CVE-2026-21862

RustFS is a distributed object storage system built in Rust. Prior to version alpha.78, IP-based access control can be bypassed: getconditionvalues trusts client-supplied X-Forwarded-For/X-Real-Ip without verifying a trusted proxy, so any reachable client can spoof aws:SourceIp and satisfy...

CVE-2026-24762 RustFS Logs Sensitive Credentials in Plaintext

RustFS is a distributed object storage system built in Rust. From versions alpha.13 to alpha.81, RustFS logs sensitive credential material access key, secret key, session token to application logs at INFO level. This results in credentials being recorded in plaintext in log output, which may be...

EUVD-2026-5219

RustFS is a distributed object storage system built in Rust. Prior to version alpha.78, IP-based access control can be bypassed: getconditionvalues trusts client-supplied X-Forwarded-For/X-Real-Ip without verifying a trusted proxy, so any reachable client can spoof aws:SourceIp and satisfy...

CVE-2026-21862 RustFS sourceIp bypass via spoofed X-Forwarded-For/Real-IP headers

RustFS is a distributed object storage system built in Rust. Prior to version alpha.78, IP-based access control can be bypassed: getconditionvalues trusts client-supplied X-Forwarded-For/X-Real-Ip without verifying a trusted proxy, so any reachable client can spoof aws:SourceIp and satisfy...

CVE-2026-21862

RustFS is a distributed object storage system built in Rust. Prior to version alpha.78, IP-based access control can be bypassed: getconditionvalues trusts client-supplied X-Forwarded-For/X-Real-Ip without verifying a trusted proxy, so any reachable client can spoof aws:SourceIp and satisfy...

CVE-2025-57396

Tandoor Recipes 2.0.0-alpha-1, fixed in 2.0.0-alpha-2, is vulnerable to privilege escalation. This is due to the rework of the API, which resulted in the User Profile API Endpoint containing two boolean values indicating whether a user is staff or administrative. Consequently, any user can escala...

CVE-2025-57396

Tandoor Recipes 2.0.0-alpha-1, fixed in 2.0.0-alpha-2, is vulnerable to privilege escalation. This is due to the rework of the API, which resulted in the User Profile API Endpoint containing two boolean values indicating whether a user is staff or administrative. Consequently, any user can escala...

CVE-2025-57396

CVE-2025-57396 affects Tandoor Recipes 2.0.0-alpha-1. The vulnerability arises from the User Profile API Endpoint, which contains two boolean values indicating whether a user is staff or administrative. This misconfiguration allows any user to escalate privileges to the highest level. The issue i...

hickory-server (=0.25.0-alpha.1) potentially affected by unknown CVE via hickory-proto (=0.25.0-alpha.1)

hickory-proto CARGO version =0.25.0-alpha.1 is affected by a known vulnerability. The following packages have a transitive dependency on hickory-proto and may be impacted: - hickory-server =0.25.0-alpha.1 Source cves: unknown CVE Source advisory: OSV:GHSA-V7PC-74H8-XQ2H...

Apache Hive 代码注入漏洞

Apache Hive is a set of data warehouse software based on Hadoop Distributed Systems Infrastructure from the Apache Apache Foundation in the United States. The software provides a data integration approach and a high-level query language to support large-scale data analysis on Hadoop. A code...

CVE-2024-28867

Swift Prometheus is a Swift client for the Prometheus monitoring system, supporting counters, gauges and histograms. In code which applies un-sanitized string values into metric names or labels, an attacker could make use of this and send a ?lang query parameter containing newlines, or similar...

CVE-2023-36123

Directory Traversal vulnerability in Hex-Dragon Plain Craft Launcher 2 version Alpha 1.3.9, allows local attackers to execute arbitrary code and gain sensitive information...

MindSpore 缓冲区错误漏洞

MindSpore is a new open source deep learning training/inference framework open-sourced by MindSpore. It can be used in mobile, edge and cloud scenarios. A buffer error vulnerability exists in MindSpore version 2.0.0-alpha, 2.0.0-rc1. An attacker exploited the vulnerability to cause memory...

cn.dreampie:resty-server (=1.3.0.RELEASE), com.github.chrisdchristo:pipe (=1.0.0) +31 more potentially affected by CVE-2017-12165 via io.undertow:undertow-core (=2.0.0.Alpha1)

io.undertow:undertow-core MAVEN version =2.0.0.Alpha1 is affected by a known vulnerability. The following packages have a transitive dependency on io.undertow:undertow-core and may be impacted: - cn.dreampie:resty-server =1.3.0.RELEASE - com.github.chrisdchristo:pipe =1.0.0 -...

Virtuozzo Hybrid Server 9 Alpha

The purpose of Virtuozzo Hybrid Server 9 alpha is to demonstrate the work in progress. The alpha version offers a few new features and supports creating virtual machines and containers with a limited number of guest operating systems...

CVE-2021-40532

Telegram Web K Alpha before 0.7.2 mishandles the characters in a document extension...

UBUNTU-CVE-2021-3421

A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This...

WordPress Pushes Out Multiple Flawed Security Updates

The day after WordPress pushed out a critical 5.5.2 security update, patching a remote code execution bug and nine additional flaws, it was forced push out a second update and then a third 5.5.3 update. The hiccup is tied to the WordPress auto-update feature that accidentally started sending 455...

osu!downloader (alpha version) - Dynamic Code Loading, External URLs, Native code usage vulnerabilities

HackApp vulnerability scanner discovered that application osu!downloader alpha version published at the 'play' market has multiple vulnerabilities...

Machine Learning Linux IPS: Stratosphere

This is the linux version of the Stratosphere IPS, a behavioral-based intrusion detection and prevention system that uses machine learning algorithms to detect malicious behaviors. It is part of a larger suite of programs that include the Stratosphere Windows IPS and the Stratosphere Testing...