CVE-2026-37526

CVE-2026-37526 affects AGL app-framework-binder (afb-daemon) up to v19.90.0. The issue arises in the abstract Unix socket @urn:AGL:afs:supervision:socket where the function on_supervision_call dispatches eight supervision commands (Exit, Do, Sclose, Config, Trace, Debug, Token, slist) without any...

CVE-2026-30778

The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL. This issue affects Apache SkyWalking: from 9.7.0 through 10.3.0. Users are recommended to upgrade to version 10.4.0, which fixes the issue...

CVE-2025-61666 Traccar Unauthenticated Local File Inclusion on Windows - Leakage of Traccar Config File

Traccar is an open source GPS tracking system. Default installs of Traccar on Windows between versions 6.1- 6.8.1 and non default installs between versions 5.8 - 6.0 are vulnerable to unauthenticated local file inclusion attacks which can lead to leakage of passwords or any file on the file syste...

CVE-2025-61666

CVE-2025-61666 covers a Local File Inclusion in Traccar, an open source GPS tracking system. Affects Windows installations: versions 6.1–6.8.1 with default configuration are vulnerable due to the web override being enabled by default; versions 5.8–6.0 are vulnerable only if the configuration cont...

CVE-2025-61666 Traccar Unauthenticated Local File Inclusion on Windows - Leakage of Traccar Config File

Traccar is an open source GPS tracking system. Default installs of Traccar on Windows between versions 6.1- 6.8.1 and non default installs between versions 5.8 - 6.0 are vulnerable to unauthenticated local file inclusion attacks which can lead to leakage of passwords or any file on the file syste...

Linux Distros Unpatched Vulnerability : CVE-2024-45305

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gix-path is a crate of the gitoxide project dealing with git paths and their conversions. gix-path executes git to find the path of a configuration file that...

CVE-2025-27920

Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, attackers could access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access...

GHSA-F553-J2GV-G5R9 Apache Solr Kerberos delegation token functionality flaws

Apache Solr's Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an end-user or another application. There are two issues with this functionality when using SecurityAwareZkACLProvider type of ACL provider e.g. SaslZkACLProvider...

PT-2020-20210 · Linux Foundation +2 · Kubernetes +1

Name of the Vulnerable Software and Affected Versions: Kubernetes versions prior to 1.19.3 Kubernetes versions prior to 1.18.10 Kubernetes versions prior to 1.17.13 Description: The issue arises when a Kubernetes cluster uses a logging level of at least 4 and encounters a malformed docker config...

CVE-2020-2198

Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redact encrypted secrets in the 'getConfigAsXML' API URL when transmitting job config.xml data to users without Job/Configure...