CVE-2026-35049

The CVE-2026-35049 entry affects the wire-ios iOS client. Before version 4.16.0, processing a crafted Proteus external message with an encrypted payload under 16 bytes causes an automatic crash after receipt. The malicious message remains in the conversation and causes a crash loop on relaunch, p...

AstrBot Makes Use of Hard-coded Password

A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.16.0. This issue affects some unknown processing of the file astrbot/dashboard/routes/auth.py of the component Dashboard. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The...

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the internal stream buffers SmtpStream, ImapStream, and Pop3Stream not being flushed during the STARTTLS upgrade process. An attacker c...

CVE-2026-33874

Gematik Authenticator securely authenticates users for login to digital health applications. Starting in version 4.12.0 and prior to version 4.16.0, the Mac OS version of the Authenticator is vulnerable to remote code execution, triggered when victims open a malicious file. Update the gematik...

CVE-2026-33875 Authenticator Vulnerable to Authentication Flow Hijack

Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to authenticate with the identities of victim users who click on a malicious deep link. Update...

CVE-2026-33875 Authenticator Vulnerable to Authentication Flow Hijack

Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to authenticate with the identities of victim users who click on a malicious deep link. Update...

CVE-2026-33874 Authenticator vulnerable to Remote Code Execution

Gematik Authenticator securely authenticates users for login to digital health applications. Starting in version 4.12.0 and prior to version 4.16.0, the Mac OS version of the Authenticator is vulnerable to remote code execution, triggered when victims open a malicious file. Update the gematik...

CVE-2026-33874

The issue concerns the Mac OS version of the gematik Authenticator. From version 4.12.0 up to, but not including, 4.16.0, it is affected by a remote code execution vulnerability triggered when a user opens a malicious file. The vulnerability’s impact is rated high with local access and user inter...

CVE-2026-33874 Authenticator vulnerable to Remote Code Execution

Gematik Authenticator securely authenticates users for login to digital health applications. Starting in version 4.12.0 and prior to version 4.16.0, the Mac OS version of the Authenticator is vulnerable to remote code execution, triggered when victims open a malicious file. Update the gematik...

PT-2026-28546

Name of the Vulnerable Software and Affected Versions Gematik Authenticator versions prior to 4.16.0 Description Gematik Authenticator is used to securely authenticate users for login to digital health applications. Versions prior to 4.16.0 are susceptible to authentication flow hijacking. An...

Authenticator 安全漏洞

Authenticator is an authentication tool developed by Authenticator Extension. Versions of Authenticator prior to 4.16.0 contained a security vulnerability. This vulnerability stemmed from the possibility that the authentication process could be hijacked, allowing attackers to use the identity of...

PT-2026-28545

Name of the Vulnerable Software and Affected Versions Gematik Authenticator versions 4.12.0 through 4.15.9 Description The Gematik Authenticator, used for secure user authentication in digital health applications, has a flaw on Mac OS systems. Opening a specially crafted file can lead to remote...

Authenticator 操作系统命令注入漏洞

Authenticator is an authentication tool developed by Authenticator Extension. Versions of Authenticator from 4.12.0 to 4.16.0 contained a vulnerability related to operating system command injection. This vulnerability could lead to remote code execution when the victim opens malicious files on a...

OPENSUSE-SU-2026:10312-1 python311-pymongo-4.16.0-1.1 on GA media

These are all security issues fixed in the python311-pymongo-4.16.0-1.1 package on the GA media of openSUSE Tumbleweed...

Apache CloudStack 安全漏洞

Apache CloudStack is a suite of Infrastructure-as-a-Service IaaS cloud computing platforms from the Apache USA Foundation. The platform is primarily used to deploy and manage large networks of virtual machines. A security vulnerability exists in Apache CloudStack version 4.16.0 that stems from th...

Important: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.16.0 security, enhancement & bug fix update

Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.16.0 on Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System...

Critical: Red Hat Security Advisory: OpenShift Container Platform 4.16.0 security and extras update

Red Hat OpenShift Container Platform release 4.16.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a...

Design/Logic Flaw

Several versions of ALEOS, including ALEOS 4.16.0, include an opensource third-party component which can be exploited from the local area network, resulting in a Denial of Service condition for the captive portal...

Hardcoded credentials

Several versions of ALEOS, including ALEOS 4.16.0, use a hardcoded SSL certificate and private key. An attacker with access to these items could potentially perform a man in the middle attack between the ACEManager client and ACEManager server...

CVE-2023-40465 Improper input leads to DoS

Several versions of ALEOS, including ALEOS 4.16.0, include an opensource third-party component which can be exploited from the local area network, resulting in a Denial of Service condition for the captive portal...