UBUNTU-CVE-2026-50052

In Vinyl Cache before 9.0.1 and Varnish Cache before 9.0.3, a deficiency in HTTP/2 request parsing can be exploited to launch a backend request desync attack request smuggling, which in turn can be used for cache poisoning, authentication bypass, or possibly even information disclosure and...

SUSE CVE-2026-27623

Valkey is a distributed key-value database. Starting in version 9.0.0 and prior to version 9.0.3, a malicious actor with network access to Valkey can cause the system to abort by triggering an assertion. When processing incoming requests, the Valkey system does not properly reset the networking...

CVE-2026-27623 Valkey has Pre-Authentication DOS from malformed RESP request

Valkey is a distributed key-value database. Starting in version 9.0.0 and prior to version 9.0.3, a malicious actor with network access to Valkey can cause the system to abort by triggering an assertion. When processing incoming requests, the Valkey system does not properly reset the networking...

CVE-2026-25807

CVE-2026-25807 affects ZAI Shell before version 9.0.3, where the P2P terminal sharing feature (share start) opens a TCP socket on port 5757 without authentication. A remote attacker can connect to a ZAI-Shell P2P session running in --no-ai mode and send arbitrary system commands. If the host user...

Timing Attack

Overview prestashop/prestashop is an Open Source e-commerce platform, committed to providing the best shopping cart experience for both merchants and customers. Affected versions of this package are vulnerable to Timing Attack via the login function. An attacker can obtain information about the...

ZKTeco BioTime 安全漏洞

ZKTeco BioTime is a powerful web-based time and attendance management software from the Chinese company ZKTeco. A security vulnerability exists in ZKTeco BioTime versions 9.0.3, 9.0.4, and 9.5.2, which stems from a vulnerability in the parameter...

EUVD-2025-199708

Out-of-bounds Read vulnerability in ASR1903、ASR3901 in ASR LapwingLinux on Linux nrfw modules. This vulnerability is associated with program files Code/nrfw/DLP/src/NrCgi.C. This issue affects LapwingLinux: before 2025/11/26...

Infoblox NIOS 输入验证错误漏洞

Infoblox NIOS is a system for managing and automating network devices and services from Infoblox, Inc. It is used to automate the configuration and management of networks and to ensure stable network operation. A security vulnerability exists in Infoblox NIOS version 8.6.4 and earlier and version...

CVE-2025-24903

libsignal-service-rs is a Rust version of the libsignal-service-java library which implements the core functionality to communicate with Signal servers. Prior to commit 82d70f6720e762898f34ae76b0894b0297d9b2f8, any contact may forge a sync message, impersonating another device of the local user...

PT-2025-1271 · Fastify · Fastify-Multipart

Name of the Vulnerable Software and Affected Versions: @fastify/multipart versions prior to 8.3.1 and 9.0.3 Description: The issue is related to the saveRequestFiles function in the @fastify/multipart plugin for Fastify, which fails to delete uploaded temporary files when a user cancels a request...

Shihonkanri Plus Path Traversal Vulnerability

Ekakin Shihonkanri Plus GOOUT is a CGI Public Gateway Interface from Ekakin Japan. A path traversal vulnerability exists in Shihonkanri Plus Ver9.0.3 and earlier versions that could allow a local attacker to execute arbitrary code by allowing a legitimate user to import a specially crafted produc...

CVE-2021-31339

A vulnerability has been identified in Mendix Excel Importer Module All versions V9.0.3. Uploading a manipulated XML File results in an exception that could expose information about the Application-Server and the used XML-Framework...

CVE-2019-7482

Stack-based buffer overflow in SonicWall SMA100 allows an unauthenticated user to execute arbitrary code in function libSys.so. This vulnerability impacted SMA100 version 9.0.0.3 and earlier...

Huawei DP300, TP3206 and ViewPoint 9030 Weak Encryption Algorithm Vulnerability

Huawei DP300, TP3206 and ViewPoint 9030 are all products of Huawei, China.DP300 is a video conferencing endpoint.TP3206 is a panoramic video conferencing solution.ViewPoint 9030 is a multipoint control unit for video conferencing systems. A weak encryption algorithm vulnerability exists in the...

IBM Security Access Manager Appliance Command Injection Vulnerability

IBM Security Access Manager Appliance is an application for information security management from IBM, USA. The program enables access management control through an integrated appliance for web, mobile and cloud computing. A command injection vulnerability exists in IBM Security Access Manager...

CVE-2017-1477

IBM Security Access Manager Appliance 9.0.3 is vulnerable to a XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 128612...