CVE-2026-45736 ws: Uninitialized memory disclosure

ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close implementation is vulnerable to uninitialized memory disclosure when a TypedArray is passed as the reason argument. This vulnerability is fixed in 8.20.1...

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: curl: curl-8.20.0-0.1.hum1 aarch64, x8664 libcurl-8.20.0-0.1.hum1 aarch64, x8664 libcurl-devel-8.20.0-0.1.hum1 aarch64, x8664 libcurl-minimal-8.20.0-0.1.hum1 aarch64, x8664 curl-8.20.0-0.1.hum1.s...

CVE-2026-25859

Wekan versions prior to 8.20 allow non-administrative users to access migration functionality due to insufficient permission checks, potentially resulting in unauthorized migration operations...

CVE-2026-2206

A security flaw has been discovered in WeKan up to 8.20. This vulnerability affects unknown code of the file server/methods/fixDuplicateLists.js of the component Administrative Repair Handler. Performing a manipulation results in improper access controls. It is possible to initiate the attack...

Craft CMS SQL注入漏洞

Craft CMS is an open-source content management system developed by Craft CMS. Versions 4.0.0-RC1 to 4.16.17, and 5.0.0-RC1 to 5.8.21 of Craft CMS have SQL injection vulnerabilities. These vulnerabilities stem from improper cleaning of the criteriaorderBy parameter input, which may lead to SQL...

EUVD-2026-5823

A security flaw has been discovered in WeKan up to 8.20. This vulnerability affects unknown code of the file server/methods/fixDuplicateLists.js of the component Administrative Repair Handler. Performing a manipulation results in improper access controls. It is possible to initiate the attack...

CVE-2026-25859

The CVE-2026-25859 entry concerns Wekan versions prior to 8.20, where insufficient permission checks allow non-administrative users to access the migration functionality, potentially enabling unauthorized migration operations. The Red Hat, NVD, EUVD, OSV, CVE lists and PT Security entries corrobo...

CVE-2026-1892

A security vulnerability has been detected in WeKan up to 8.20. This affects the function setBoardOrgs of the file models/boards.js of the component REST API. Such manipulation of the argument item.cardId/item.checklistId/card.boardId leads to improper authorization. The attack may be launched...

CVE-2026-1896

A vulnerability has been found in WeKan up to 8.20. Affected by this vulnerability is the function ComprehensiveBoardMigration of the file server/migrations/comprehensiveBoardMigration.js of the component Migration Operation Handler. The manipulation of the argument boardId leads to improper acce...

CVE-2026-1964

A vulnerability was determined in WeKan up to 8.20. This impacts an unknown function of the file models/boards.js of the component REST Endpoint. This manipulation causes improper access controls. Remote exploitation of the attack is possible. Upgrading to version 8.21 will fix this issue. Patch...

CVE-2026-1898

A vulnerability was determined in WeKan up to 8.20. This affects an unknown part of the file packages/wekan-ldap/server/syncUser.js of the component LDAP User Sync. This manipulation causes improper access controls. It is possible to initiate the attack remotely. Upgrading to version 8.21 is able...

CVE-2026-1895

A flaw has been found in WeKan up to 8.20. Affected is the function applyWipLimit of the file models/lists.js of the component Attachment Storage Handler. Executing a manipulation can lead to improper access controls. The attack can be executed remotely. Upgrading to version 8.21 is able to addre...

WeKan 授权问题漏洞

WeKan is an open-source dashboard application developed by WeKan. Versions of WeKan prior to 8.20 contained a vulnerability related to authorization issues. This vulnerability arose from improper authorization handling when operating on the parameters item.cardId, item.checklistId, and card.board...

Fedora 42 : gitleaks (2025-94112c7319)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-94112c7319 advisory. Update to 8.28.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...

Linux Distros Unpatched Vulnerability : CVE-2020-14634

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.20 and prior. Easily exploitable...

Linux Distros Unpatched Vulnerability : CVE-2020-14643

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Roles. Supported versions that are affected are 8.0.20 and prior. Easily...

Linux Distros Unpatched Vulnerability : CVE-2022-21635

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.29 and prior. Easily exploitable...

Linux Distros Unpatched Vulnerability : CVE-2021-2087

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.22 and prior. Easily exploitable...

Bosch IP cameras security breach

Bosch IP cameras are network cameras from Bosch, Germany. A security vulnerability exists in Bosch IP cameras that could allow a user with administrative privileges to run arbitrary commands on the camera's operating system. The following products and versions are affected: Bosch Camera CPP13...

Qualitor Security Breach

Qualitor is an application. A security vulnerability exists in Qualitor version 8.20 and earlier versions. An attacker exploits the vulnerability to execute arbitrary code via PHP code in the html/ad/adpesquisasql/request/processVariavel.php gridValoresPopHidden parameter...