31014 matches found
Canon Devices - Authentication Bypass in Catwalk Server
Certain Canon devices manufactured in 2012 through 2020 such as imageRUNNER ADVANCE iR-ADV C5250, when Catwalk Server is enabled for HTTP access, allow remote attackers to modify an e-mail address setting, and thus cause the device to send sensitive information through e-mail to the attacker. For...
VelotiSmart Wifi - Directory Traversal
VelotiSmart WiFi B-380 camera devices allow directory traversal via the uc-http service 1.0.0, as demonstrated by /../../etc/passwd on TCP port 80. id: CVE-2018-14064 info: name: VelotiSmart Wifi - Directory Traversal author: 0xAkoko severity: critical description: VelotiSmart WiFi B-380 camera...
CVE-2026-15907
The vulnerability CVE-2026-15907 affects H3C SecPath F1000-C8300 devices (firmware up to 20260522). It targets an unknown function at /webui/?g=log_fw_nbc_mail_jsondata, where manipulation of the subject parameter can cause SQL injection. The attack is remote, with a published exploit; the vendor...
Important: Red Hat Security Advisory: Red Hat Edge Manager Version 1.1.3 Security Update
Red Hat Edge Manager Version 1.1.3 Security Update Red Hat Edge Manager RHEM provides simple, scalable, and security-focused management of edge devices and applications. It supports image-mode RHEL and container workloads that run on Podman/Docker or Kubernetes. RHEM is now available as a...
libinput security update
An update is available for libinput. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list libinput is a library that handles input devices for display servers and...
RLSA-2026:39296 Moderate: libinput security update
libinput is a library that handles input devices for display servers and other applications that need to directly deal with input devices. Security Fixes: libinput: local privilege escalation via crafted uinput devices CVE-2026-50292 For more details about the security issues, including the impac...
Malicious code in ssweb-wp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4cdc75de95852418c3d695299d52199b24e52202b2e5595089b3107a73c1e86b The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in @sauruslord/libsignal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0c2cf2672d98396a7b66cb732741d269732f5faae72293ea46e06b879e7a45b Package name impersonates Open Whisper Systems' libsignal-node but ships unrelated code. On require of index.js, after a 1-second delay, install.js...
Moderate: Red Hat Security Advisory: libinput security update
An update for libinput is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
CVE-2026-50310
Integer overflow or wraparound in Windows Devices Human Interface allows an authorized attacker to disclose information locally...
SUSE-SU-2026:2961-1 Security update for the Linux Kernel (Live Patch 39 for SUSE Linux Enterprise 15 SP5)
This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.163 fixes various security issues The following security issues were fixed: - CVE-2026-23393: bridge: cfm: Fix race condition in peermep deletion bsc1260524. - CVE-2026-31505: iavf: fix out-of-bounds writes in iavfgetethtoolstats...
Malicious code in @akshajrawat/plugin-repo-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 596ef9a9a6888c00110ee80e3633052ed89887a8465e9a5eaa824a81e5211e46 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-10554 Malicious code in @akshajrawat/plugin-repo-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 596ef9a9a6888c00110ee80e3633052ed89887a8465e9a5eaa824a81e5211e46 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
[SECURITY] Fedora 43 Update: golang-github-openprinting-ipp-usb-0.9.34-1.fc43
HTTP reverse proxy, backed by IPP-over-USB connection to device. It enables driverless support for USB devices capable of using IPP-over-USB protocol...
ALSA-2026:39296 Moderate: libinput security update
libinput is a library that handles input devices for display servers and other applications that need to directly deal with input devices. Security Fixes: libinput: local privilege escalation via crafted uinput devices CVE-2026-50292 For more details about the security issues, including the impac...
SUSE-SU-2026:2930-1 Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 15 SP7)
This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.3 fixes various security issues The following security issues were fixed: - CVE-2025-71089: iommu: disable SVA when CONFIGX86 is set bsc1256615. - CVE-2026-23393: bridge: cfm: Fix race condition in peermep deletion bsc1260524. -...
CVE-2026-4769
The affected product family is WAGO System I/O Field series devices. The CVE describes an undocumented internal diagnostic capability that activates during the initial startup sequence and remains accessible without authentication for a brief window in the early boot phase. During this window, an...
CVE-2026-4769 Unauthenticated Access to Internal Diagnostic Interface
Certain devices in the WAGO System I/O Field series activate an internal diagnostic capability during the initial startup sequence. This functionality is not formally documented and becomes accessible without authentication for a brief period in the early boot phase. During this window, an...
Malicious code in ishowfeet13 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20bca534c9132e075eb12129f9986f32127805ef4e81a801de877aaf3a9bda6e The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...
Malicious code in ishowfeet10 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4148b124e7ddd86ab1dd66865b0dad79d42d666a36a5e122f07e12b0d3029570 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...