35 matches found
@0l00000l/auth (>=1.0.0 <=1.0.8), @0xchain/telemetry (>=1.1.0-beta.8 <=1.1.0-beta.18) +990 more potentially affected by CVE-2026-44288 via protobufjs (>=8.0.0 <=8.0.1)
protobufjs NPM version =8.0.0, =1.0.0, =1.1.0-beta.8, =0.8.0, =1.0.0, =1.1.4, =2.1.4, =0.3.1, =0.3.1, =0.7.1, =0.9.0 - @access-mcp/software-discovery =0.8.0 and more Source cves: CVE-2026-44288 Source advisory: SNYK:JS-PROTOBUFJS-16643234...
@ardeora/start-devtools (>=1.0.0 <=1.0.1), @brendonovich/solidjs__start (>=0.0.0 <=0.0.3) +39 more potentially affected by unknown CVE via @tanstack/router-utils (>=1.121.0-alpha.28 <=1.158.0)
@tanstack/router-utils NPM version =1.121.0-alpha.28, =1.0.0, =0.0.0, =1.0.0, =1.0.11, =0.1.0, =1.1.0, =1.121.0-alpha.28, =1.20.3-alpha.1, =1.111.10, =1.20.3-alpha.1, =1.111.10, =1.111.10, =1.121.0-alpha.28, =1.161.3 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-3479...
PT-2026-38595
Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions 3.19.1 through 3.19.5 GitHub Enterprise Server versions 3.20.0 through 3.20.1 Description A reflected HTML injection issue exists in the Management Console login page. The redirect to query parameter on the...
EUVD-2026-26315
ICMPv6 PvD protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...
africa.absa:inception-application (>=1.1.0 <=1.2.0), africa.absa:inception-test (>=1.1.0 <=1.2.0) +2764 more potentially affected by CVE-2026-22745 via org.springframework:spring-webflux (>=5.0.0.RELEASE <=5.3.4)
org.springframework:spring-webflux MAVEN version =5.0.0.RELEASE, =1.1.0, =1.1.0, =0.5.0, =0.5.0, =0.5.0, =j8.2.2.0, =0.0.1, =v0.3.12, =v0.3.10, =v0.3.12, =2.1.2.RELEASE, =4.1.36, =4.1.7, =4.7.1 - br.com.m4rc310:br-com-m4rc310-graphql =1.0.1 - br.com.m4rc310:br-com-m4rc310-libs =1.0.1 and more...
CVE-2026-35074
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of special elements used in an OS Command Injection vulnerability. A high privileged attacker...
airflow-clickhouse-plugin (>=1.3.0 <=1.4.0), airflow-dagfactory (=0.19.1) +28 more potentially affected by CVE-2025-69219 via apache-airflow-providers-http (>=5.2.1 <=6.0.0)
apache-airflow-providers-http PYPI version =5.2.1, =1.3.0, =0.0.1, =0.0.9, =0.9.2, =2.9.0, =1.0.0, =0.1.34, =2.10.3, =1.7.3, =1.8.0rc2, =4.3.0, =5.1.1 and more Source cves: CVE-2025-69219 Source advisory: SNYK:PYTHON-APACHEAIRFLOWPROVIDERSHTTP-15441017...
PT-2026-6102
Name of the Vulnerable Software and Affected Versions GLPI versions 0.85 through 10.0.22 Description GLPI is an asset and IT management software package. An authenticated user can perform a SQL injection. This allows for potential unauthorized access or modification of data within the system...
CVE-2026-21978
Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications component: Relationship Pricing. Supported versions that are affected are 14.0.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...
aws-greengrass-nucleus (>=0.0.3 <=0.0.7) potentially affected by unknown CVE via aws-sdk-greengrassv2 (>=0.15.0 <=0.18.0)
aws-sdk-greengrassv2 CARGO version =0.15.0, =0.0.3, =0.0.7 Source cves: unknown CVE Source advisory: OSV:GHSA-G59M-GF8J-GJF5...
acherion (>=0.2.0 <=0.5.3), aesp (=2025.9.12) +224 more potentially affected by CVE-2026-21874 via nicegui (>=2.11.0 <=3.3.1)
nicegui PYPI version =2.11.0, =0.2.0, =1.0.0, =0.0.1, =0.1.0, =0.2.200, =0.3.0, =0.3.0, =0.0.0, =0.4.14, =1.0.0, =0.4.4, =0.4.9 and more Source cves: CVE-2026-21874 Source advisory: OSV:GHSA-MP55-G7PJ-RVM2...
