6.5
CVE-2026-34787 - Emlog: Local File Inclusion in plugin.php via unsanitized plugin parameter
Emlog is an open source website building system. In versions 2.6.2 and prior, a Local File Inclusion (LFI) vulnerability exists in admin/plugin.php at line 80. The $plugin parameter from the GET request is directly used in a require_once path without proper sanitization. If the CSRF token check can…
7.2
CVE-2026-34607 - Emlog: Path Traversal in emUnZip() allows arbitrary file write leading to RCE
Emlog is an open source website building system. In versions 2.6.2 and prior, a path traversal vulnerability exists in the emUnZip() function (include/lib/common.php:793). When extracting ZIP archives (plugin/template uploads, backup imports), the function calls $zip->extractTo($path) without sanit…
6.1
CVE-2026-34229 - Emlog: Stored XSS in Comment Module via URI Scheme Validation Bypass
Emlog is an open source website building system. Prior to version 2.6.8, there is a stored cross-site scripting (XSS) vulnerability in emlog comment module via URI scheme validation bypass. This issue has been patched in version 2.6.8.
8.7
CVE-2026-34228 - Emlog: CSRF in Backend Upgrade Interface Leading to Arbitrary Remote SQL Execution and Arbitrary Fi…
Emlog is an open source website building system. Prior to version 2.6.8, the backend upgrade interface accepts remote SQL and ZIP URLs via GET parameters. The server first downloads and executes the SQL file, then downloads the ZIP file and extracts it directly into the web root directory. This pro…
7.7
CVE-2017-20238 - Hirschmann Industrial HiVision Improper Authorization Privilege Escalation
Hirschmann Industrial HiVision versions 06.0.00 and 07.0.00 prior to 06.0.06 and 07.0.01 contains an improper authorization vulnerability that allows read-only users to gain write access to managed devices by bypassing access control mechanisms. Attackers can exploit alternative interfaces such as …
5.3
CVE-2026-35468 - nimiq/core-rs-albatross: Panic in history index request handlers when a full node runs without the …
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, two peer-facing consensus request handlers assume that the history index is always available and call blockchain.history_store.history_index().un…
7.5
CVE-2026-33184 - nimiq/core-rs-albatross: Discovery handshake limit could underflow and later provoke a deterministi…
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, the discovery handler accepts a peer-controlled limit during handshake and stores it unchanged. The immediate HandshakeAck path then honors limit…
4.9
CVE-2026-34061 - nimiq/core-rs-albatross: Macro block proposal interlink bug
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an elected validator proposer can send an election macro block whose header.interlink does not match the canonical next interlink. Honest validat…
5.9
CVE-2026-34052 - LTI JupyterHub Authenticator: Unbounded Memory Growth via Nonce Storage (Denial of Service)
LTI JupyterHub Authenticator is a JupyterHub authenticator for LTI. Prior to version 1.6.3, the LTI 1.1 validator stores OAuth nonces in a class-level dictionary that grows without bounds. Nonces are added before signature validation, so an attacker with knowledge of a valid consumer key can send r…
5.1
CVE-2026-33709 - JupyterHub has an Open Redirect Vulnerability
JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to version 5.4.4, an open redirect vulnerability in JupyterHub allows attackers to construct links which, when clicked, take users to the JupyterHub login page, after which they are sent to an arbitrar…