Linux Distros Unpatched Vulnerability : CVE-2026-23394

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - afunix: Give up GC if MSGPEEK intervened. Igor Ushakov reported that GC purged the receive queue of an alive socket due to a race with MSGPEEK with a nice repro...

Kiteworks Secure Data Forms 安全漏洞

Kiteworks Secure Data Forms is a data interaction tool provided by the American company Kiteworks. It offers capabilities for secure data collection and form submission management. Versions of Kiteworks Secure Data Forms prior to 9.2.1 contained security vulnerabilities. These vulnerabilities wer...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a competition between garbage collection and the MSGPEEK operation, potentially leading to...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of separation between the stages of garbage collection for pipapo collection...

CVE-2026-33538

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.58 and 9.6.0-alpha.52, an unauthenticated attacker can cause denial of service by sending authentication requests with arbitrary, unconfigured provider names. The server...

Parse Server: Denial of Service via unindexed database query for unconfigured auth providers

Impact An unauthenticated attacker can cause Denial of Service by sending authentication requests with arbitrary, unconfigured provider names. The server executes a database query for each unconfigured provider before rejecting the request, and since no database index exists for unconfigured...

CVE-2026-33538

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.58 and 9.6.0-alpha.52, an unauthenticated attacker can cause denial of service by sending authentication requests with arbitrary, unconfigured provider names. The server...

DSpace 9.2 REST API Automated Document Discovery and Download

This is a framework for collecting data from DSpace systems. Built using Selenium, it is designed to automatically discover and download documents from web repositories and public portals...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that the nftables mechanism does not traverse all pending catchall elements. This could...

@dicebear/collection (>=8.0.0 <=8.0.2), dicebear (>=8.0.0 <=8.0.2) potentially affected by CVE-2026-33311 via @dicebear/initials (>=8.0.0 <=8.0.2)

@dicebear/initials NPM version =8.0.0, =8.0.0, =8.0.0, =8.0.2 Source cves: CVE-2026-33311 Source advisory: SNYK:JS-DICEBEARINITIALS-15746953...

@dicebear/collection (>=8.0.0 <=8.0.2), dicebear (>=8.0.0 <=8.0.2) potentially affected by CVE-2026-33311 via @dicebear/initials (>=8.0.0 <=8.0.2)

@dicebear/initials NPM version =8.0.0, =8.0.0, =8.0.0, =8.0.2 Source cves: CVE-2026-33311 Source advisory: OSV:GHSA-MR9R-MWW3-V6GV...

@dicebear/collection (>=6.0.0 <=6.1.3), dicebear (>=6.0.0 <=6.1.3) potentially affected by CVE-2026-33311 via @dicebear/initials (>=6.0.0 <=6.1.3)

@dicebear/initials NPM version =6.0.0, =6.0.0, =6.0.0, =6.1.3 Source cves: CVE-2026-33311 Source advisory: SNYK:JS-DICEBEARINITIALS-15746953...

@dicebear/collection (>=6.0.0 <=6.1.3), dicebear (>=6.0.0 <=6.1.3) potentially affected by CVE-2026-33311 via @dicebear/initials (>=6.0.0 <=6.1.3)

@dicebear/initials NPM version =6.0.0, =6.0.0, =6.0.0, =6.1.3 Source cves: CVE-2026-33311 Source advisory: OSV:GHSA-MR9R-MWW3-V6GV...

@dicebear/collection (>=5.0.6 <=5.4.3), dicebear (>=5.0.6 <=5.4.3) potentially affected by CVE-2026-33311 via @dicebear/initials (>=5.0.6 <=5.4.3)

@dicebear/initials NPM version =5.0.6, =5.0.6, =5.0.6, =5.4.3 Source cves: CVE-2026-33311 Source advisory: SNYK:JS-DICEBEARINITIALS-15746953...

@dicebear/collection (>=9.0.0 <=9.4.0), @fduenascoink/ui-sdk (>=18.0.0 <=18.0.4) +1 more potentially affected by CVE-2026-33311 via @dicebear/initials (>=9.0.0 <=9.4.0)

@dicebear/initials NPM version =9.0.0, =9.0.0, =18.0.0, =9.0.0, =9.4.0 Source cves: CVE-2026-33311 Source advisory: OSV:GHSA-MR9R-MWW3-V6GV...

@dicebear/collection (>=9.0.0 <=9.4.0), @fduenascoink/ui-sdk (>=18.0.0 <=18.0.4) +1 more potentially affected by CVE-2026-33311 via @dicebear/initials (>=9.0.0 <=9.4.0)

@dicebear/initials NPM version =9.0.0, =9.0.0, =18.0.0, =9.0.0, =9.4.0 Source cves: CVE-2026-33311 Source advisory: SNYK:JS-DICEBEARINITIALS-15746953...

@dicebear/collection (>=5.0.6 <=5.4.3), dicebear (>=5.0.6 <=5.4.3) potentially affected by CVE-2026-33311 via @dicebear/initials (>=5.0.6 <=5.4.3)

@dicebear/initials NPM version =5.0.6, =5.0.6, =5.0.6, =5.4.3 Source cves: CVE-2026-33311 Source advisory: OSV:GHSA-MR9R-MWW3-V6GV...

@dicebear/collection (>=7.0.0 <=7.1.3), dicebear (>=7.0.0 <=7.1.3) potentially affected by CVE-2026-33311 via @dicebear/initials (>=7.0.0 <=7.1.3)

@dicebear/initials NPM version =7.0.0, =7.0.0, =7.0.0, =7.1.3 Source cves: CVE-2026-33311 Source advisory: SNYK:JS-DICEBEARINITIALS-15746953...

CVE-2025-55040

The import form CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to upload and install malicious form definitions through a CSRF attack. The vulnerable cForm.importform function lacks CSRF token validation, enabling malicious websites to forge file upload requests that install...

CVE-2026-28499

LeafKit is a templating language with Swift-inspired syntax. Prior to version 1.14.2, HTML escaping doesn't work correctly when a template prints a collection Array / Dictionary via value. This can result in XSS, allowing potentially untrusted input to be rendered unescaped. Version 1.14.2 fixes...