2913 matches found
NEMU 安全漏洞
NEMU is an open-source teaching system simulator developed by XiangShan. Versions of NEMU prior to v2025.12.r2 contained security vulnerabilities. These vulnerabilities were caused by improper instruction validation in the RISC-V Vector decoder, which could lead to incorrect trap behavior,...
Improper Validation of Specified Index, Position, or Offset in Input
Overview Affected versions of this package are vulnerable to Improper Validation of Specified Index, Position, or Offset in Input due to accepting external output buffers but not rejecting out-of-range writes small buf or large offset. This inconsistency allows silent partial writes into...
Improper Validation of Unsafe Equivalence in Input
Overview @node-oauth/oauth2-server is a Complete, framework-agnostic, compliant and well tested module for implementing an OAuth2 Server in node.js Affected versions of this package are vulnerable to Improper Validation of Unsafe Equivalence in Input in the token process. An attacker can obtain...
CVE-2026-6442
CVE-2026-6442 concerns Snowflake Cortex Code CLI prior to version 1.0.25, where improper validation of bash commands allows embedding crafted content to cause the CLI agent to execute arbitrary code outside the sandbox. The NVD/CVE records describe this as a local RCE risk with non-deterministic ...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Improper Certificate Validation in crypto/x509 [CVE-2025-58188]
Summary IBM Watson Speech Services Cartridge is vulnerable to Improper Certificate Validation in crypto/x509, due to incorrect processing of chains which contain DSA public keys. CVE-2025-58188. Crypto/x509 is used in our speech utilities. This vulnerabilitiy has been addressed. Please read the...
SUSE-SU-2026:1314-1 Security update for ignition
This update for ignition fixes the following issue: - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo-header bsc1260251...
SUSE-SU-2026:21115-1 Security update for ignition
This update for ignition fixes the following issue: - CVE-2026-33186: Fixed an authorization bypass due to improper validation of the HTTP/2: path pseudo-header bsc1260251...
CVE-2026-5059
aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handlin...
Improper Validation of Consistency within Input
Overview Affected versions of this package are vulnerable to Improper Validation of Consistency within Input through the internalImportFromBackup process in lxd/apiinternal.go. An attacker can create a backup archive with a benign backup/index.yaml and a malicious backup/container/backup.yaml, th...
Improper Validation of Array Index
Overview Affected versions of this package are vulnerable to Improper Validation of Array Index of tcg-kp-AIKCertificate Extended Key Usage OID during TPM device attestation. An attacker can cause a panic and disrupt service availability by submitting a crafted attestation key certificate with an...
Improper Validation of Unsafe Equivalence in Input
Overview Affected versions of this package are vulnerable to Improper Validation of Unsafe Equivalence in Input via the TopicSelectorStore process. An attacker can access private updates intended for authorized subscribers or prevent delivery to legitimate recipients by poisoning the match result...
Improper Validation of Unsafe Equivalence in Input
Overview Affected versions of this package are vulnerable to Improper Validation of Unsafe Equivalence in Input via the TopicSelectorStore process. An attacker can access private updates intended for authorized subscribers or prevent delivery to legitimate recipients by poisoning the match result...
rfc3161-client Has Improper Certificate Validation
Summary An Authorization Bypass vulnerability in rfc3161-client's signature verification allows any attacker to impersonate a trusted TimeStamping Authority TSA. By exploiting a logic flaw in how the library extracts the leaf certificate from an unordered PKCS7 bag of certificates, an attacker ca...
Improper Validation of Array Index
Overview github.com/jackc/pgx/v5/pgproto3 is a low-level PostgreSQL database driver Affected versions of this package are vulnerable to Improper Validation of Array Index in the Bind.Decode function. An attacker can cause unexpected memory access or application crashes by sending specially crafte...
Logic Flaw
KubeVirt is vulnerable to a logic flaw. The vulnerability is due to improper validation in the virt-controller, which allows an attacker to create a malicious pod with matching labels to mislead the controller and disrupt VMI management, leading to denial-of-service...
Open Cluster Management (OCM): Cross-cluster privilege escalation via improper Kubernetes client certificate renewal validation
A flaw was found in Open Cluster Management OCM, the technology underlying Red Hat Advanced Cluster Management ACM. Improper validation of Kubernetes client certificate renewal allows a managed cluster administrator to forge a client certificate that can be approved by the OCM controller. This...
SEPPmail Secure Email Gateway 安全漏洞
SEPPmail Secure Email Gateway is an email security gateway developed by the German company SEPPmail. Versions of SEPPmail Secure Email Gateway prior to version 15.0.3 contained security vulnerabilities. These vulnerabilities stemmed from improper validation of S/MIME encrypted MIME entities for...
Improper Authentication
github.com/1panel-dev/1panel is vulnerable to improper authentication.The vulnerability is due to improper server-side validation of a client-controlled parameter, which allows an unauthenticated attacker to bypass CAPTCHA protections and perform automated login attempts leading to potential...
Improper Validation of Array Index
Overview Affected versions of this package are vulnerable to Improper Validation of Array Index through improper validation in the index decoding for version 4 files. An attacker with write access to the .git directory to modify or inject the index file can cause a panic and terminate the process...
Improper Handling of Length Parameter Inconsistency
Overview ecdsa is an easy-to-use implementation of ECDSA cryptography Elliptic Curve Digital Signature Algorithm, implemented purely in Python, released under the MIT license. Affected versions of this package are vulnerable to Improper Handling of Length Parameter Inconsistency due to improper...