52177 matches found
[SECURITY] Fedora 43 Update: mysql8.4-8.4.9-1.fc43
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...
CVE-2026-45784 vulnerabilities
Vulnerabilities for packages: rustls-openssl-client, sqlx, vector, guestproxyagent, typst, sdp-k8s-injector, sentry-cli, rustup, komodo, valkey-ldap, sccache, rpm-sequoia, deno, ztunnel-fips, bootc...
GHSA-PHQJ-4MHP-Q6MQ vulnerabilities
Vulnerabilities for packages: rustls-openssl-client, sqlx, vector, guestproxyagent, typst, sdp-k8s-injector, sentry-cli, rustup, komodo, valkey-ldap, sccache, rpm-sequoia, deno, ztunnel-fips, bootc...
[SECURITY] Fedora 44 Update: mysql8.0-8.0.46-1.fc44
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...
A First Measurement Study on Authentication Security in Real-World Remote MCP Servers
The Model Context Protocol MCP is emerging as a common interface connecting large language models LLMs with external services. Remote deployments are becoming increasingly important as agents connect to user-linked online services, such as social, productivity, and financial services. In such...
PT-2026-42590
Overview - Vulnerability type: Blind SSRF - Affected components: src/crawlee/ utils/sitemap.py, src/crawlee/ utils/robots.py, src/crawlee/request loaders/ sitemap request loader.py, and all built-in HTTP clients. - Trigger: an attacker-controlled sitemap or robots.txt containing a URL that points...
F5 Networks BIG-IP : BIG-IP DTLS vulnerability (K000160901)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4 / 21.0.0.1. It is, therefore, affected by a vulnerability as referenced in the K000160901 advisory. When a Client SSL profile is configured with Allow Dynamic Record Sizing on a UDP virtual server,...
PT-2026-42670
Name of the Vulnerable Software and Affected Versions Nimiq versions prior to 1.4.0 Description A denial-of-service issue exists in the Ed25519 multisig delinearization code path. The function Ed25519PublicKey::delinearize in keys/src/multisig/mod.rs uses .unwrap during curve point decompression,...
CVE-2026-9139
Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration interface where authentication is implemented entirely in client-side JavaScript in login.zhtml, exposing static plaintext credentials in the page source...
CVE-2026-9136
A vulnerability was identified in the ShadowAttribute proposal creation workflow. The add action accepted user-controlled ShadowAttribute request data without removing the id field before saving the record. Because the underlying framework treats a supplied primary key as an instruction to update...
CVE-2026-2813
ArcGIS Server contains an input validation weakness in the login redirection workflow. An Authenticated attacker could exploit this issue by sending a specially crafted request, Successful exploitation may result in the application redirecting the browser to an unintended, untrusted site, resulti...
freerdp: FreeRDP: Denial of Service via endless blocking loop in Stream_EnsureCapacity
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. The StreamEnsureCapacity function can create an endless blocking loop, leading to a Denial of Service DoS. This vulnerability can be exploited on 32-bit systems where the available physical memory is greater than o...
CVE-2026-9139
Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration interface where authentication is implemented entirely in client-side JavaScript in login.zhtml, exposing static plaintext credentials in the page source...
CVE-2026-9139
The CVE-2026-9139 entry covers Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8, where the embedded web configuration interface authenticates purely via client-side JavaScript in login.zhtml, exposing static plaintext credentials within the page source. Unauthenticated attackers with network ...
CVE-2026-9139 Taiko AG1000-01A Rev 7.3/8 Hard-coded Credentials via login.zhtml
Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration interface where authentication is implemented entirely in client-side JavaScript in login.zhtml, exposing static plaintext credentials in the page source...
CVE-2026-9139 Taiko AG1000-01A Rev 7.3/8 Hard-coded Credentials via login.zhtml
Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration interface where authentication is implemented entirely in client-side JavaScript in login.zhtml, exposing static plaintext credentials in the page source...
EUVD-2026-31179
Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration interface where authentication is implemented entirely in client-side JavaScript in login.zhtml, exposing static plaintext credentials in the page source...
GO-2026-4963 openvpn-auth-oauth2 returns FUNC_SUCCESS on client-deny, allowing unauthenticated VPN access in github.com/jkroepke/openvpn-auth-oauth2
openvpn-auth-oauth2 returns FUNCSUCCESS on client-deny, allowing unauthenticated VPN access in github.com/jkroepke/openvpn-auth-oauth2...
CVE-2026-9136 Unauthorized ShadowAttribute modification in MISP via client-supplied identifier
A vulnerability was identified in the ShadowAttribute proposal creation workflow. The add action accepted user-controlled ShadowAttribute request data without removing the id field before saving the record. Because the underlying framework treats a supplied primary key as an instruction to update...
CVE-2026-9136
CVE-2026-9136 affects the ShadowAttribute proposal creation workflow in MISP. An add action accepted client-supplied ShadowAttribute data without stripping the id field, allowing an authenticated user to supply the identifier of an existing ShadowAttribute and cause an update instead of creating ...