2953 matches found
CVE-2026-36438
The CVE-2026-36438 entry concerns Intelbras VIP-1230-D-G4, firmware V2.800.00IB00C.0.T. A vulnerability in the password reset functionality under /OutsideCmd could allow a remote attacker to obtain sensitive information. The provided sources indicate an information-disclosure issue but do not spe...
com.drobisch:flink-connector-elasticsearch-e2e-tests-common (>=4.0.0-serde-fixes <=4.0.5-fault-tolerant), com.drobisch:flink-connector-elasticsearch6-e2e-tests (>=4.0.0-serde-fixes <=4.0.5-fault-tolerant) +25 more potentially affected by CVE-2026-35194 via org.apache.flink:flink-table-api-java (>=2.0.0 <=2.0.1)
org.apache.flink:flink-table-api-java MAVEN version =2.0.0, =4.0.0-serde-fixes, =4.0.0-serde-fixes, =4.0.0-serde-fixes, =26.0.0, =0.2.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.1 and more Source cves: CVE-2026-35194 Source advisory: OSV:GHSA-2F54-V4HM-FX73...
CVE-2026-43989
JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the uploadwasm MCP tool accepted a filesystem path from the agent and uploaded whatever bytes the path resolved to, with no validation of location, symlink target, file size, or file format. This vulnerability is...
NPM: n8n Has an XML Node Prototype Pollution Patch Bypass
NPM: n8n Has an XML Node Prototype Pollution Patch Bypass vulnerability discovered by ? in WordPress Npm n8n versions 1.123.43...
[SECURITY] [DSA 6270-1] postgresql-17 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6270-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 14, 2026 https://www.debian.org/security/faq -...
CVE-2026-43991
JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, substring-based blocklist in plugin-shell's command-safety check could be bypassed by adversarial argument constructions, allowing unauthorized command execution on the host when combined with the companion...
CVE-2026-43992
JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, every MCP write tool sendtokens, executecontract, instantiatecontract, uploadwasm, ibctransfer, etc. accepted 'mnemonic: string' as an explicit tool-call parameter. The BIP-39 seed was consequently embedded in th...
CVE-2026-43993
JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the WAVS bridge's computeDataVerify called fetch on agent-supplied URLs without validating scheme, port, or resolved IP, resulting in an SSRF vulnerability. This vulnerability is fixed in 0.x.y-security-1...
EUVD-2026-29542
JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the WAVS bridge's computeDataVerify called fetch on agent-supplied URLs without validating scheme, port, or resolved IP, resulting in an SSRF vulnerability. This vulnerability is fixed in 0.x.y-security-1...
EUVD-2026-29539
JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, plugin-shell's runcommand wrapped every agent-supplied command in 'sh -c' / 'cmd /C' and passed the full argument string to the shell's parser, allowing shell metacharacters in agent-supplied arguments to be...
EUVD-2026-29538
JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the uploadwasm MCP tool accepted a filesystem path from the agent and uploaded whatever bytes the path resolved to, with no validation of location, symlink target, file size, or file format. This vulnerability is...
PT-2026-40105
JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the WAVS bridge's computeDataVerify called fetch on agent-supplied URLs without validating scheme, port, or resolved IP, resulting in an SSRF vulnerability. This vulnerability is fixed in 0.x.y-security-1...
PT-2026-40102
JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, plugin-shell's run command wrapped every agent-supplied command in 'sh -c' / 'cmd /C' and passed the full argument string to the shell's parser, allowing shell metacharacters in agent-supplied arguments to be...
-fides-amor-et-lux (=1.0.0), -price-checker (>=1.0.0 <=1.0.5) +35597 more potentially affected by CVE-2026-45736 via ws (>=8.0.0 <=8.20.0)
ws NPM version =8.0.0, =1.0.0, =1.0.0, =1.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =0.1.0, =1.0.0-beta.3 - 0g-vibekit =0.1.0 - 0g-zksettlement-client =1.0.0 and more Source cves: CVE-2026-45736 Source advisory: SNYK:JS-WS-16722635...
Unity Linux 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-017515)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017515 advisory. In ParseMetaGeometry of MagickCore/geometry.c, image height and width calculations can lead to divide- by-zero conditions which also lead to undefined behavior. This...
Unity Linux 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-017608)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017608 advisory. A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form...
Unity Linux 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-017563)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017563 advisory. A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior...
Unity Linux 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-017602)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017602 advisory. A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in...
Unity Linux 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-017620)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017620 advisory. A flaw was found in ImageMagick in MagickCore/quantum-export.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined...
Unity Linux 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-017520)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017520 advisory. In ImageMagick, there is an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h. This flaw affects ImageMagick versions...