CVE-2026-1709 Keylime: keylime: authentication bypass allows unauthorized administrative operations due to missing client-side tls authentication

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security TLS authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing...

SUSE CVE-2026-22029

React Router is a router for React. In @remix-run/router version prior to 1.23.2 and react-router 7.0.0 through 7.11.0, React Router and Remix v1/v2 SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs...

SUSE CVE-2026-22030

React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when...

CVE-2026-22030 React Router has CSRF issue in Action/Server Action Request Processing

React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when...

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to the improper origin checks of UI route submissions in server-side route action handlers in Framework Mode. An attacker can execute unauthorized actions by tricking a user into submitting a crafted...

@accounter/client (>=0.0.3 <=0.0.9-alpha-20260108115520-32a9af5faa8ef0a01fc31a81c85715be41f0f63f), @asamanvay/auth-service (>=0.0.2 <=0.0.4) +74 more potentially affected by CVE-2026-22029 via react-router (>=7.0.0 <=7.12.0-pre.0)

react-router NPM version =7.0.0, =0.0.3, =0.0.2, =1.1.0, =0.1.9, =2.0.1-alpha, =0.0.5, =1.8.1, =1.5.0, =16.0.12, =0.1.0, =12.81.0, =8.0.254, =12.72.0, =12.86.0 and more Source cves: CVE-2026-22029 Source advisory: OSV:GHSA-2W69-QVJG-HVJX...

Keylime 代码问题漏洞

Keylime is an open source extensible trust system utilizing TPM technology from Keylime Open Source. A code issue vulnerability exists in Keylime version 7.12.0 that stems from strict type checking and could lead to proxy registration failure...

GHSA-9JXQ-5X44-GX23 Keylime registrar is vulnerable to Denial-of-Service attack when updated to version 7.12.0

Impact The Keylime registrar implemented more strict type checking on version 7.12.0. As a result, when updated to version 7.12.0, the registrar will not accept the format of the data previously stored in the database by versions = 7.8.0, raising an exception. This makes the Keylime registrar...

Important: Red Hat Security Advisory: Red Hat AMQ Broker 7.12.0 release and security update

Red Hat AMQ Broker 7.12.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Critical: Red Hat Security Advisory: Red Hat Process Automation Manager 7.12.0 security update

An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

CVE-2021-40842

Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console. The vulnerability exists due to improper input validation on the database name parameter required in certain unauthenticated APIs. A malicious URL visited by anyone with network access to the...

Sql injection

Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console. The vulnerability exists due to improper input validation on the database name parameter required in certain unauthenticated APIs. A malicious URL visited by anyone with network access to the...

CVE-2021-40842

Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console. The vulnerability exists due to improper input validation on the database name parameter required in certain unauthenticated APIs. A malicious URL visited by anyone with network access to the...

CVE-2021-26084

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before...

CVE-2019-17337 TIBCO Spotfire Server Library Vulnerable to Reflected Cross-Site Scripting

The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker to perform a reflected cross-site scripting XSS attack. Affected releases are TIBCO Software Inc.'...