CVE-2026-33814 affecting package containerized-data-importer for versions less than 1.62.0-6

CVE-2026-33814 affecting package containerized-data-importer for versions less than 1.62.0-6. A patched version of the package is available...

OwnCloud - Phpinfo Configuration

An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment phpinfo. This information...

CVE-2026-25680 affecting package containerized-data-importer for versions less than 1.62.0-5

CVE-2026-25680 affecting package containerized-data-importer for versions less than 1.62.0-5. A patched version of the package is available...

CVE-2026-27136 affecting package containerized-data-importer for versions less than 1.62.0-5

CVE-2026-27136 affecting package containerized-data-importer for versions less than 1.62.0-5. A patched version of the package is available...

CVE-2026-25681 affecting package containerized-data-importer for versions less than 1.62.0-5

CVE-2026-25681 affecting package containerized-data-importer for versions less than 1.62.0-5. A patched version of the package is available...

CVE-2026-39821 affecting package containerized-data-importer for versions less than 1.62.0-5

CVE-2026-39821 affecting package containerized-data-importer for versions less than 1.62.0-5. A patched version of the package is available...

CVE-2026-42502 affecting package containerized-data-importer for versions less than 1.62.0-5

CVE-2026-42502 affecting package containerized-data-importer for versions less than 1.62.0-5. A patched version of the package is available...

CVE-2026-42506 affecting package containerized-data-importer for versions less than 1.62.0-5

CVE-2026-42506 affecting package containerized-data-importer for versions less than 1.62.0-5. A patched version of the package is available...

CVE-2026-35469 affecting package containerized-data-importer for versions less than 1.62.0-4

CVE-2026-35469 affecting package containerized-data-importer for versions less than 1.62.0-4. A patched version of the package is available...

CVE-2026-32288 affecting package containerized-data-importer for versions less than 1.62.0-3

CVE-2026-32288 affecting package containerized-data-importer for versions less than 1.62.0-3. A patched version of the package is available...

Medium: cifs-utils

Issue Overview: A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host's Kerberos credentia...

CVE-2026-41268

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise is vulnerable to a critical unauthenticated remote command execution RCE vulnerability. It can be exploited via a parameter override bypass using the FILE-STORAGE:: keyword combined wi...

aws-mcp-server 操作系统命令注入漏洞

aws-mcp-server is a lightweight service developed by Alexei Ledenev. It enables AI assistants to execute AWS CLI commands through the Model Context Protocol MCP in a secure, containerized environment. aws-mcp-server has an operating system command injection vulnerability, which stems from...

CVE-2026-32747

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the globalCopyFiles API eads source files using filepath.Abs with no workspace boundary check, relying solely on util.IsSensitivePath whose blocklist omits /proc/, /run/secrets/, and home directory dotfiles. An admin c...

CVE-2026-33046

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.12, due to vulnerabilities in TeXLive and obscure LaTeX syntax that allowed circumventing Indico's LaTeX sanitizer, it is possible to use specially-crafted LaT...

CVE-2026-33046

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.12, due to vulnerabilities in TeXLive and obscure LaTeX syntax that allowed circumventing Indico's LaTeX sanitizer, it is possible to use specially-crafted LaT...

CVE-2026-33046 Indico discloses local files resulting in Remote Code Execution through LaTeX injection

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.12, due to vulnerabilities in TeXLive and obscure LaTeX syntax that allowed circumventing Indico's LaTeX sanitizer, it is possible to use specially-crafted LaT...

CVE-2026-33046

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.12, due to vulnerabilities in TeXLive and obscure LaTeX syntax that allowed circumventing Indico's LaTeX sanitizer, it is possible to use specially-crafted LaT...

CVE-2026-33046 Indico discloses local files resulting in Remote Code Execution through LaTeX injection

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.12, due to vulnerabilities in TeXLive and obscure LaTeX syntax that allowed circumventing Indico's LaTeX sanitizer, it is possible to use specially-crafted LaT...

CVE-2026-33046

Indico has a remote code execution vulnerability via server-side LaTeX rendering. Exploitation occurs through specially crafted LaTeX that bypasses the LaTeX sanitizer, enabling local file reads or code execution with the Indico server user privileges when XELATEX_PATH is set. Patches recommend u...