AutoGPT 资源管理错误漏洞

AutoGPT is an open-source tool developed by AutoGPT. It aims to make AI accessible and usable for everyone. In versions 0.4.2 to 0.6.51 of AutoGPT, there was a resource management vulnerability. This vulnerability occurred because the downloadagentfile endpoint created temporary files without...

@squawk/airports (>=0.2.0 <=0.6.1), @squawk/airspace (>=0.2.3 <=0.8.0) +7 more potentially affected by unknown CVE via @squawk/units (=0.4.2)

@squawk/units NPM version =0.4.2 is affected by a known vulnerability. The following packages have a transitive dependency on @squawk/units and may be impacted: - @squawk/airports =0.2.0, =0.2.3, =0.2.0, =0.1.0, =0.2.0, =0.3.0, =0.2.0, =0.2.0, =0.2.0, =0.4.1 Source cves: unknown CVE Source...

Astra Linux - уязвимость в ruby2.5

In the CGI gem before version 0.4.2 for Ruby, there is a Regular Expression Denial of Service ReDoS vulnerability in the UtilescapeElement method...

CVE-2026-37538

Buffer overflow vulnerability in socketcand 0.4.2 in file socketcand.c in function main allows attackers to cause a denial of service or other unspecified impacts via crafted busname...

CVE-2026-37538

Buffer overflow vulnerability in socketcand 0.4.2 in file socketcand.c in function main allows attackers to cause a denial of service or other unspecified impacts via crafted busname...

socketcand 安全漏洞

socketcand is a CAN bus network service daemon from the personal developer Jan-Niklas Meier. A security vulnerability exists in socketcand version 0.4.2, which stems from a buffer overflow in the main function in the socketcand.c file, allowing an attacker to cause a denial of service or other...

CVE-2026-37538

Buffer overflow vulnerability in socketcand 0.4.2 in file socketcand.c in function main allows attackers to cause a denial of service or other unspecified impacts via crafted busname...

Amazon Linux 2 : python-jwcrypto, --advisory ALAS2-2026-3254 (ALAS-2026-3254)

The version of python-jwcrypto installed on the remote host is prior to 0.4.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3254 advisory. JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker...

CVE-2026-6998

A vulnerability was detected in BDCOM P3310D 0.4.2 10.1.0F Build 86345. Affected is an unknown function of the component New RMON Statistics Page. The manipulation of the argument Owner results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used...

CVE-2026-6996

A weakness has been identified in BDCOM P3310D 0.4.2 10.1.0F Build 86345. This affects an unknown function of the component rmon event Tab. Executing a manipulation of the argument Description can lead to cross site scripting. The attack may be launched remotely. The exploit has been made availab...

CVE-2026-6997 BDCOM P3310D New RMON History cross site scripting

A security vulnerability has been detected in BDCOM P3310D 0.4.2 10.1.0F Build 86345. This impacts an unknown function of the component New RMON History Page. The manipulation of the argument Owner leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been...

BDCOM P3310D 跨站脚本漏洞

The BDCOM P3310D is an Ethernet switch device designed for access layer networks by the BDCOM company in China. The version BDCOM P3310D 0.4.2 10.1.0F Build 86345 contains a cross-site scripting vulnerability. This vulnerability stems from the operation of the Description parameter in the rmon...

PT-2026-35171

A security vulnerability has been detected in BDCOM P3310D 0.4.2 10.1.0F Build 86345. This impacts an unknown function of the component New RMON History Page. The manipulation of the argument Owner leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been...

built-in-math-eval (>=0.1.0 <=0.3.1), function-plot (>=1.0.0 <=1.14.0) +1 more potentially affected by CVE-2026-41507 via math-codegen (>=0.2.5 <=0.4.2)

math-codegen NPM version =0.2.5, =0.1.0, =1.0.0, =0.2.0, =0.5.2 Source cves: CVE-2026-41507 Source advisory: SNYK:JS-MATHCODEGEN-16420747...

CVE-2026-28207

Zen C is a systems programming language that compiles to human-readable GNU C/C11. Prior to version 0.4.2, a command injection vulnerability CWE-78 in the Zen C compiler allows local attackers to execute arbitrary shell commands by providing a specially crafted output filename via the -o...

CVE-2026-28207

Zen C is a systems programming language that compiles to human-readable GNU C/C11. Prior to version 0.4.2, a command injection vulnerability CWE-78 in the Zen C compiler allows local attackers to execute arbitrary shell commands by providing a specially crafted output filename via the -o...

CVE-2026-28207

Zen C is a systems programming language that compiles to human-readable GNU C/C11. Prior to version 0.4.2, a command injection vulnerability CWE-78 in the Zen C compiler allows local attackers to execute arbitrary shell commands by providing a specially crafted output filename via the -o...

CVE-2026-28207 Zen-C Vulnerable to Command Injection via Malicious Output Filename

Zen C is a systems programming language that compiles to human-readable GNU C/C11. Prior to version 0.4.2, a command injection vulnerability CWE-78 in the Zen C compiler allows local attackers to execute arbitrary shell commands by providing a specially crafted output filename via the -o...

EUVD-2026-8908

Zen C is a systems programming language that compiles to human-readable GNU C/C11. Prior to version 0.4.2, a command injection vulnerability CWE-78 in the Zen C compiler allows local attackers to execute arbitrary shell commands by providing a specially crafted output filename via the -o...

CVE-2026-28207

CVE-2026-28207 (Zen C) : Prior to 0.4.2, Zen C’s compiler could be tricked into executing arbitrary shell commands via a crafted output filename passed to -o. The flaw resided in the main.c logic where a command string was built by concatenating arguments and executed with system(), allowing shel...