230 matches found
EUVD-2026-28794
OmniFaces is a utility library for Faces. Prior to versions 1.14.2, 2.7.32, 3.14.16, 4.7.5, and 5.2.3, there is a server-side EL injection leading to Remote Code Execution RCE. This affects applications that use CDNResourceHandler with a wildcard CDN mapping e.g...
GLiNER Guard: Unified Encoder Family for Production LLM Safety and Privacy
Production LLM systems require both safety moderation and PII detection under strict latency and cost constraints. This creates a trade-off: autoregressive moderators are accurate but expensive, while lightweight encoders are faster but less capable. We present GLiNER Guard GLiGuard, a unified...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: “IB/isert: Fix incorrect release of isert connection” The commit with the ID 699826f4e30a “IB/isert: Fix incorrect release of isert connection” is causing problems when DEVICEREMOVAL occurs in OPA. ----------- Cut here ----------...
Malicious code in @omni-corp-infra/sso-bridge-core (npm)
Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...
CVE-2026-1229 vulnerabilities
Vulnerabilities for packages: chainctl, aactl, flux-image-automation-controller, kubevela, pulumi, terraform-provider-pagerduty, grafana-alloy-fips, lazygit, crossplane-provider-keycloak-fips, crossplane-provider-family-aws-fips, gitaly-fips, gptscript, syft-fips, crossplane-provider-aws-sns, apk...
GHSA-Q9HV-HPM4-HJ6X vulnerabilities
Vulnerabilities for packages: chainctl, aactl, flux-image-automation-controller, kubevela, pulumi, terraform-provider-pagerduty, grafana-alloy-fips, lazygit, crossplane-provider-keycloak-fips, crossplane-provider-family-aws-fips, gitaly-fips, gptscript, syft-fips, crossplane-provider-aws-sns, apk...
Security Bulletin: A vulnerability in IBM Java Runtime affects Tivoli Netcool/OMNIbus ( CVE-2026-1188)
Summary A vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by Tivoli Netcool/OMNIbus has been addressed. Vulnerability Details CVEID:CVE-2026-1188 DESCRIPTION: In the Eclipse OMR port library component since release 0.2.0, an API function to return the...
Information Leakage Vulnerability in E3 Omni-Channel Central Platform of Shanghai Esaote Software Co.
E3 Omni-Channel Middle is an omni-channel new retail solution product for medium and large enterprises. Ltd. E3 Omni-Channel Middleware suffers from an information leakage vulnerability that can be exploited by attackers to obtain sensitive information...
Insertion of Sensitive Information into Log File
Overview omni-cortex is a Give Claude Code a perfect memory - auto-logs everything, searches smartly, and gets smarter over time Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File. Activity logging fails to redact sensitive fields before writing t...
Improper Neutralization of Input Used for LLM Prompting
Overview omni-cortex is a Give Claude Code a perfect memory - auto-logs everything, searches smartly, and gets smarter over time Affected versions of this package are vulnerable to Improper Neutralization of Input Used for LLM Prompting. LLM prompt construction fails to sanitize user-controlled...
CVE-2012-10064
Omni Secure Files plugin versions prior to 0.1.14 contain an arbitrary file upload vulnerability in the bundled plupload example endpoint. The /wp-content/plugins/omni-secure-files/plupload/examples/upload.php handler allows unauthenticated uploads without enforcing safe file type restrictions,...
CVE-2012-10064
Omni Secure Files plugin versions prior to 0.1.14 contain an arbitrary file upload vulnerability in the bundled plupload example endpoint. The /wp-content/plugins/omni-secure-files/plupload/examples/upload.php handler allows unauthenticated uploads without enforcing safe file type restrictions,...
CVE-2012-10064 Omni Secure Files < 0.1.14 Unauthenticated Arbitrary File Upload
Omni Secure Files plugin versions prior to 0.1.14 contain an arbitrary file upload vulnerability in the bundled plupload example endpoint. The /wp-content/plugins/omni-secure-files/plupload/examples/upload.php handler allows unauthenticated uploads without enforcing safe file type restrictions,...
CVE-2012-10064
Omni Secure Files WordPress plugin versions before 0.1.14 contain an unauthenticated arbitrary file upload vulnerability in the bundled plupload example endpoint (upload.php). The handler does not enforce safe file type restrictions, allowing attacker-controlled files to be uploaded to the plugin...
CVE-2012-10064 Omni Secure Files < 0.1.14 Unauthenticated Arbitrary File Upload
Omni Secure Files plugin versions prior to 0.1.14 contain an arbitrary file upload vulnerability in the bundled plupload example endpoint. The /wp-content/plugins/omni-secure-files/plupload/examples/upload.php handler allows unauthenticated uploads without enforcing safe file type restrictions,...
CVE-2012-10064
Omni Secure Files plugin versions prior to 0.1.14 contain an arbitrary file upload vulnerability in the bundled plupload example endpoint. The /wp-content/plugins/omni-secure-files/plupload/examples/upload.php handler allows unauthenticated uploads without enforcing safe file type restrictions,...
PT-2026-3315
Omni Secure Files plugin versions prior to 0.1.14 contain an arbitrary file upload vulnerability in the bundled plupload example endpoint. The /wp-content/plugins/omni-secure-files/plupload/examples/upload.php handler allows unauthenticated uploads without enforcing safe file type restrictions,...
WordPress plugin Omni Secure Files has a security vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
CVE-2023-54219 Revert "IB/isert: Fix incorrect release of isert connection"
In the Linux kernel, the following vulnerability has been resolved: Revert "IB/isert: Fix incorrect release of isert connection" Commit: 699826f4e30a "IB/isert: Fix incorrect release of isert connection" is causing problems on OPA when DEVICEREMOVAL is happening. ------------ cut here -----------...
Denial Of Service (DoS)
github.com/siderolabs/omni is vulnerable to Denial of service DoS. The vulnerability is due to improper validation of the resource metadata field in the isSensitiveSpec function, followed by an unchecked call to CreateResource, which allows an attacker to send empty create/update requests...