CVE-2026-40495

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 leak the exact system version through asset cache buster parameters in HTML output, bypassing the hideversionpublic security setting. The FOSSBilling version is embedded in the query string of every...

CVE-2026-45299 Open WebUI: Stored Cross-Site Scripting In Profile Picture

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, the profileimageurl field on the user profile update form accepted arbitrary data: URI values without MIME-type validation, resulting in a XSS vulnerability. This vulnerability is...

CVE-2026-6849

Improper neutralization of special elements used in an OS command 'OS command injection' vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus OS My Computer allows OS Command Injection. This issue affects Pardus OS My Computer: from =0.7.5 before 0.8.0...

CVE-2026-5140

Improper neutralization of CRLF sequences 'CRLF injection' vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Update allows Authentication Bypass. This issue affects Pardus Update: from 0.6.3 before 0.6.4...

CVE-2026-5140

Improper neutralization of CRLF sequences 'CRLF injection' vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Update allows Authentication Bypass. This issue affects Pardus Update: from 0.6.3 before 0.6.4...

CVE-2026-5140

CVE-2026-5140 is a CRLF injection vulnerability in Pardus (TUBITAK BILGEM Software Technologies Research Institute). Affected: Pardus

CVE-2026-5140 Authorization Bypass in TUBITAK BILGEM's Pardus Update

Improper neutralization of CRLF sequences 'CRLF injection' vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Update allows Authentication Bypass. This issue affects Pardus Update: from 0.6.3 before 0.6.4...

TÜBİTAK BİLGEM Pardus OS My Computer 操作系统命令注入漏洞

TÜBİTAK BİLGEM Pardus OS My Computer is a desktop component provided by the Turkish company TÜBİTAK BİLGEM, which offers functions for viewing system hardware and resource information. Versions of TÜBİTAK BİLGEM Pardus OS My Computer prior to version 0.8.0, as well as versions 0.7.5 and earlier,...

PT-2026-35938

Improper neutralization of special elements used in an OS command 'OS command injection' vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus OS My Computer allows OS Command Injection. This issue affects Pardus OS My Computer: from =0.7.5 before 0.8.0...

PT-2026-4315

Name of the Vulnerable Software and Affected Versions container versions prior to 0.8.0 containerization versions prior to 0.21.0 Description The ArchiveReader.extractContents function, utilized by cctl image load and container image load, lacks proper pathname validation during archive extractio...

Linux Distros Unpatched Vulnerability : CVE-2019-20631

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid pointer dereference in gflistcount in utils/list.c...

vLLM 安全漏洞

vLLM is a high throughput and memory efficient inference and service engine for LLM from the vLLM open source. A security vulnerability exists in vLLM versions prior to 0.8.0 through 0.9.0, which stems from the use of an invalid jsonschema call to the /v1/completions API that could cause the serv...

Stalwart Mail Server 安全漏洞

Stalwart Mail Server is an all-in-one mail server from Stalwart Labs. A security vulnerability exists in Stalwart Mail Server versions prior to 0.8.0 that originates from a vulnerability that allows an attacker to gain full root access to the system...

PT-2024-26367 · Unknown · Stalwart Mail Server

Name of the Vulnerable Software and Affected Versions: Stalwart Mail Server versions prior to 0.8.0 Description: The issue affects Stalwart Mail Server, an open-source mail server, where attackers who achieved Arbitrary Code Execution as the stalwart-mail user, including web interface admins, can...

CVE-2024-35179 Unprivileged Stalwart Mail Server user can read files as root

Stalwart Mail Server is an open-source mail server. Prior to version 0.8.0, when using RUNASUSER, the specified user and therefore, web interface admins can read arbitrary files as root. This issue affects admins who have set up to run stalwart with RUNASUSER who handed out admin credentials to t...

Hoppscotch 安全漏洞

Hoppscotch is an open source Api development ecosystem. A security vulnerability exists in Hoppscotch versions prior to 0.8.0. An attacker exploited the vulnerability to cause the code to crash...

yyjson Security Vulnerabilities

yyjson is a JSON library by ibireme individual developers. A security vulnerability exists in yyjson 0.8.0 and earlier versions, which stems from a lack of loop checking in the poolfree function, resulting in a remote code execution vulnerability...

SUSE CVE-2015-8012

lldpd before 0.8.0 allows remote attackers to cause a denial of service assertion failure and daemon crash via a malformed packet...

DEBIAN-CVE-2021-38441

Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML parser...

UBUNTU-CVE-2021-38443

Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid structures, which may allow an attacker to write arbitrary values in the XML parser...