NuytsTech Security

NuytsTech Security

CVE-2026-5795

In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two ThreadLocal variable. Upon returning from the initial checks, there are conditions that cause an early return from the JASPIAuthenticator code without...

CVE-2026-35023

Wimi Teamwork On-Premises versions prior to 8.2.0 contain an insecure direct object reference vulnerability in the preview.php endpoint where the item_id parameter lacks proper authorization checks. Attackers can enumerate sequential item_id values to access and...

CVE-2026-31411

In the Linux kernel, the following vulnerability has been resolved: net: atm: fix crash due to unvalidated vcc pointer in sigd_send() Reproducer available at [1]. The ATM send path (sendmsg -> vcc_sendmsg -> sigd_send)...

CVE-2026-2509

The Page Builder: Pagelayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget’s Custom Attributes field in all versions up to, and including, 2.0.8. This is due to an incomplete...

CVE-2026-5600

A new API endpoint introduced in pretix 2025 that is supposed to return all check-in events of a specific event in fact returns all check-in events belonging to the respective organizer. This allows an...

CVE-2026-5302

CORS misconfiguration in CoolerControl/coolercontrold

CVE-2026-5301

Stored XSS in log viewer in CoolerControl/coolercontrol-ui

CVE-2026-5300

Unauthenticated functionality in CoolerControl/coolercontrold

CVE-2026-28261

Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, versions prior to 4.1.0.3 and version 4.2.0.0, contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access...

CVE-2026-27102

Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 through 9.13.0.1, contains an incorrect privilege assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges. More information...

CVE-2026-24511

Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 through 9.13.0.0, contains a generation of error message containing sensitive information vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information...

CVE-2026-5208

Command injection in alerts in CoolerControl/coolercontrold

CVE-2026-3396

WCAPF – WooCommerce Ajax Product Filter plugin is vulnerable to time-based SQL Injection via the ‘post-author’ parameter in all versions up to, and including, 4.2.3 due to insufficient escaping on the user supplied parameter...

CVE-2026-3243

The Advanced Members for ACF plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the create_crop function in all versions up to, and including, 1.2.5. This makes...