312 matches found
CVE-2026-10152
A vulnerability was detected in TaleLin lin-cms-spring-boot up to 0.2.1. This issue affects some unknown processing of the file src/main/java/io/github/talelin/latticy/controller/v1/BookController.java of the component book Endpoint. The manipulation results in improper access controls. The attac...
CVE-2026-49139
Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the Microsoft Teams channel handler that allows remote attackers to exfiltrate Bot Framework bearer tokens by supplying a forged activity with an attacker-controlled serviceUrl value. Attackers can poison the...
CVE-2026-49139
Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the Microsoft Teams channel handler that allows remote attackers to exfiltrate Bot Framework bearer tokens by supplying a forged activity with an attacker-controlled serviceUrl value. Attackers can poison the...
CVE-2026-49138 Nanobot < 0.2.1 SSRF via web_fetch Tool Redirect Following
Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the webfetch tool that allows remote attackers to reach internal or private network hosts by supplying a URL that redirects to a loopback or private address via a 3xx Location header. Attackers can exploit the...
PT-2026-45560
Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the web fetch tool that allows remote attackers to reach internal or private network hosts by supplying a URL that redirects to a loopback or private address via a 3xx Location header. Attackers can exploit the...
WordPress Query Shortcode plugin <= 0.2.1 - Authenticated (Contributor+) Local File Inclusion vulnerability
Authenticated Contributor+ Local File Inclusion vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Query Shortcode versions = 0.2.1...
CVE-2026-9200 Query Shortcode <= 0.2.1 - Authenticated (Contributor+) Local File Inclusion via 'lens' Shortcode Attribute
The Query Shortcode plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.2.1 via the shortcode function. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary .php files on the...
CVE-2026-9200 Query Shortcode <= 0.2.1 - Authenticated (Contributor+) Local File Inclusion via 'lens' Shortcode Attribute
The Query Shortcode plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.2.1 via the shortcode function. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary .php files on the...
[SECURITY] Fedora 43 Update: rust-eif_build-0.2.1-7.fc43
This CLI tool provides a low level path to assemble an enclave image format EIF file used in AWS Nitro Enclaves...
CVE-2026-9133
Active debug code exists in the ARN resolver of amazon-mq rabbitmq-aws before version 0.2.1. A debug ARN scheme arn:aws-debug:file accepted by the PUT /api/aws/arn/validate validation endpoint might allow remote authenticated users to perform arbitrary file reads on any file accessible to the...
EUVD-2026-31181
Active debug code exists in the ARN resolver of amazon-mq rabbitmq-aws before version 0.2.1. A debug ARN scheme arn:aws-debug:file accepted by the PUT /api/aws/arn/validate validation endpoint might allow remote authenticated users to perform arbitrary file reads on any file accessible to the...
CVE-2026-9133 Arbitrary file read in rabbitmq-aws plugin
Active debug code exists in the ARN resolver of amazon-mq rabbitmq-aws before version 0.2.1. A debug ARN scheme arn:aws-debug:file accepted by the PUT /api/aws/arn/validate validation endpoint might allow remote authenticated users to perform arbitrary file reads on any file accessible to the...
CVE-2026-9133
CVE-2026-9133 affects the rabbitmq-aws plugin’s ARN resolver. Active debug code enables a debug ARN scheme (arn:aws-debug:file) that is accepted by PUT /api/aws/arn/validate, allowing remote authenticated users to perform arbitrary file reads on files accessible to the RabbitMQ process. This issu...
CVE-2026-44368
PyQuorum is a cryptographic library for secret sharing and key management. Prior to 0.2.1, the mulmod function implements multiplication via a binary expansion loop whose execution time depends on the Hamming weight of the second operand the exponent. An attacker who can measure the time of...
CVE-2026-44368
PyQuorum is a cryptographic library for secret sharing and key management. Prior to 0.2.1, the mulmod function implements multiplication via a binary expansion loop whose execution time depends on the Hamming weight of the second operand the exponent. An attacker who can measure the time of...
CVE-2026-44368 PyQuorum: Timing side‑channel in mul_mod
PyQuorum is a cryptographic library for secret sharing and key management. Prior to 0.2.1, the mulmod function implements multiplication via a binary expansion loop whose execution time depends on the Hamming weight of the second operand the exponent. An attacker who can measure the time of...
CVE-2026-44368
PyQuorum is a cryptographic library for secret sharing and key management. Prior to 0.2.1, the mulmod function implements multiplication via a binary expansion loop whose execution time depends on the Hamming weight of the second operand the exponent. An attacker who can measure the time of...
Timing Attack
Overview pyquorum is a Cryptographic library for secret sharing and key management, powered by Rust Affected versions of this package are vulnerable to Timing Attack via mulmod function implements multiplication via a binary expansion loop whose execution time depends on the Hamming weight of the...
Off-by-one Error
Overview Affected versions of this package are vulnerable to Off-by-one Error in the suffixtrie process. An attacker can bypass domain filtering by altering the first character of a domain name, allowing unauthorized access to restricted domains. Remediation Upgrade...
GHSA-CRH9-3GJH-M6GC api-lab-mcp vulnerable to SSRF
A weakness has been identified in atototo api-lab-mcp up to 0.2.1. This affects the function analyzeapispec/generatetestscenarios/testhttpendpoint of the file src/mcp/http-server.ts of the component HTTP Interface. This manipulation of the argument source/url causes server-side request forgery. T...