2849360 matches found
CVE-2026-59195
pnpm is a package manager. Prior to 10.34.4 and 11.8.0, pnpm accepts package names from the env lockfile configDependencies section and uses those names directly when creating config dependency symlinks under nodemodules/.pnpm-config. A malicious repository can commit a crafted pnpm-lock.yaml who...
CVE-2026-13122
OpenVPN version 2.6.0 through 2.6.20 and 2.7alpha1 through 2.7.4 allows remote attackers to cause a denial of service via a malformed authentication token that triggers a reachable assertion when external-auth is enabled...
Security Bulletin: IBM® Db2® is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling (CVE-2026-10109)
Summary IBM® Db2® is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling. Vulnerability Details CVEID:CVE-2026-10109 DESCRIPTION: IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution due to improper pre-auth DRDA handshak...
CVE-2026-40140 High-Severity Pre-Authentication Vulnerability in BeyondTrust Remote Support and Privileged Remote Access
BeyondTrust Remote Support and Privileged Remote Access contain a high-severity pre-authentication vulnerability in the network communication subsystem. Insufficient validation of client-supplied input may allow an unauthenticated remote attacker to trigger a denial-of-service condition affecting...
CVE-2026-40140
BeyondTrust Remote Support and Privileged Remote Access are affected by CVE-2026-40140, a pre-authentication vulnerability in the network communication subsystem. The issue stems from insufficient validation of client-supplied input, enabling an unauthenticated remote attacker to trigger a denial...
CVE-2026-59195
creationtimestamp| type| source ---|---|--- 2026-07-06 16:13:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpyiac7bhz2h 2026-07-07 09:00:57+00:00| seen| https://bsky.app/profile/hugovalters.bsky.social/post/3mq2akkns5g2g...
EUVD-2026-41887
A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support. Improper processing of authentication requests may allow an unauthenticated remote attacker to bypass access controls and gain unauthorized access to the appliance, including accounts...
EUVD-2026-41886
A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data may allow a network-positioned attacker to bypass access controls and gain unauthorized access to the appliance...
CVE-2026-40138
A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data may allow a network-positioned attacker to bypass access controls and gain unauthorized access to the appliance...
CVE-2026-13708
creationtimestamp| type| source ---|---|--- 2026-07-06 16:06:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpyhtqbcj22n 2026-07-06 16:57:46+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mpykq7ysww2t...
CVE-2026-58203
creationtimestamp| type| source ---|---|--- 2026-07-06 16:04:02+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpyhq5g5xd27...
CVE-2025-53827
creationtimestamp| type| source ---|---|--- 2026-07-06 16:02:09+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpyhmrqo542c 2026-07-06 17:24:05+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mpym7ct5ri23...
CVE-2025-53830
creationtimestamp| type| source ---|---|--- 2026-07-06 16:00:22+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpyhjmgtvk2d 2026-07-06 16:24:04+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mpyity4fct2z...
CVE-2026-59196
creationtimestamp| type| source ---|---|--- 2026-07-06 15:58:42+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpyhgmpw5b27...
CVE-2026-5268
creationtimestamp| type| source ---|---|--- 2026-07-06 15:57:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpyhdrykfp22 2026-07-06 19:26:08+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mpyszhqb762x...
EUVD-2026-41885
Untrusted Java Deserialization in Apache OpenNLP SvmDoccatModel Versions Affected: before 3.0.0-M4 libsvm document categorization module; introduced in OPENNLP-1808 and only present on the 3.x line Description: SvmDoccatModel.deserializeInputStream reads an attacker-controlled stream with...
BIT-PYTHON-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()
Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...
CVE-2026-5268
Technical details about CVE-2026-5268 are not publicly provided in the supplied documents. No affected products, versions, root cause, or remediation are enumerated here. Monitor for updates and additional technical disclosures.
BIT-LIBPYTHON-2026-12003 CPython >3.11 Insecure Input Validation resulting in privilege escalation
To allow builds of Python to be run from an in-tree layout rather than an installed file layout, the VPATH variable is defined at build time and used to locate certain landmarks - specifically, Modules/setup.local. When this landmark is found relative to VPATH relative to the executable, Python...
CVE-2026-59195
CVE-2026-59195 affects pnpm prior to versions 10.34.4 and 11.8.0. The issue arises when pnpm reads package names from the env lockfile’s configDependencies section and uses those names directly to create config dependency symlinks under node_modules/.pnpm-config. A crafted pnpm-lock.yaml with a t...