12943 matches found
com.espertech:esperio-springjms (=9.0.0), org.apache.activemq.tooling:activemq-maven-plugin (>=6.0.0 <=6.2.3) +5 more potentially affected by CVE-2026-41044 via org.apache.activemq:activemq-all (>=6.0.0 <=6.2.3)
org.apache.activemq:activemq-all MAVEN version =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.2.3 Source cves: CVE-2026-41044 Source advisory: OSV:GHSA-MR6M-XJ7V-3CV3...
CVE-2026-5121 affecting package libarchive for versions less than 3.7.7-6
CVE-2026-5121 affecting package libarchive for versions less than 3.7.7-6. A patched version of the package is available...
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the GET routes that change state. An attacker can cause authenticated users to unintentionally delete files or create directories by tricking them into visiting a crafted URL, as there is no validatio...
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the GET routes that change state. An attacker can cause authenticated users to unintentionally delete files or create directories by tricking them into visiting a crafted URL, as there is no validatio...
CVE-2026-40903
goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs has an ArtiPACKED vulnerability. ArtiPACKED can lead to leakage of the GITHUBTOKEN through workflow artifacts, even though the token is not present in the repository source code. This vulnerability is fixed in 2.0.0-beta.6...
CVE-2026-40903
CVE-2026-40903 – Goshs ArtiPACKED vulnerability : goshs is a SimpleHTTPServer written in Go. Before 2.0.0-beta.6, it is affected by an ArtiPACKED vulnerability that can lead to leakage of the GITHUB_TOKEN through workflow artifacts, even if the token is not present in the repository source code. ...
CVE-2026-40903 Goshs - ArtiPACKED Vulnerability – GitHub Actions Credential Persistence
goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs has an ArtiPACKED vulnerability. ArtiPACKED can lead to leakage of the GITHUBTOKEN through workflow artifacts, even though the token is not present in the repository source code. This vulnerability is fixed in 2.0.0-beta.6...
CVE-2026-40884 goshs: Empty-username SFTP password authentication bypass in goshs
goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs contains an SFTP authentication bypass when the documented empty-username basic-auth syntax is used. If the server is started with -b ':pass' together with -sftp, goshs accepts that configuration but does not install any SFTP...
CVE-2026-40884
CVE-2026-40884 (goshs) affects the SFTP service in goshs, a Go SimpleHTTPServer. Before 2.0.0-beta.6, starting the server with the documented empty-username basic-auth syntax (for example, -b ':pass' together with -sftp) can bypass SFTP password authentication because no password handler is insta...
PT-2026-34060
Name of the Vulnerable Software and Affected Versions goshs versions prior to 2.0.0-beta.6 Description goshs is a SimpleHTTPServer written in Go. An ArtiPACKED issue allows the leakage of the GITHUB TOKEN through workflow artifacts, even when the token is not included in the repository source cod...
[SECURITY] Fedora 44 Update: kf6-threadweaver-6.25.0-1.fc44
KDE Frameworks 6 Tier 1 addon for advanced thread management...
[SECURITY] Fedora 44 Update: kf6-kiconthemes-6.25.0-1.fc44
KDE Frameworks 6 Tier 3 integration module with icon themes...
CVE-2026-3784 affecting package curl for versions less than 8.11.1-6
CVE-2026-3784 affecting package curl for versions less than 8.11.1-6. A patched version of the package is available...
CVE-2026-35388 affecting package openssh for versions less than 9.8p1-6
CVE-2026-35388 affecting package openssh for versions less than 9.8p1-6. A patched version of the package is available...
Timing Attack
Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Timing Attack via the login endpoint. An attacker can determine whether a username or email exists in the database by...
Parse Server 安全漏洞
Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. There were security vulnerabilities in versions of Parse Server prior to 9.8.0-alpha.6 and 8.6.74. These vulnerabilities stemmed from differences in login endpoint...
CVE-2026-25727 affecting package rust for versions less than 1.90.0-6
CVE-2026-25727 affecting package rust for versions less than 1.90.0-6. A patched version of the package is available...
CVE-2026-25541 affecting package rust for versions less than 1.90.0-6
CVE-2026-25541 affecting package rust for versions less than 1.90.0-6. A patched version of the package is available...
CVE-2026-3731 affecting package libssh for versions less than 0.10.6-6
CVE-2026-3731 affecting package libssh for versions less than 0.10.6-6. A patched version of the package is available...
strongSwan CVE-2026-25075 Vulnerability Assessment Tool
This tool allows you to safely detect whether a strongSwan VPN server is vulnerable to CVE-2026-25075 without causing any disruption. CVE-2026-25075 is an integer underflow vulnerability in strongSwan's EAP-TTLS plugin that allows remote, unauthenticated attackers to crash the IKE daemon through ...