219834 matches found
GHSA-9F6M-65V9-X9G2 MindsDB has an Improper Access Control Issue
A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byomhandler/procwrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit ha...
MindsDB has an Improper Access Control Issue
A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byomhandler/procwrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit ha...
CVE-2026-6948
Velociraptor versions prior to 0.76.4 contain a resource exhaustion vulnerability in the server's agent control channel. This allows a compromised or rogue Velociraptor client to crash the server via out-of-memory OOM by sending crafted messages through the normal client communication channel...
Malicious code in @w3m-app/is_connected (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 793804fbeaedf1325065aa857a03e0aba4bacd06b686728efeeb4a406f2e2668 The package @w3m-app/isconnected was found to contain malicious code. Source: ghsa-malware...
Malicious code in @bcs-bank-react-ui/swiper-slider (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ecc6cabd59042f5fc22327d81efedc2ed1926f8f9457d124906fde72fbf65d46 The package @bcs-bank-react-ui/swiper-slider was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3268 Malicious code in @bcs-mi/store (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32fb1f804a47c0e11e62bab82cc978af199c0517a91965fb2bfd34f226237d34 The package @bcs-mi/store was found to contain malicious code. Source: ghsa-malware cc97afe6281e170826ea8ad4c189a9d5bb874fe69ca97da0e2bbdf327e33ba91...
GeoVision GV-IP Device Utility 安全漏洞
The GeoVision GV-IP Device Utility is a network configuration tool developed by the Chinese company GeoVision, designed for discovering and managing IP monitoring devices. Version 9.0.5 of the GeoVision GV-IP Device Utility contains a security vulnerability. This vulnerability stems from...
PT-2026-36844
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Memory corruption occurs when another driver calls an IOCTL Input/Output Control, which is a device driver communication mechanism, using an invalid input or...
FunAdmin 访问控制错误漏洞
FunAdmin is an open-source backend development system developed using ThinkPHP6 and Layui. Versions of FunAdmin 7.1.0-rc6 and earlier contain an access control vulnerability. This vulnerability stems from the UploadService::chunkUpload function in the Frontend Chunked Upload Endpoint, where the...
Nginx UI 访问控制错误漏洞
Nginx UI is a web interface for Nginx developed by Jacky. Version 2.3.5 of Nginx UI contains an access control vulnerability, which stems from unauthenticated privilege escalation during the initial installation process via the POST /api/install endpoint...
MindsDB 访问控制错误漏洞
MindsDB is a joint query engine developed by MindsDB Corporation, designed specifically for AI agents and large language models. It can handle questions related to PB-level enterprise data. MindsDB versions 26.01 and earlier contained a access control vulnerability. This vulnerability stemmed fro...
PT-2026-36841
Memory corruption when processing camera sensor input/output control codes with invalid output buffers...
PT-2026-36842
Information Disclosure while processing IOCTL handler callbacks without verifying buffer size...
Rdiffweb 访问控制错误漏洞
Rdiffweb is a web application personally developed by Patrik Dufresne from the United States. It allows for quick access to your files through an efficient web interface. Versions of Rdiffweb prior to 2.10.5 contained a security vulnerability related to access control. This vulnerability stemmed...
Code-Projects BloodBank Managing System 访问控制错误漏洞
The Code-Projects BloodBank Managing System is an open-source blood bank management system developed by Code-Projects. Version 1.0 of the code-projects BloodBank Managing System contains a vulnerability related to access control. This vulnerability stems from an unlimited upload function in the...
Qualcomm Chipsets 安全漏洞
Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporated in the United States. There are security vulnerabilities in Qualcomm Chipsets, and these vulnerabilities stem from the lack of verification of buffer size when processing IOCTL handler callbacks, which may lead to...
ALSA-2026:13565 Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel: Denial of Service in libceph OSD client due to unreset sparse-read state CVE-2026-23136 kernel: Linux kernel: Use-after-free in traffic control actct may lead to denial of...
Qualcomm Chipsets 安全漏洞
Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporation. There is a security vulnerability in Qualcomm Chipsets, which stems from processing IOCTL commands when the device is in power-saving mode, resulting in memory corruption...
PT-2026-36884
Name of the Vulnerable Software and Affected Versions titra version 0.99.52 Description The globalsettings Meteor publication returns all global settings without performing administrative or role-based access checks. This allows any authenticated user to subscribe via DDP Distributed Data Protoco...
ALSA-2026:13566 Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel: Use-after-free in traffic control actct may lead to denial of service or privilege escalation CVE-2026-23270 kernel: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache...