2051 matches found
Security Bulletin: IBM Maximo Application Suite uses once-2.0.0.tgz which is vulnerable to CVE-2026-3449
Summary IBM Maximo Application Suite uses once-2.0.0.tgz which is vulnerable to CVE-2026-3449. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-3449 DESCRIPTION: Versions of the package @tootallnate/once before 3.0.1 are vulnerab...
CVE-2026-35371 vulnerabilities
Vulnerabilities for packages: uutils...
GHSA-5699-PPR6-8H44 vulnerabilities
Vulnerabilities for packages: grafana...
Linux Distros Unpatched Vulnerability : CVE-2026-9984
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in UI in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium...
EUVD-2026-33053
typescript-utcp is a typescript implementation of UTCP. Prior to 1.1.2, the @utcp/http package is vulnerable to a blind Server-Side Request Forgery SSRF caused by a trust-boundary inconsistency between manual discovery and tool invocation. registerManual validates the discovery URL against an HTT...
GHSA-5WFC-HJRC-GQ87 vulnerabilities
Vulnerabilities for packages: jitsucom-bulker...
GHSA-5WFC-HJRC-GQ87 vulnerabilities
Vulnerabilities for packages: jitsucom-bulker...
GHSA-RQ48-56F4-2WW7 vulnerabilities
Vulnerabilities for packages: chromium...
SUSE SLED15 / SLES15 Security Update : libsndfile (SUSE-SU-2026:1968-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1968-1 advisory. This update for libsndfile fixes the following issues - CVE-2025-52194: buffer overflow in the ircamreadheader...
Server-side Request Forgery (SSRF)
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the isSSRFSafeURL process. An attacker can access internal network resources or sensitive information by exploiting DNS rebindi...
CVE-2026-44294 vulnerabilities
Vulnerabilities for packages: kibana, cadence-web, gemini-cli, opentelemetry-auto-instrumentations-node, vitess, librechat, pulumi, kubeflow-centraldashboard, renovate, homepage...
CVE-2026-44578 vulnerabilities
Vulnerabilities for packages: keep...
GHSA-V87V-83H2-53W7 vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines-visualization-server, datahub-ingestion-fips...
GHSA-4C54-JJ6J-3J34 vulnerabilities
Vulnerabilities for packages: linux-azure, linux-vmware, linux-qemu, linux-gcp, linux-aws...
CVE-2025-63706
NPM package next-npm-version1.0.1 is vulnerable to Command injection...
GHSA-2XX6-QF7X-GRQH next-npm-version is vulnerable to Command injection
NPM package next-npm-version1.0.1 is vulnerable to Command injection...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the downloadFrom and webhook processes. An attacker can access internal network resources and potentially exfiltrate sensitive information or interact with internal-only services by supplying special...
CVE-2025-63706
The CVE-2025-63706 entry concerns the NPM package next-npm-version1.0.1 , reported as vulnerable to command injection . Multiple connected records corroborate the issue across NVD/CVE and related feeds. The vulnerability is described as critical with a CVSS 3.1 base score of 9.8 (vectors: AV:N/AC...
PT-2026-38453
Name of the Vulnerable Software and Affected Versions query-parser-string version 1.0.0 Description The software is subject to Prototype Pollution, a condition where an attacker can manipulate the prototype of an object to alter the behavior of the application. This occurs because the package fai...
GHSA-75XQ-5H9V-W6PX vulnerabilities
Vulnerabilities for packages: ruby3.4-net-imap, ruby3.3-rails, ruby4.0-rails, ruby4.0-net-imap, ruby3.2-rails, ruby3.4-rails, ruby3.3-net-imap, ruby3.2-net-imap, kube-logging-operator, logstash...