CVE-2026-45686

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, a remotely reachable integer overflow in OBI's memcached text protocol parser can crash the OBI process and cause denial of service. When parsing...

CVE-2026-45667 Open WebUI: Unauthenticated endpoint can trigger embedding generation (cost/DoS)

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, GET /api/v1/memories/ef is accessible without authentication and executes request.app.state.EMBEDDINGFUNCTION.... This allows any unauthenticated caller to trigger embedding generati...

CVE-2026-34933 affecting package avahi for versions less than 0.8-8

CVE-2026-34933 affecting package avahi for versions less than 0.8-8. A patched version of the package is available...

openwebui-token-tracking (>=0.1.7 <=0.1.10), sillikalm (>=0.1.0 <=0.1.5) potentially affected by CVE-2026-44553 via open-webui (>=0.6.0 <=0.8.8)

open-webui PYPI version =0.6.0, =0.1.7, =0.1.0, =0.1.5 Source cves: CVE-2026-44553 Source advisory: SNYK:PYTHON-OPENWEBUI-16599150...

Apache Atlas has a Code Injection Vulnerability

Description: Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Atlas. Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within grammar-allowed characters to access unintended data. Affected...

GHSA-35XX-9XRG-GWHF Apache Atlas has a Code Injection Vulnerability

Description: Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Atlas. Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within grammar-allowed characters to access unintended data. Affected...

ai.h2o:h2o-orc-parser (>=3.10.0.5 <=3.10.3.6), co.cask.hydrator:hive-plugins (>=1.2.0 <=2.1.2) +90 more potentially affected by CVE-2026-40563 via org.apache.atlas:atlas-intg (>=0.8-incubating <=2.4.0)

org.apache.atlas:atlas-intg MAVEN version =0.8-incubating, =3.10.0.5, =1.2.0, =0.1.1, =0.1.1, =0.1.1, =0.2.7, =2.2.0, =2.8.0 - io.github.hiverunner:hiverunner =7.0.0 - io.starburst.openx.data:json-serde =1.3.9-e.8 - io.starburst.openx.data:json-serde-cdh7-shim =1.3.9-e.8 -...

CVE-2026-40563

Description: Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Atlas Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within grammar-allowed characters to access unintended data Affect...

CVE-2026-40563 Apache Atlas: Script injection allows access to unintended data

Description: Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Atlas Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within grammar-allowed characters to access unintended data Affect...

CVE-2026-6849 OS Command Injection in TUBITAK BILGEM's Pardus OS My Computer

Improper neutralization of special elements used in an OS command 'OS command injection' vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus OS My Computer allows OS Command Injection. This issue affects Pardus OS My Computer: from =0.7.5 before 0.8.0...

CVE-2026-6849 OS Command Injection in TUBITAK BILGEM's Pardus OS My Computer

Improper neutralization of special elements used in an OS command 'OS command injection' vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus OS My Computer allows OS Command Injection. This issue affects Pardus OS My Computer: from =0.7.5 before 0.8.0...

CVE-2025-68468 affecting package avahi for versions less than 0.8-6

CVE-2025-68468 affecting package avahi for versions less than 0.8-6. A patched version of the package is available...

CVE-2026-24401 affecting package avahi for versions less than 0.8-7

CVE-2026-24401 affecting package avahi for versions less than 0.8-7. A patched version of the package is available...

CVE-2025-68471 affecting package avahi for versions less than 0.8-6

CVE-2025-68471 affecting package avahi for versions less than 0.8-6. A patched version of the package is available...

CVE-2025-68276 affecting package avahi for versions less than 0.8-6

CVE-2025-68276 affecting package avahi for versions less than 0.8-6. A patched version of the package is available...

CVE-2026-24401 affecting package avahi for versions less than 0.8-5

CVE-2026-24401 affecting package avahi for versions less than 0.8-5. A patched version of the package is available...

CVE-2025-68471 affecting package avahi for versions less than 0.8-5

CVE-2025-68471 affecting package avahi for versions less than 0.8-5. A patched version of the package is available...

CVE-2025-68276 affecting package avahi for versions less than 0.8-5

CVE-2025-68276 affecting package avahi for versions less than 0.8-5. A patched version of the package is available...

CVE-2025-68468 affecting package avahi for versions less than 0.8-5

CVE-2025-68468 affecting package avahi for versions less than 0.8-5. A patched version of the package is available...

AZL-75204 CVE-2026-24401 affecting package avahi for versions less than 0.8-5

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions 0.9rc2 and below, avahi-daemon can be crashed via a segmentation fault by sending an unsolicited mDNS response containing a recursive CNAME record, where the alias and canonica...