19513 matches found
CVE-2025-61022
An issue in the sqlotbcolpreds component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...
CVE-2025-61023
An issue in the stcompare component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...
CVE-2025-61020
An issue in the sqlostripinjoin component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...
CVE-2025-61025
CVE-2025-61025 affects openlink virtuoso-opensource 7.2.11, specifically the sslr_qst_get component. The issue allows a Denial of Service via crafted SQL statements. The CVSSv3.1 vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H with a base score of 7.5 (HIGH). Connected sources identify the...
CVE-2025-61019
An issue in the sqlokeypartbest component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...
EUVD-2026-32587
Budibase: SSRF via OAuth2 token endpoint URL reaches internal hosts and cloud metadata...
CVE-2026-7664
IBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint...
Security Bulletin: DataStage on Cloud Pak for Data has several vulnerabilities due to open source software
Summary Open source packages are used as part of the overall processing in DataStage on Cloud Pak for Data. Vulnerability Details CVEID:CVE-2026-33871 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote...
CVE-2026-7664
Summary: IBM Langflow OSS versions 1.0.0–1.8.4 are affected by an unauthenticated access issue due to improper authorization enforcement on the Streamable MCP transport endpoint, potentially allowing access to protected MCP project resources and execution of MCP operations. Affected products/vers...
EUVD-2026-38245
IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due to an improper isolation of Python execution combined with an authentication bypass that allows an unauthenticated attacker to execute arbitrary code on the host system, resulting in complete compromise...
BIT-NGINX-GATEWAY-2026-42530 NGINX Open-Source ngx_http_v3_module vulnerability
NGINX Open Source has a vulnerability in the ngxhttpv3module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen a QPACK encoder stream. This m...
BIT-NGINX-2026-42530 NGINX Open-Source ngx_http_v3_module vulnerability
NGINX Open Source has a vulnerability in the ngxhttpv3module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen a QPACK encoder stream. This m...
ROS-20260622-73-0041
The vulnerability of the ngxhttpdavmodule module in NGINX Plus and NGINX Open Source servers is related to buffer overflow in dynamic memory. Exploiting this vulnerability can allow a malicious actor to cause service failures...
ROS-20260622-73-0042
The vulnerability of the ngxhttpmp4module in NGINX Plus and NGINX Open Source HTTP servers is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause service failures or execute arbitrary code...
ROS-20260622-73-0045
The vulnerability of the ngxmailauthhttpmodule module in NGINX Plus and NGINX Open Source is related to the use of the NULL pointer. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...
MAL-2026-6251 Malicious code in zomato-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a1b48a397992964f8f3982dc69a33431bfb26c911c29a1e5d124581cef46a40 Dependency-confusion package targeting an internal Zomato namespace. The package ships only a stub index.js module.exports = name: 'zomato-config',...
Security Bulletin: Unauthenticated Remote Code Execution in Langflow OSS PythonREPLComponent via Builtins Injection
Summary Langflow OSS contains unauthenticated RCE vulnerability in PythonREPLComponent "Python Interpreter". Component's getglobals builds restricted globals dict from globalimports whitelist default: "math" but never sets globals"builtins" = . CPython's exec automatically inserts full builtins...
Linux Distros Unpatched Vulnerability : CVE-2026-48142
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpcharsetmodule module. When content is served or proxied through a location block with both...
UBUNTU-CVE-2026-49346
libde265 is an open source implementation of the h.265 video codec. Prior to version 1.1.0, a crafted H.265 bitstream with large SPS dimensions and 16-bit bit depth causes a signed integer overflow in de265imagegetbuffer libde265/image.cc:128. The overflow wraps the plane allocation size to a sma...
Astra Linux – Vulnerability in qtbase-opensource-src
A issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. There is an incorrect HPack integer overflow check in network/access/http2/hpacktable.cpp...