JeeWMS 访问控制错误漏洞

JeeWMS is a JAVA-based warehouse management system developed by JeeWMS Corporation in China. There is an access control vulnerability in JeeWMS, which stems from issues with the handling of files in the /base-boot/actuator directory within the Boot Actuator Endpoint component. This vulnerability...

SecureAge CatchPulse 访问控制错误漏洞

SecureAge CatchPulse is a terminal security protection platform developed by SecureAge in Singapore, based on artificial intelligence and application white-list technology. Versions of SecureAge CatchPulse 10.9.1 and earlier contain an access control vulnerability. This vulnerability stems from...

deep-searcher 访问控制错误漏洞

Deep-Searcher is a private data search and intelligent question-answering tool developed by Zilliz, based on large models and VectorDB. Versions of Deep-Searcher 0.0.2 and earlier contain an access control vulnerability. This vulnerability stems from the operation of the CollectionRouter.invoke...

JeecgBoot 访问控制错误漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. JeecgBoot versions 3.9.2 and earlier contain an access control vulnerability. This vulnerability stems from the function queryPageList in the User List Endpoint component, which process...

FreeBSD : Gitlab -- vulnerabilities (9b94eb13-6159-11f1-be36-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 9b94eb13-6159-11f1-be36-2cf05da270f3 advisory. Gitlab reports: Improper Access Control issue in Duo AI workflow runners impacts GitLab EE...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, a large scale operation that has affected numerous packages across open source ecosystems. The malicio...

Embedded Malicious Code

Overview ppkt2synergy is a Python library for analyzing correlations and synergy in GA4GH Phenopacket cohorts. Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, ...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, a large scale operation that has affected numerous packages across open source ecosystems. The malicio...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, a large scale operation that has affected numerous packages across open source ecosystems. The malicio...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, a large scale operation that has affected numerous packages across open source ecosystems. The malicio...

CVE-2026-45746

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the File Manager functionality in Termix contains a critical Broken Access Control vulnerability due to improper validation of the sessionId parameter. The backend...

CVE-2026-21028

Improper access control in AuditLogService prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information...

CVE-2026-21030

Improper access control in MediaTek Audio HAL prior to SMR Jun-2026 Release 1 allows local attackers to trigger privileged functions...

CVE-2026-6274

Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline WR3200 allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Redline WR3200: from 7.1.3 before 7.1.8...

BIT-DJANGO-2026-8404 Potential exposure of private data via case-sensitive Cache-Control directives in UpdateCacheMiddleware

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not match Cache-Control response directives case-insensitively, which allows remote attackers to read responses that were incorrectly cached because their...

SUSE CVE-2025-40911

Net::CIDR::Set versions 0.10 through 0.13 for Perl does not properly handle leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses. Leading zeros are used to indicate octal numbers, which can confuse users who are...

SUSE CVE-2026-44393

An issue was discovered in OpenStack oslo.messaging 1.0.0 through 17.3.0. The oslo.messaging RabbitMQ driver does not perform TLS hostname verification when connecting to the message broker. When sslcafile is configured, the driver enables certificate chain validation but does not pass the expect...

CVE-2026-11302

An insufficient policy enforcement flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=504196549...

CVE-2026-11277

An insufficient policy enforcement flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=501839664...

CVE-2025-8873

On affected platforms running Arista EOS with IPsec configured, a specially crafted packet can cause the dataplane to stop processing all IPsec traffic. The control plane may detect this condition, and attempt to reset the IPsec processing pipeline. After reset traffic may not resume being...