28667 matches found
CVE-2026-30871 OpenWrt Project has Stack-based Buffer Overflow in DNS PTR Query
OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6 and 25.12.1, the mdns daemon has a Stack-based Buffer Overflow vulnerability in the parsequestion function. The issue is triggered by PTR queries for reverse DNS domains .in-addr.arpa and .ip6.arp...
GHSA-4FCP-JXH7-23X8 Dasel has unbounded YAML alias expansion in dasel leads to CPU/memory denial of service
Summary dasel's YAML reader allows an attacker who can supply YAML for processing to trigger extreme CPU and memory consumption. The issue is in the library's own UnmarshalYAML implementation, which manually resolves alias nodes by recursively following yaml.Node.Alias pointers without any...
CVE-2026-32255
Kan is an open-source project management tool. In versions 0.5.4 and below, the /api/download/attatchment endpoint has no authentication and no URL validation. The Attachment Download endpoint accepts a user-supplied URL query parameter and passes it directly to fetch server-side, and returns the...
PT-2026-26264
CVE-2026-99999: this fucking thing...
kan 代码问题漏洞
Kan is an open-source project management tool developed by kanbn. Versions of Kan 0.5.4 and earlier contained code vulnerabilities. These vulnerabilities stemmed from the lack of authentication and URL validation in the/api/download/attatchment endpoint, allowing unauthenticated attackers to send...
CVE-2026-32255 Kan is Vulnerable to Unauthenticated SSRF via Attachment Download Endpoint
Kan is an open-source project management tool. In versions 0.5.4 and below, the /api/download/attatchment endpoint has no authentication and no URL validation. The Attachment Download endpoint accepts a user-supplied URL query parameter and passes it directly to fetch server-side, and returns the...
CVE-2026-32611
Glances is an open-source system cross-platform monitoring tool. The GHSA-x46r fix commit 39161f0 addressed SQL injection in the TimescaleDB export module by converting all SQL operations to use parameterized queries and psycopg.sql composable objects. However, the DuckDB export module...
Malicious code in internal-secret-project-1234 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c8dc95d958f766e3d4594c0ea651f834cd877966e5c76347c4f0d819eb5e79d7 The package internal-secret-project-1234 was found to contain malicious code...
MAL-2026-1753 Malicious code in internal-secret-project-1234 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c8dc95d958f766e3d4594c0ea651f834cd877966e5c76347c4f0d819eb5e79d7 The package internal-secret-project-1234 was found to contain malicious code...
DEBIAN-CVE-2026-33058
Kanboard is project management software focused on Kanban methodology. Versions prior to 1.2.51 have an authenticated SQL injection vulnerability. Attackers with the permission to add users to a project can leverage this vulnerability to dump the entirety of the kanboard database. Version 1.2.51...
CVE-2026-33058
Kanboard is project management software focused on Kanban methodology. Versions prior to 1.2.51 have an authenticated SQL injection vulnerability. Attackers with the permission to add users to a project can leverage this vulnerability to dump the entirety of the kanboard database. Version 1.2.51...
CVE-2026-33058 Kanboard has Authenticated SQL Injection in Project Permissions Handler
Kanboard is project management software focused on Kanban methodology. Versions prior to 1.2.51 have an authenticated SQL injection vulnerability. Attackers with the permission to add users to a project can leverage this vulnerability to dump the entirety of the kanboard database. Version 1.2.51...
CVE-2026-33058
Kanboard is project management software focused on Kanban methodology. Versions prior to 1.2.51 have an authenticated SQL injection vulnerability. Attackers with the permission to add users to a project can leverage this vulnerability to dump the entirety of the kanboard database. Version 1.2.51...
CVE-2026-33058 Kanboard has Authenticated SQL Injection in Project Permissions Handler
Kanboard is project management software focused on Kanban methodology. Versions prior to 1.2.51 have an authenticated SQL injection vulnerability. Attackers with the permission to add users to a project can leverage this vulnerability to dump the entirety of the kanboard database. Version 1.2.51...
CVE-2026-33058 Kanboard has Authenticated SQL Injection in Project Permissions Handler
Kanboard is project management software focused on Kanban methodology. Versions prior to 1.2.51 have an authenticated SQL injection vulnerability. Attackers with the permission to add users to a project can leverage this vulnerability to dump the entirety of the kanboard database. Version 1.2.51...
CVE-2026-33058
Kanboard is project management software focused on Kanban methodology. Versions prior to 1.2.51 have an authenticated SQL injection vulnerability. Attackers with the permission to add users to a project can leverage this vulnerability to dump the entirety of the kanboard database. Version 1.2.51...
CVE-2026-33058
Kanboard (Kanban project management software) has an authenticated SQL injection vulnerability in the Project Permissions Handler affecting versions prior to 1.2.51. Exploitation requires prior permission to add users to a project, and successful exploitation can dump the entire Kanboard database...
CVE-2026-29056
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.51, Kanboard's user invite registration endpoint UserInviteController::register accepts all POST parameters and passes them to UserModel::create without filtering out the role field. An attacker who receives an...
PT-2026-26167
Kan is an open-source project management tool. In versions 0.5.4 and below, the /api/download/attatchment endpoint has no authentication and no URL validation. The Attachment Download endpoint accepts a user-supplied URL query parameter and passes it directly to fetch server-side, and returns the...
Openapi to Java Records Mustache Templates 输入验证错误漏洞
Openapi to Java Records Mustache Templates is a record-generation tool developed by Christopher Molin. Versions of Openapi to Java Records Mustache Templates prior to 5.5.1 had a vulnerability related to input validation errors. This vulnerability stemmed from the possibility of the parent POM fi...