Alibaba Sentinel - Server-side request forgery (SSRF)

There is a Pre-Auth SSRF vulnerability in Alibaba Sentinel version 1.8.2, which allows remote unauthenticated attackers to perform SSRF attacks via the /registry/machine endpoint through the ip parameter. id: CVE-2021-44139 info: name: Alibaba Sentinel - Server-side request forgery SSRF author:...

Nacos <1.4.1 - Authentication Bypass

This template only works on Nuclei engine prior to version 2.3.3 and version = 2.3.5. In Nacos before version 1.4.1, when configured to use authentication -Dnacos.core.auth.enabled=true Nacos uses the AuthFilter servlet filter to enforce authentication. This filter has a backdoor that enables Nac...

Alibaba Cloud Linux 3 : 0159: poppler (ALINUX3-SA-2026:0159)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0159 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-10118: A flaw was found in Poppler's Splas...

MAL-2026-5535 Malicious code in zer0onedate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 106494bfe4420962c30d8b3989a1397d197f277079c71b8d15695c9128d72399 On npm install, postinstall.js executes a chain of curl commands that read cloud instance metadata service IMDS endpoints — AWS...

Malicious code in zer0onedate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 106494bfe4420962c30d8b3989a1397d197f277079c71b8d15695c9128d72399 On npm install, postinstall.js executes a chain of curl commands that read cloud instance metadata service IMDS endpoints — AWS...

CVE-2026-33359

In Meari IoT Cloud alert image storage on Alibaba OSS latest observed; storage service version not disclosed, motion snapshots are retrievable without authentication, signed URLs, or expiry enforcement. URLs function as direct object references and remain valid beyond expected operational windows...

Exploit for Improper Input Validation in Alibaba Fastjson

Lab 6-CVE-2017-18349 I. SYSTEM ANALYSIS Attack S...

Alibaba Cloud Linux 3 : 0139: cloud-kernel bugfix, enhancement and (ALINUX3-SA-2026:0139)

"The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0139 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-54068: In the Linux kernel, the...

Alibaba Cloud Linux 3 : 0137: nginx (ALINUX3-SA-2026:0137)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0137 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-41741: NGINX Open Source before...

Alibaba Cloud Linux 3 : 0140: cloud-kernel bugfix, enhancement and (ALINUX3-SA-2026:0140)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0140 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-46333: In the Linux kernel, the following...

Alibaba Cloud Linux 3 : 0117: freeipmi (ALINUX3-SA-2026:0117)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0117 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-33554: ipmi-oem in FreeIPMI before 1.16.17...

Alibaba Cloud Linux 3 : 0119: dovecot (ALINUX3-SA-2026:0119)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0119 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-59032: ManageSieve AUTHENTICATE...

Alibaba Cloud Linux 3 : 0123: webkit2gtk3 (ALINUX3-SA-2026:0123)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0123 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-43213: The issue was addressed wi...

Alibaba Cloud Linux 3 : 0126: libcap (ALINUX3-SA-2026:0126)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0126 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-4878: A flaw was found in libcap. A local...

Alibaba Cloud Linux 3 : 0122: java-17-openjdk (ALINUX3-SA-2026:0122)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0122 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-22007: No description is availabl...

Alibaba Cloud Linux 3 : 0125: LibRaw (ALINUX3-SA-2026:0125)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0125 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-21413: A flaw was found in LibRaw...

Alibaba Cloud Linux 3 : 0131: rsync (ALINUX3-SA-2026:0131)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0131 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-41035: In rsync 3.0.1 through 3.4.1,...

Alibaba Cloud Linux 3 : 0127: PackageKit (ALINUX3-SA-2026:0127)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0127 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-41651: PackageKit is a a D-Bus abstraction...

Alibaba Cloud Linux 3 : 0133: glib2 (ALINUX3-SA-2026:0133)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0133 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-14087: A flaw was found in GLib...

Alibaba Cloud Linux 3 : 0135: resource-agents (ALINUX3-SA-2026:0135)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0135 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-30922: pyasn1 is a generic ASN.1 library f...