Apache Camel 代码问题漏洞

Apache Camel is an open-source integration framework based on the Enterprise Integration Pattern EIP, developed by the Apache Foundation in the United States. This framework provides implementations of Java objects following the EIP pattern and allows routing and mediation rules to be configured...

Apache Camel 代码问题漏洞

Apache Camel is an open-source integration framework based on the Enterprise Integration Pattern EIP, developed by the Apache Foundation in the United States. This framework provides implementations of Java objects following the EIP pattern, and routing and mediation rules are configured through...

Toonflow 路径遍历漏洞

Toonflow is an AI short story production platform developed by HBAI-Ltd. Versions of Toonflow prior to 1.1.1 contained a path traversal vulnerability. This vulnerability stemmed from improper handling of the parameter url in the z.url function within the downloadApp.ts file in the downloadApp...

Auto Favicon MCP Server 代码问题漏洞

The Auto Favicon MCP Server is a tool developed by Yuey, a personal developer, for automatically generating website icons. The Auto Favicon MCP Server f189116a9259950c2393f114dbcb94dde0ad864b and previous versions have code vulnerabilities. These vulnerabilities stem from improper handling of the...

CVE-2026-30351

A path traversal vulnerability in the UI/static component of leonvanzyl autocoder commit 79d02a allows attackers to read arbitrary files via sending crafted URL path containing traversal sequences...

Tenda F456 缓冲区错误漏洞

The Tenda F456 is a wireless router produced by the Chinese company Tenda. Version 1.0.0.5 of the Tenda F456 contains a buffer error vulnerability. This vulnerability stems from a buffer overflow in the fromWrlclientSet function within the httpd component or goform/WrlclientSet file, which could...

PT-2026-35347

A vulnerability was detected in Tenda F456 1.0.0.5. Affected is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. Performing a manipulation of the argument dips results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now...

PT-2026-35404

Flaws in page lifecycle management allow document structure changes to desynchronize internal component states, causing subsequent operations to access invalidated objects and crash the program...

simple-openstack-mcp 命令注入漏洞

simple-openstack-mcp is an OpenStack command execution tool based on MCP developed by choieastsea. simple-openstack-mcp has a command injection vulnerability, which stems from the execopenstack function in the server.py file. This vulnerability may lead to OS command injections...

CVE-2026-30351

A path traversal vulnerability in the UI/static component of leonvanzyl autocoder commit 79d02a allows attackers to read arbitrary files via sending crafted URL path containing traversal sequences...

Tenda F456 缓冲区错误漏洞

The Tenda F456 is a wireless router produced by the Chinese company Tenda. Version 1.0.0.5 of the Tenda F456 contains a buffer overflow vulnerability. This vulnerability stems from the operation of the goform/AdvSetWan function in the httpd component, specifically the parameter wanmode. This coul...

PT-2026-35555

OpenClaw versions 2026.2.14 through 2026.3.24 fail to consistently apply guild and channel policy gates to Discord button and component interactions. Attackers can trigger privileged component actions from blocked contexts by bypassing channel policy enforcement...

java-21-openjdk security update

1:21.0.11.0.10-1.0.1 - Add Oracle vendor bug URL Orabug: 34340155 1:21.0.11.0.10-1 - Update to jdk-21.0.11+10 GA - Update release notes to 21.0.11+10 - Update FIPS patch to feef2dc3ca7 version synced with 21.0.11+9 and adapted to JDK-8244336 - Bump freetype version to 2.14.2 following JDK-8373290...

Tenda F456 缓冲区错误漏洞

The Tenda F456 is a wireless router produced by the Chinese company Tenda. Version 1.0.0.5 of the Tenda F456 contains a buffer error vulnerability. This vulnerability stems from the operation of the parameter “page” in the goform/SetIpBind function within the httpd component, which may lead to a...

CVE-2026-30351

CVE-2026-30351 describes a path traversal vulnerability in the UI/static component of the LeonVanzyl Autocoder project, specifically at commit 79d02a. An attacker can read arbitrary files by sending crafted URL paths that include traversal sequences. The NVD entry lists a CVSS v3.1 base score of ...

ALSA-2026:10767 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS CVE-2026-6772 firefox: thunderbird: Use-after-free in the JavaScript Engine compone...

ALSA-2026:10766 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS CVE-2026-6772 firefox: thunderbird: Use-after-free in the JavaScript Engine compone...

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS CVE-2026-6772 firefox: thunderbird: Use-after-free in the JavaScript Engine compone...

Linux Distros Unpatched Vulnerability : CVE-2026-31647

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - idpf: fix PREEMPTRT raw/bh spinlock nesting for async VC handling Switch from using the completion's raw spinlock to a local lock in the idpfvcxn struct. The...

EUVD-2026-25739

A vulnerability was identified in D-Link DIR-825 3.00b32. This affects the function NMBDprocess of the file sserver.c of the component nmbd. Such manipulation leads to buffer overflow. The attack can only be initiated within the local network. The exploit is publicly available and might be used...