@alivault/pico (>=0.1.0 <=0.1.2), @ardeora/start-devtools (>=1.0.0 <=1.0.1) +109 more potentially affected by unknown CVE via @tanstack/start-server-core (>=1.121.0-alpha.28 <=1.167.30)

@tanstack/start-server-core NPM version =1.121.0-alpha.28, =0.1.0, =1.0.0, =0.0.1, =0.5.2, =0.1.1, =0.0.4, =1.0.0, =0.2.0, =0.2.0, =0.1.1, =0.2.0, =0.2.0, =0.1.14, =0.1.0, =0.1.38 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-3490...

EUVD-2026-3490

EUVD-2026-3490...

MiracleLinux 3 : wget-1.11.4-2.1.1AXS3 (AXSA:2009-420:01)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2009-420:01 advisory. GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are...

EUVD-2024-21388

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-3490

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The eBPF ALU32 bounds tracking for bitwise ops AND, OR and XOR in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of boun...

CVE-2024-23962

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DLT interface, which listens on TCP port 3490 by default. The issue...

CVE-2024-23962 Alpine Halo9 Missing Authentication

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DLT interface, which listens on TCP port 3490 by default. The issue...

(Pwn2Own) Alpine Halo9 Missing Authentication Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DLT interface, which listens on TCP port 3490 by default. The issue...

PT-2024-20204 · Alpine · Alpine Halo9

Name of the Vulnerable Software and Affected Versions: Alpine Halo9 devices affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations. Authentication is not required to exploit this issue. The specific flaw exists...

CVE-2024-3490 WP Recipe Maker <= 9.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wprm-recipe-roundup-item Shortcode

The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wprm-recipe-roundup-item shortcode in all versions up to, and including, 9.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

Huawei EulerOS: Security Advisory for python (EulerOS-SA-2023-2415)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-3490

SQL Injection in GitHub repository fossbilling/fossbilling prior to 0.5.3...

CVE-2023-3490

CVE-2023-3490 affects fossbilling/fossbilling prior to 0.5.3. The vulnerability is a SQL injection in the KB module’s searchArticles path where the per_page input is used unsafely in getSimpleResultSet, enabling manipulation of the query. NVD/SECURITY docs rate the impact as CRITICAL (CVSS 3.1/3....

CVE-2023-3490 SQL Injection in fossbilling/fossbilling

SQL Injection in GitHub repository fossbilling/fossbilling prior to 0.5.3...

RHEL 9 : kpatch-patch (RHSA-2023:3490)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3490 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel...

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2023-1927)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Python ( CVE-2022-45061)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Python, caused by an unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder CVE-2022-45061. Python is used by our service runtime...

Amazon Linux AMI : python38 (ALAS-2023-1714)

The version of python38 installed on the remote host is prior to 3.8.5-1.9. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1714 advisory. An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing...

Oracle Linux 8 : python3 (ELSA-2023-0833)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-0833 advisory. 3.6.8-48.0.1 - Add Oracle Linux distribution in platform.py Orabug: 20812544 3.6.8-48.1 - Security fixes for CVE-2020-10735, CVE-2021-28861 and...

K43346111: Linux kernel eBPF vulnerability CVE-2021-3490

Security Advisory Description The eBPF ALU32 bounds tracking for bitwise ops AND, OR and XOR in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via...