com.alibaba.cloud:spring-cloud-starter-alibaba-nacos-config-server (=2021.0.1.0), com.bpfaas:bps-config-server-novault-spring-cloud-starter (=3.2.2) +9 more potentially affected by CVE-2026-40982 via org.springframework.cloud:spring-cloud-config-server (>=3.1.0 <=3.1.10)

org.springframework.cloud:spring-cloud-config-server MAVEN version =3.1.0, =2.1.4, =0.1, =6.5.0, =6.5.0, =2.0.1, =3.1.0, =2.1.0, =2.1.1 Source cves: CVE-2026-40982 Source advisory: OSV:GHSA-6G23-24MC-HX6X...

com.alibaba.cloud:spring-cloud-starter-alibaba-nacos-config-server (=2021.0.1.0), com.bpfaas:bps-config-server-novault-spring-cloud-starter (=3.2.2) +9 more potentially affected by CVE-2026-41004 via org.springframework.cloud:spring-cloud-config-server (>=3.1.0 <=3.1.10)

org.springframework.cloud:spring-cloud-config-server MAVEN version =3.1.0, =2.1.4, =0.1, =6.5.0, =6.5.0, =2.0.1, =3.1.0, =2.1.0, =2.1.1 Source cves: CVE-2026-41004 Source advisory: OSV:GHSA-J6HH-H3CF-C2HF...

com.alibaba.cloud:spring-cloud-starter-alibaba-nacos-config-server (=2021.0.1.0), com.bpfaas:bps-config-server-novault-spring-cloud-starter (=3.2.2) +9 more potentially affected by CVE-2026-41002 via org.springframework.cloud:spring-cloud-config-server (>=3.1.0 <=3.1.10)

org.springframework.cloud:spring-cloud-config-server MAVEN version =3.1.0, =2.1.4, =0.1, =6.5.0, =6.5.0, =2.0.1, =3.1.0, =2.1.0, =2.1.1 Source cves: CVE-2026-41002 Source advisory: OSV:GHSA-86WQ-234Q-R6WG...

Astra Linux - уязвимость в libmodbus

Stack-based Buffer Overflow vulnerability in libmodbus v3.1.10 allows to overflow the buffer allocated for the Modbus response if the function tries to reply to a Modbus request with an unexpected length...

CVE-2025-63652 affecting package fluent-bit for versions less than 3.1.10-6

CVE-2025-63652 affecting package fluent-bit for versions less than 3.1.10-6. A patched version of the package is available...

corosync-3.1.10-4.1 on GA media (moderate)

corosync-3.1.10-4.1 on GA media Announcement ID: openSUSE-SU-2026:10488-1 Rating: moderate Cross-References: CVE-2026-35091 CVSS scores: CVE-2026-35091 SUSE : 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2026-35091 SUSE : 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N...

OPENSUSE-SU-2026:10488-1 corosync-3.1.10-4.1 on GA media

These are all security issues fixed in the corosync-3.1.10-4.1 package on the GA media of openSUSE Tumbleweed...

AZL-76364 CVE-2025-63658 affecting package fluent-bit 3.1.10-4

A stack overflow in the mkhttpindexlookup function mkserver/mkhttp.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted HTTP request to the server...

AZL-76533 CVE-2025-63653 affecting package fluent-bit 3.1.10-4

An out-of-bounds read in the mkvhostfdtclose function mkserver/mkvhost.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted HTTP request to the server...

MiracleLinux 4 : squid-3.1.10-22.AXS4 (AXSA:2014-517:03)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2014-517:03 advisory. Description : Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional...

CVE-2025-12977 affecting package fluent-bit for versions less than 3.1.10-3

CVE-2025-12977 affecting package fluent-bit for versions less than 3.1.10-3. A patched version of the package is available...

AZL-71102 CVE-2025-12977 affecting package fluent-bit for versions less than 3.1.10-4

Fluent Bit inhttp, insplunk, and inelasticsearch input plugins fail to sanitize tagkey inputs. An attacker with network access or the ability to write records into Splunk or Elasticsearch can supply tagkey values containing special characters such as newlines or ../ that are treated as valid tags...

AZL-71111 CVE-2025-12970 affecting package fluent-bit for versions less than 3.1.10-2

The extractname function in Fluent Bit indocker input plugin copies container names into a fixed size stack buffer without validating length. An attacker who can create containers or control container names, can supply a long name that overflows the buffer, leading to process crash or arbitrary...

cc.cc4414:cc-spring-cloud-starter-gateway (=0.8.0), cn.acyou:leo-gateway (>=1.0.0.RELEASE <=1.1.1.RELEASE) +99 more potentially affected by CVE-2025-41253 via org.springframework.cloud:spring-cloud-gateway-server (>=2.2.10.RELEASE <=3.1.10)

org.springframework.cloud:spring-cloud-gateway-server MAVEN version =2.2.10.RELEASE, =1.0.0.RELEASE, =1.1.0, =8.1.0.286, =8.1.0.286, =2.0.1, =1.1.93, =1.1.121 and more Source cves: CVE-2025-41253 Source advisory: OSV:GHSA-FWXX-WV44-7QFG...

EUVD-2023-0567

Malicious code in bioql PyPI...

EUVD-2023-0350

Malicious code in bioql PyPI...

EUVD-2023-0330

Malicious code in bioql PyPI...

EUVD-2023-0425

Malicious code in bioql PyPI...

EUVD-2023-0305

Malicious code in bioql PyPI...

EUVD-2023-0582

Malicious code in bioql PyPI...