10.11.15/10.11.16/11.5.4/11.6.1/11.6.x and classified as critical. This affects an unknown function of the component Shared Channel Handler. Performing a manipulation of the argument filename results in path traversal. This vulnerability was named CVE-2026-6961. The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.

A vulnerability classified as critical has been found in SimpleHelp up to 5.5.15/6.0 RC1. Affected is an unknown function of the component Multi-Factor Authentication. Performing a manipulation results in improper verification of cryptographic signature. This vulnerability is reported as CVE-2026-48558. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in Grafana Operator up to 5.23.0. The affected element is an unknown function. Executing a manipulation can lead to path traversal. This vulnerability is handled as CVE-2026-11769. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability, which was classified as problematic, has been found in Vmware Spring Web Services up to 3.1.8/4.0.18/4.1.3/5.0.1. The affected element is an unknown function. The manipulation leads to risky cryptographic algorithm. This vulnerability is listed as CVE-2026-40996. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability was found in Vmware Spring Web Services up to 3.1.8/4.0.18/4.1.3/5.0.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality. Executing a manipulation can lead to improper authentication. This vulnerability appears as CVE-2026-40995. The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability has been found in Vmware Spring Web Services up to 3.1.8/4.0.18/4.1.3/5.0.1 and classified as critical. This affects an unknown function. This manipulation causes insecure default initialization of resource. This vulnerability is registered as CVE-2026-40994. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

A vulnerability was found in Google Chrome on Linux. It has been declared as critical. This affects an unknown function of the component Codecs. The manipulation results in out-of-bounds write. This vulnerability was named CVE-2026-12019. The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.