Apache Linkis: Arbitrary File Read via Double URL Encoding Bypass

A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigger a vulnerability that allows...

GHSA-C399-Q49H-QWC8 Apache Linkis: Arbitrary File Read via Double URL Encoding Bypass

A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigger a vulnerability that allows...

CVE-2025-29847

A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and da When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigg...

CVE-2025-29847

A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and da When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigg...

CVE-2025-29847 Apache Linkis: Arbitrary File Read via Double URL Encoding Bypass

A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and da When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigg...

CVE-2025-29847 Apache Linkis: Arbitrary File Read via Double URL Encoding Bypass

A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and da When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigg...

CVE-2025-29847

A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and da When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigg...

CVE-2025-29847

CVE-2025-29847 (Apache Linkis) : A vulnerability in Apache Linkis where, when using the JDBC engine and data source, multiple URL-encoded parameters on the frontend can bypass checks and allow unauthorized access to system files via JDBC parameters. Affected versions: 1.3.0–1.7.0. Impact: potenti...

PT-2026-3452

Name of the Vulnerable Software and Affected Versions @fastify/express versions prior to 4.0.3 Description A security issue exists in the @fastify/express plugin, which provides Express compatibility for Fastify. The problem occurs when middleware is registered with a specific path prefix...

MiracleLinux 8 : libxml2-2.9.7-9.el8.2 (AXSA:2021-2193:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2193:02 advisory. libxml2: Use-after-free in xmlEncodeEntitiesInternal in entities.c CVE-2021-3516 libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal in...

CVE-2026-0695

In ConnectWise PSA versions older than 2026.1, Time Entry notes stored in the Time Entry Audit Trail may be rendered without applying output encoding to certain content. Under specific conditions, this may allow stored script code to execute in the context of a user’s browser when the affected...

OSV-2026-65 Security exception in com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=476179553 Crash type: Security exception Crash state: com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr java.base/sun.nio.cs.UTF8$Encoder.encodeArrayLoop java.base/sun.nio.cs.UTF8$Encoder.encodeLoop...

CVE-2021-47812

GravCMS 1.10.7 contains an unauthenticated vulnerability that allows remote attackers to write arbitrary YAML configuration and execute PHP code through the scheduler endpoint. Attackers can exploit the admin-nonce parameter to inject base64-encoded payloads and create malicious custom jobs with...

CVE-2026-0695 Stored XSS in Time Entry Audit Trail

In ConnectWise PSA versions older than 2026.1, Time Entry notes stored in the Time Entry Audit Trail may be rendered without applying output encoding to certain content. Under specific conditions, this may allow stored script code to execute in the context of a user’s browser when the affected...

Exploit for CVE-2024-50050

--- 💀 LlamaStack-RCE: CVE-2024-50050 Supply Chain Exploitatio...

OESA-2026-1081 assimp security update

Assimp is a library to load and process geometric scenes from various data formats. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems of any kind, but is not limited to this purpose. Security Fixes: A weakness has been identified in Op...

CVE-2026-23527

A flaw was found in h3, a minimal HTTP Hypertext Transfer Protocol framework. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request where the Transfer-Encoding header uses a case variation of "chunked". The readRawBody function performs a strict case-sensiti...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000699)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000699 advisory. The asn1berdecoder function in lib/asn1decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service panic via an ASN.1 BER file that lacks ...

PT-2026-3251

Name of the Vulnerable Software and Affected Versions ConnectWise PSA versions prior to 2026.1 Description ConnectWise PSA versions older than 2026.1 may allow stored script code to execute in a user’s browser. This occurs because Time Entry notes stored in the Time Entry Audit Trail are rendered...

MiracleLinux 4 : java-1.8.0-openjdk-1.8.0.161-3.b14.AXS4 (AXSA:2018-2515:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2018-2515:01 advisory. Multiple flaws were found in the Hotspot and AWT components of OpenJDK. An untrusted Java application or applet could use these flaws to bypass...