CVE-2026-48207 Apache Fory: PyFory ReduceSerializer Incomplete Policy Enforcement

Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is vulnerable if it deserializes attacker-controlled data using PyFory...

PT-2026-31030

Name of the Vulnerable Software and Affected Versions MCP Java SDK versions prior to 1.0.0 Description The MCP Java SDK contains a DNS rebinding vulnerability. This allows an attacker to access a locally or network-private MCP server via a victim's browser. An attacker can then make any tool call...

CVE-2026-25651

client-certificate-auth is middleware for Node.js implementing client SSL certificate authentication/authorization. Versions 0.2.1 and 0.3.0 of client-certificate-auth contain an open redirect vulnerability. The middleware unconditionally redirects HTTP requests to HTTPS using the unvalidated Hos...

ACON 输入验证错误漏洞

ACON is an Adaptive Correlation Optimization Network package from the Torin Etheridge Personal Developer. An input validation error vulnerability exists in versions of ACON prior to 1.0.0, which stems from a vulnerability that allows an attacker to submit malicious input data to bypass input...

WordPress plugin Shortcode For Elementor Templates 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2023-30058 · Npm · Evershop

Name of the Vulnerable Software and Affected Versions: EverShop NPM versions prior to 1.0.0-rc.8 Description: An issue in EverShop NPM allows a remote attacker to obtain sensitive information and execute arbitrary code via the "/deleteCustomer/route.json" API endpoint. The deleteCustomer route is...

Intel WULT software 代码问题漏洞

Intel WULT software is an application from Intel Corporation USA. A security vulnerability exists in Intel WULT software versions prior to 1.0.0. An attacker could exploit the vulnerability to escalate privileges...

PT-2023-20216 · Unknown · Notation-Go

Name of the Vulnerable Software and Affected Versions: notation-go versions prior to 1.0.0-rc.3 Description: The issue causes excessive memory consumption when verifying signatures, leading to application crashes and impacting availability. Users can review their trust policy file for the identit...

PYSEC-2022-43150

Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure...

PT-2022-18341 · Inhand Networks · Inrouter 900 Industrial 4G Router

Name of the Vulnerable Software and Affected Versions: InHand Networks InRouter 900 Industrial 4G Router versions prior to 1.0.0.r11700 Description: A remote code execution issue was discovered in the get cgi from memory component. This issue can be triggered by a crafted packet, allowing for...

PT-2021-14396 · Unknown +2 · Blaze-Core +5

Name of the Vulnerable Software and Affected Versions: http4s versions prior to 0.21.17 http4s versions prior to 0.22.0-M2 http4s versions prior to 1.0.0-M14 Description: The issue is related to the blaze-core library, which accepts connections unboundedly on its selector pool. This can lead to a...

Apache MXNet Information Disclosure Vulnerability

Apache MXNet is a suite of scalable deep learning frameworks from the Apache USA Software Foundation. A security vulnerability exists in Apache MXNet versions prior to 1.0.0. The vulnerability can be exploited to expose an instance with MXNet running to an attacker...

UBUNTU-CVE-2016-10518

A vulnerability was found in the ping functionality of the ws module before 1.0.0 which allowed clients to allocate memory by sending a ping frame. The ping functionality by default responds with a pong frame and the previously given payload of the ping frame. This is exactly what you expect, but...

DEBIAN-CVE-2012-0786

The transformsave function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augnew file...