EUVD-2026-33282

Incorrect permission settings on a critical resource in Suprema BioStar 2 versions 2.9.3 through 2.9.11 that allow backup files to be publicly exposed when the administrator configures their path within the NGINX webroot. This vulnerability allows an attacker with network access to directly...

CVE-2026-42188 Geyser: Server-Side Request Forgery (SSRF) via Player Head Texture URL

Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: Java Edition. Prior to 2.9.3, a server-side request forgery SSRF vulnerability exists in Geyser’s handling of Bedrock player head texture data. By supplying a crafted Base64-encoded skin texture URL via the /give command, an...

CVE-2026-42188 Geyser: Server-Side Request Forgery (SSRF) via Player Head Texture URL

Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: Java Edition. Prior to 2.9.3, a server-side request forgery SSRF vulnerability exists in Geyser’s handling of Bedrock player head texture data. By supplying a crafted Base64-encoded skin texture URL via the /give command, an...

CVE-2026-27496 n8n has In-Process Memory Disclosure in its Task Runner

n8n is an open source workflow automation platform. Prior to versions 1.123.22, 2.9.3, and 2.10.1, an authenticated user with permission to create or modify workflows could use the JavaScript Task Runner to allocate uninitialized memory buffers. Uninitialized buffers may contain residual data fro...

CVE-2026-27496 n8n has In-Process Memory Disclosure in its Task Runner

n8n is an open source workflow automation platform. Prior to versions 1.123.22, 2.9.3, and 2.10.1, an authenticated user with permission to create or modify workflows could use the JavaScript Task Runner to allocate uninitialized memory buffers. Uninitialized buffers may contain residual data fro...

2mxdev-gql-gateway (=1.0.0), @2mxdev/gql-gateway (>=1.0.0 <=4.0.2) +272 more potentially affected by CVE-2026-32621 via @apollo/gateway (>=0.10.4 <=2.9.3)

@apollo/gateway NPM version =0.10.4, =1.0.0, =1.0.0, =0.0.7, =0.0.1-feature-ci-publish.2, =0.0.1-feature-ci-publish.2, =0.6.5, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.0.1, =0.0.22 and more Source cves: CVE-2026-32621 Source advisory: OSV:GHSA-PFJJ-6F4P-RVMH...

CVE-2026-27577

CVE-2026-27577 concerns n8n’s expression evaluation in workflow parameters, enabling remote code execution when an authenticated user with workflow edit rights crafts expressions. The issue is the expression sandbox escape leading to unintended host command execution. Affected releases are before...

CVE-2026-27497

CVE-2026-27497 is connected to the n8n advisory GHSA-WXX7-MCGF-J869, which documents a remote code execution risk in the Merge node when used in SQL query mode. An authenticated user with permission to create or modify workflows can cause arbitrary code execution and write files on the n8n server...

n8n 代码注入漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 2.10.1, 2.9.3, and 1.123.22 contained a code injection vulnerability. This vulnerability stemmed from defects in the JavaScript Task Runner sandbox, which could allow authenticated users with...

OPENSUSE-SU-2026:10054-1 php-composer2-2.9.3-1.1 on GA media

These are all security issues fixed in the php-composer2-2.9.3-1.1 package on the GA media of openSUSE Tumbleweed...

Fedora 43 : composer (2026-0b03072979)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-0b03072979 advisory. Version 2.9.3 - 2025-12-30 Security: Fixed ANSI sequence injection GHSA-59pp-r3rg-353g / CVE-2025-67746 Fixed COMPOSERNOSECURITYBLOCKING env var not being...

Improper Encoding or Escaping of Output

Overview composer/composer is a Dependency Manager for PHP. Composer helps you declare, manage and install dependencies of PHP projects. It ensures you have the right stack everywhere. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output for certain ConsoleI...

CVE-2025-67746

Composer is a dependency manager for PHP. In versions on the 2.x branch prior to 2.2.26 and 2.9.3, attackers controlling remote sources that Composer downloads from might in some way inject ANSI control characters in the terminal output of various Composer commands, causing mangled output and...

UBUNTU-CVE-2025-67746

Composer is a dependency manager for PHP. In versions on the 2.x branch prior to 2.2.26 and 2.9.3, attackers controlling remote sources that Composer downloads from might in some way inject ANSI control characters in the terminal output of various Composer commands, causing mangled output and...

EUVD-2025-205815

Composer is a dependency manager for PHP. In versions on the 2.x branch prior to 2.2.26 and 2.9.3, attackers controlling remote sources that Composer downloads from might in some way inject ANSI control characters in the terminal output of various Composer commands, causing mangled output and...

Composer 注入漏洞

Composer is a Composer open source application. Provides a declaration, management and installation of PHP project dependencies. An injection vulnerability exists in Composer versions prior to 2.2.26 and prior to 2.9.3, which stems from the possibility that an attacker could inject ANSI control...

Important: Red Hat Security Advisory: Streams for Apache Kafka 2.9.3 release and security update

Streams for Apache Kafka 2.9.3 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

EUVD-2025-24778

Malicious code in bioql PyPI...

EUVD-2022-51662

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2018-7688

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A missing permission check in the review handling of openSUSE Open Build Service before 2.9.3 allowed all authenticated users to modify sources in projects wher...