1056 matches found
EUVD-2026-33714
Nextcloud is an open source content collaboration platform. From version 0.8.0 to before version 1.0.4, the view filter criteria is exposed to users with read-only permissions in Nextcloud Tables. This issue has been patched in versions 1.0.4 and 2.0.0...
CVE-2026-45544 Nextcloud: Information Disclosure of view filter metdata via Broken Sensitive Data Masking in ViewService
Nextcloud is an open source content collaboration platform. From version 0.8.0 to before version 1.0.4, the view filter criteria is exposed to users with read-only permissions in Nextcloud Tables. This issue has been patched in versions 1.0.4 and 2.0.0...
CVE-2026-45544
CVE-2026-45544 affects Nextcloud Tables, part of the Nextcloud platform. From version 0.8.0 to before 1.0.4, the view filter criteria was exposed to users with read‑only permissions, enabling potential disclosure of metadata through the table view. The issue is mitigated by upgrading to Nextcloud...
CVE-2026-45544
Nextcloud is an open source content collaboration platform. From version 0.8.0 to before version 1.0.4, the view filter criteria is exposed to users with read-only permissions in Nextcloud Tables. This issue has been patched in versions 1.0.4 and 2.0.0...
NextCloud Tables SQL Injection Vulnerability
NextCloud Tables is an open-source table-based application developed by NextCloud. Versions of NextCloud Tables from 0.7.0 to 0.7.7, 0.8.0 to 0.8.10, 0.9.0 to 0.9.8, and 1.0.0 to 1.0.4 have SQL injection vulnerabilities. These vulnerabilities stem from stored injection attacks, allowing...
Fedora 43 : podofo (2026-19873e3fac)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-19873e3fac advisory. Update to podof-1.0.4. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...
Fedora 44 : podofo (2026-5c81faa7bf)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-5c81faa7bf advisory. Update to podof-1.0.4. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...
Astra Linux - уязвимость в libde265
libde265 v1.0.4 contains a heap buffer overflow vulnerability in the mmloadlepi64 function, which can be exploited through a specially crafted file...
Malicious code in apex-connector (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 33a26a7f829a26ef83ab119b6d61de6109d553f0b34432bf1efb37d5f56f4064 The package apex-connector was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-3816 Malicious code in apex-connector (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 33a26a7f829a26ef83ab119b6d61de6109d553f0b34432bf1efb37d5f56f4064 The package apex-connector was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in apexomni-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24e9d6ad71ac3eb0c091e0d70625e7daec5ed0352e8b8a4ed2273f2563aafad9 The package apexomni-node was found to contain malicious code. Source: ghsa-malware 7412ab94dec4136827a9aaa0f414452c3bbf8f23b2ea6820b29a1b4e8cc156f5...
Malicious code in apex-trading (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7cf744353f06f389c92cd15c56bf0ec7d29860e8af7c9618413cf65e455428eb The package apex-trading was found to contain malicious code. Source: ossf-package-analysis...
UBUNTU-CVE-2026-44348
PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in computehashtosign in src/podofo/private/OpenSSLInternalRipped.cpp. If EVPDigestFinal fails after buf has already been freed, the Error label frees buf a second time, causing heap...
EUVD-2026-30337
PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in computehashtosign in src/podofo/private/OpenSSLInternalRipped.cpp. If EVPDigestFinal fails after buf has already been freed, the Error label frees buf a second time, causing heap...
CVE-2026-44348 PoDoFo: Double-free vulnerability in compute_hash_to_sign()
PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in computehashtosign in src/podofo/private/OpenSSLInternalRipped.cpp. If EVPDigestFinal fails after buf has already been freed, the Error label frees buf a second time, causing heap...
CVE-2026-44348
PoDoFo 1.0.0 through before 1.0.4 contains a double‑free in compute_hash_to_sign() (OpenSSLInternal_Ripped.cpp). If EVP_DigestFinal fails after buf has already been freed, the Error path frees buf a second time, causing heap corruption. A fix is available in 1.0.4. Affected installations should u...
CVE-2026-44348
PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in computehashtosign in src/podofo/private/OpenSSLInternalRipped.cpp. If EVPDigestFinal fails after buf has already been freed, the Error label frees buf a second time, causing heap...
PT-2026-40963
PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in compute hash to sign in src/podofo/private/OpenSSLInternal Ripped.cpp. If EVP DigestFinal fails after buf has already been freed, the Error label frees buf a second time, causing heap...
agent-nexus-cli (>=0.1.0 <=0.1.31), agentiva (>=0.1.0 <=0.1.5) +24 more potentially affected by CVE-2026-45134 via langchain-classic (>=1.0.0 <=1.0.4)
langchain-classic PYPI version =1.0.0, =0.1.0, =0.1.0, =0.1.0, =3.0.3, =0.1.0, =0.1.0, =0.4.0, =0.8.0, =1.10.5, =0.4.0.dev7, =0.0.1, =0.1.2 and more Source cves: CVE-2026-45134 Source advisory: OSV:GHSA-3644-Q5CJ-C5C7...
CVE-2026-43900
DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, a Cross-Site Scripting XSS vulnerability exists due to a discrepancy between the backend validation layer and the frontend browser rendering engine. The SVGSanitizer...