๐ด CVE-2026-30884 - Critical (9.6)
mdjnelson/moodle-mod_customcert is a Moodle plugin for creating dynamically generated certificates with complete customization via the web browser. Prior to versions 4.4.9 and 5.0.3, a teacher who holds `mod/customcert:manage` in any single course...
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-30884/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
๐ CVE-2026-32693 - High (8.8)
In Juju from version 3.0.0 through 3.6.18, the authorization of the "secret-set" tool is not performed correctly, which allows a grantee to update the secret content, and can lead to reading or updating other secrets. When the "secret-set" tool lo...
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-32693/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
๐ CVE-2026-32692 - High (7.6)
An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attack...
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-32692/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
๐ CVE-2026-22171 - High (8.2)
OpenClaw versions prior to 2026.2.19 contain a path traversal vulnerability in the Feishu media download flow where untrusted media keys are interpolated directly into temporary file paths in extensions/feishu/src/media.ts. An attacker who can con...
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-22171/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
๐ CVE-2026-29112 - High (7.5)
DiceBear is an avatar library for designers and developers. Prior to version 9.4.0, the `ensureSize()` function in `@dicebear/converter` read the `width` and `height` attributes from the input SVG to determine the output canvas size for rasterizat...
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-29112/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
๐ CVE-2026-30922 - High (7.5)
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a ...
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-30922/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
๐ด CVE-2026-30884 - Critical (9.6)
mdjnelson/moodle-mod_customcert is a Moodle plugin for creating dynamically generated certificates with complete customization via the web browser. Prior to versions 4.4.9 and 5.0.3, a teacher who holds `mod/customcert:manage` in any single course...
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-30884/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
๐ CVE-2026-31891 - High (7.7)
Cockpit is a headless content management system. Any Cockpit CMS instance running version 2.13.4 or earlier with API access enabled is potentially affected by a a SQL Injection vulnerability in the MongoLite Aggregation Optimizer. Any deployment w...
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-31891/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
๐ CVE-2026-31898 - High (8.1)
jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of arguments of the `createAnnotation` method allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsani...
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-31898/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
๐ด CVE-2026-31938 - Critical (9.6)
jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of the `options` argument of the `output` function allows attackers to inject arbitrary HTML (such as scripts) into the browser context the created PDF is open...
๐ https://www.thehackerwire.com/vulnerability/CVE-2026-31938/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
TheHackerWire