AZL-68736 CVE-2025-40778 affecting package bind for versions less than 9.20.15-1
Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.11.3-S1 through...
@remirror/core (>=0.2.0 <=0.11.0), @remirror/core-extensions (>=0.2.0 <=0.13.1) +42 more potentially affected by CVE-2025-57352 via min-document (>=2.17.0 <=2.19.0)
min-document NPM version =2.17.0, =0.2.0, =0.2.0, =0.4.2-ci.1569229282.9, =0.4.2-canary.2, =0.4.2-ci.1569229282.9, =0.4.2-ci.1569229282.9, =0.2.0, =0.2.0, =0.2.0, =0.4.0, =0.4.2-ci.1569229282.9, =0.2.0, =0.2.0, =0.2.0, =0.4.2-ci.1569229282.9, =0.13.1 and more Source cves: CVE-2025-57352 Source...
CVE-2025-58362 Hono contains a flaw in URL path parsing, potentially leading to path confusion
Hono is a Web application framework that provides support for any JavaScript runtime. Versions 4.8.0 through 4.9.5 contain a flaw in the getPath utility function which could allow path confusion and potential bypass of proxy-level ACLs e.g. Nginx location blocks. The original implementation relie...
CVE-2025-49410
CVE-2025-49410- WordPress Portfolio Manager Pro Plugin <= 3.8 – Unauthenticated Arbitrary File Upload vulnerability. According to Patchstack and CVE records, it allows uploading a dangerous file (e.g., web shell) due to improper file handling, enabling potential remote code execution on affect...
3m (=0.1.0), aaa-ml-datasets-course (=1.0.0) +1728 more potentially affected by CVE-2025-3263 via transformers (>=2.10.0 <=4.50.3)
transformers PYPI version =2.10.0, =0.1.0, =0.1.1, =0.1.0, =0.0.3, =0.0.1, =0.0.0.dev20230804, =0.1.0, =0.3.0, =0.1.0, =0.2.5, =0.2.11 and more Source cves: CVE-2025-3263 Source advisory: OSV:GHSA-Q2WP-RJMX-X6X9...
Jmix 安全漏洞
Jmix is a set of libraries and tools from Jmix, Inc. for accelerating Spring Boot data-centric application development. A security vulnerability exists in Jmix versions 1.0.0 through 1.6.1 and 2.0.0 through 2.3.4, which stems from an improper file size limitation and could result in a denial of...
chameli (>=0.1.12 <=0.1.13), clotho (=0.1.0) +17 more potentially affected by CVE-2025-23217 via mitmproxy (>=0.17.0 <=11.0.2)
mitmproxy PYPI version =0.17.0, =0.1.12, =0.1.0, =4.0.0, =0.34.0, =0.11.0, =2.0.0b0, =1.0.0, =0.9.0, =1.0.0, =1.1.0, =1.0.0, =1.1.0 and more Source cves: CVE-2025-23217 Source advisory: OSV:GHSA-WG33-5H85-7Q5P...
ai.catboost:catboost-spark_2.11 (>=0.25-rc1 <=0.25-rc3), ai.catboost:catboost-spark_2.12 (>=0.25-rc1 <=0.25-rc3) +3876 more potentially affected by CVE-2024-36114 via io.airlift:aircompressor (>=0.10 <=0.26)
io.airlift:aircompressor MAVEN version =0.10, =0.25-rc1, =0.25-rc1, =0.25, =0.25, =0.25, =1.0.1, =1.0.6, =1.0.6, =1.1, =1.1.1, =1.2, =1.2, =1.2.3, =1.2.3, =0.0.25, =def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91 and more Source cves: CVE-2024-36114 Source advisory: OSV:GHSA-973X-65J7-XCF4...
3loc (>=0.1.0 <=0.4.0), 3scale (>=0.2.0 <=0.6.2) +657 more potentially affected by CVE-2024-34392 via libxmljs (>=0.10.0 <=1.0.11)
libxmljs NPM version =0.10.0, =0.1.0, =0.2.0, =0.3.2, =0.0.1, =4.0.1, =1.10.4, =1.8.1, =1.5.8, =1.5.1, =1.8.3, =0.1.0, =1.0.1, =1.2.0 and more Source cves: CVE-2024-34392 Source advisory: OSV:GHSA-MG49-JQGW-GCJ6...