Logo
Retour à la veille

CVE-2026-20746

Publié : 12 juin 2026
Modifié : 12 juin 2026
Lien officiel NVD

Description détaillée

Virtual attribute handling in Ping Identity PingDirectory in affected versions allows only authorized users to exhaust java memory heap when recent login history is enabled and copying virtual attributes that reference ds-privilege-name values.

Références et Patchs

https://docs.pingidentity.com/pingdirectory/11.0/release_notes/pd_release_notes.html#pingdirectory-suite-of-products-11-0-0-1-march-2026https://support.pingidentity.com/s/article/SECADV052-Denial-of-Service-via-copying-virtual-attributeshttps://www.pingidentity.com/en/resources/downloads/pingdirectory-downloads.html

Dernières Vulnérabilités

CVE-2026-9271

Vulnerability Title

VOIR DÉTAILS

CVE-2026-9269

The Secure Copy Content Protection and Content Locking WordPress plugin before 5.1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

VOIR DÉTAILS

CVE-2026-12060

Heptabase developed by Hepta Platforms has a Exposed Dangerous Method or Function vulnerability, allowing unauthenticated remote attackers to leverage social engineering techniques to trick a victim into opening or loading a malicious webpage within the Heptabase application, thereby gaining unauthorized access to camera and microphone permissions.

VOIR DÉTAILS