2167 matches found
CVE-2026-11701 vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-72XP-P242-47P9 vulnerabilities
Vulnerabilities for packages: nextcloud-server...
MAL-2026-5448 Malicious code in mazemap (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 751317dcad79cec866b8dc69cd60b39e3be8e1bcc45746039835b04ce32445b0 package.json declares its only dependency ltidisafe as a direct HTTPS tarball URL https://ltidi.storage.googleapis.com/depenconf/ltidisafe-3.0.2.tgz...
GHSA-V4C4-Q9W7-M653 vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-P337-8MM9-6P6X vulnerabilities
Vulnerabilities for packages: chromium...
CVE-2026-31843
The goodoneuz/pay-uz Laravel package = 2.2.24 contains a critical vulnerability in the /payment/api/editable/update endpoint that allows unauthenticated attackers to overwrite existing PHP payment hook files. The endpoint is exposed via Route::any without authentication middleware, enabling remot...
Linux Distros Unpatched Vulnerability : CVE-2026-11043
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds write in ANGLE in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially...
Security Bulletin: IBM Maximo Application Suite uses once-2.0.0.tgz which is vulnerable to CVE-2026-3449
Summary IBM Maximo Application Suite uses once-2.0.0.tgz which is vulnerable to CVE-2026-3449. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-3449 DESCRIPTION: Versions of the package @tootallnate/once before 3.0.1 are vulnerab...
CVE-2026-35371 vulnerabilities
Vulnerabilities for packages: uutils...
GHSA-5699-PPR6-8H44 vulnerabilities
Vulnerabilities for packages: grafana...
Linux Distros Unpatched Vulnerability : CVE-2026-9984
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in UI in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium...
EUVD-2026-33053
typescript-utcp is a typescript implementation of UTCP. Prior to 1.1.2, the @utcp/http package is vulnerable to a blind Server-Side Request Forgery SSRF caused by a trust-boundary inconsistency between manual discovery and tool invocation. registerManual validates the discovery URL against an HTT...
GHSA-5WFC-HJRC-GQ87 vulnerabilities
Vulnerabilities for packages: jitsucom-bulker...
GHSA-5WFC-HJRC-GQ87 vulnerabilities
Vulnerabilities for packages: jitsucom-bulker...
GHSA-RQ48-56F4-2WW7 vulnerabilities
Vulnerabilities for packages: chromium...
SUSE SLED15 / SLES15 Security Update : libsndfile (SUSE-SU-2026:1968-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1968-1 advisory. This update for libsndfile fixes the following issues - CVE-2025-52194: buffer overflow in the ircamreadheader...
Server-side Request Forgery (SSRF)
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the isSSRFSafeURL process. An attacker can access internal network resources or sensitive information by exploiting DNS rebindi...
CVE-2026-44294 vulnerabilities
Vulnerabilities for packages: renovate, vitess, kibana, cadence-web, kubeflow-centraldashboard, opentelemetry-auto-instrumentations-node, librechat, pulumi, homepage, gemini-cli...
CVE-2026-44578 vulnerabilities
Vulnerabilities for packages: keep...
GHSA-V87V-83H2-53W7 vulnerabilities
Vulnerabilities for packages: datahub-ingestion-fips, kubeflow-pipelines-visualization-server...