11418 matches found
EUVD-2026-31738
Apache Shiro’s Jakarta EE module used the HTTP Referer header in certain cases to issue redirect after a user login. In affected versions, insufficient validation of this client-controlled value could allow an attacker to influence the redirect target in applications using the Jakarta EE module...
CVE-2026-48589
Apache Shiro’s Jakarta EE module used the HTTP Referer header in certain cases to issue redirect after a user login. In affected versions, insufficient validation of this client-controlled value could allow an attacker to influence the redirect target in applications using the Jakarta EE module...
CVE-2018-25378
Notebook Pro 2.0 is affected by a local denial-of-service vulnerability in the New Notebook Name field. An attacker can crash the application by supplying a string of 500+ characters, e.g., via a crafted text file pasted into the name field and attempting to create/save the notebook. The vulnerab...
Apache Shiro 安全漏洞
Apache Shiro is a set of Java security frameworks for performing authentication, authorization, encryption, and session management from the Apache Foundation USA. A security vulnerability exists in Apache Shiro versions 2.0-alpha through 2.2.0 and 3.0.0-alpha-1, which stems from insufficient...
Unity Linux 20.1070e Security Update: wildfly-core (UTSA-2026-016736)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016736 advisory. Apache Log4j2 2.0-beta9 through 2.15.0 excluding security releases 2.12.2, 2.12.3, and 2.3.1 JNDI features used in configuration, log messages, and parameters do not...
Unity Linux 20.1070e Security Update: netty (UTSA-2026-016700)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016700 advisory. Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an...
Unity Linux 20.1070e Security Update: netty (UTSA-2026-016738)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016738 advisory. Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a...
Unity Linux 20.1070e Security Update: infinispan (UTSA-2026-016719)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016719 advisory. Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an...
CVE-2026-7887 For Concrete CMS 9.5.0 and below, OAuth 2.0 Authorization-Code Handler Bypasses Account Status
For Concrete CMS 9.5.0 and below, OAuth 2.0 Authorization-Code Handler Bypasses Account Status. A user with uIsActive=0 suspended, banned, terminated employee can still authenticate via OAuth and receive valid API tokens. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score o...
Astra Linux – Vulnerability in gtk+3.0, gtk+2.0
A flaw was discovered in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current working directory...
@agentscope-ai/chat (>=1.1.43 <=1.1.68-beta.1780902884191), @ant-design/charts (>=2.2.2 <=2.6.7) +72 more potentially affected by unknown CVE via @antv/g-svg (>=2.0.0 <=2.1.1)
@antv/g-svg NPM version =2.0.0, =1.1.43, =2.2.2, =2.0.0, =1.0.0, =1.1.0, =2.0.0, =2.0.0, =0.1.6, =0.1.0, =0.1.0, =1.2.0, =2.0.28, =0.0.18, =0.0.23 and more Source cves: unknown CVE Source advisory: SNYK:JS-ANTVGSVG-16754949...
MAL-2026-3715 Malicious code in solc-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2016baa4fe29c296464b8381f88440457a113d79e2773d2252eb609a15ea2e03 package.json's postinstall lifecycle script runs node -e to base64-decode a hidden URL and pipe its contents to bash: curl -s...
PT-2026-39460
A vulnerability was found in Dotouch XproUPF 2.0.0-release-088aa7c4. This impacts the function vlib worker loop in the library /usr/xpro/upf/tools/libs/libvlib.so of the component UPF Process. The manipulation results in denial of service. The vendor was contacted early about this disclosure...
CVE-2026-39816 Apache NiFi: Missing Execute Code Required Permission on TinkerpopClientService
The optional extension component TinkerpopClientService is missing the Restricted annotation with the Execute Code Required Permission in Apache NiFi 2.0.0-M1 through 2.8.0. The TinkerpopClientService supports configuration of ByteCode Submission for the Script Submission Type, enabling Groovy...
Paying Ransom Won’t Help as VECT 2.0 Ransomware Destroys Data Irreversibly
VECT 2.0 ransomware contains fatal flaws that permanently destroy files, making recovery impossible and rendering ransom payments useless for victims worldwide...
ai.platon.pulsar:pulsar-persist (>=1.9.0 <=1.10.23), be.eliwan:eoddata-client (=1.0) +2590 more potentially affected by CVE-2026-42402 via org.apache.neethi:neethi (>=2.0 <=3.2.1)
org.apache.neethi:neethi MAVEN version =2.0, =1.9.0, =1.1.7, =1.1.9, =1.2.5, =3.00.4, =3.00.3, =4.00.10, =11.4-37, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.1.0.RELEASE and more Source cves: CVE-2026-42402 Source advisory: OSV:GHSA-G36M-9G3M-2VMP...
CVE-2026-7151
A vulnerability was determined in Tenda HG3 2.0. Impacted is the function formUploadConfig of the file /boaform/formIPv6Routing. This manipulation of the argument destNet causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed an...
CVE-2026-7160
A vulnerability was determined in Tenda HG3 2.0. This vulnerability affects the function formTracert of the file /boaform/formTracert. Executing a manipulation of the argument datasize can lead to command injection. The attack may be performed from remote. The exploit has been publicly disclosed...
CVE-2026-7151
A vulnerability was determined in Tenda HG3 2.0. Impacted is the function formUploadConfig of the file /boaform/formIPv6Routing. This manipulation of the argument destNet causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed an...
CVE-2026-7151
A vulnerability was determined in Tenda HG3 2.0. Impacted is the function formUploadConfig of the file /boaform/formIPv6Routing. This manipulation of the argument destNet causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed an...