11082 matches found
OpenTelemetry Collector Contrib 安全漏洞
OpenTelemetry Collector Contrib is an extensible telemetry data collection component library developed under OpenTelemetry - CNCF. There are security vulnerabilities in versions 0.124.0 to 0.150.0 of OpenTelemetry Collector Contrib. These vulnerabilities stem from the Authenticate method not...
PT-2026-40693
In the Linux kernel, the following vulnerability has been resolved: arm64: contpte: fix set access flags no-op check for SMMU/ATS faults contpte ptep set access flags compared the gathered ptep get value against the requested entry to detect no-ops. ptep get ORs AF/dirty from all sub-PTEs in the...
CVE-2025-29338
NXP moal.ko Wi-Fi driver 5.1.7.10 FW version from v17.92.1.p149.43 To v17.92.1.p149.157 was discovered to contain a buffer overflow via the modpara parameter in the woalinitmoduleparam function...
Linux Distros Unpatched Vulnerability : CVE-2026-43486
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - arm64: contpte: fix setaccessflags no-op check for SMMU/ATS faults contpteptepsetaccessflags compared the gathered ptepget value against the requested entry to...
Next.js 代码问题漏洞
Next.js is a React framework open source by Vercel. Versions of Next.js from 13.4.13 to 15.5.16, as well as versions before 16.2.5, have code vulnerabilities. These vulnerabilities stem from the use of the built-in Node.js server for hosting. When a custom WebSocket upgrade request is made, it ma...
Linux Distros Unpatched Vulnerability : CVE-2026-43435
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: rustbinder: fix oneway spam detection The spam detection logic in TreeRange was executed...
urllib3 安全漏洞
urllib3 is an open-source Python HTTP library developed by urllib3. This product features a thread-safe connection pool and support for file publishing. There were security vulnerabilities in the versions of urllib3 from 2.6.0 to 2.7.0. These vulnerabilities stemmed from the possibility of...
EUVD-2026-29854
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. From 3.0.0 to before 3.0.15, there is an unhandled exception std::outofrange caused by unsigned integer underflow in libmodsecurity3 if the user administrator uses a rule any of @verifySSN...
CVE-2026-44218 ciguard: Container image runs as root (no USER directive)
ciguard is a static security auditor for CI/CD pipelines. From 0.1.0 to 0.8.1, the published ghcr.io/jo-jo98/ciguard container image inherits the default root user because the Dockerfile lacks a USER directive. This vulnerability is fixed in 0.8.2...
actbench (=0.0.1a5), agenticos (>=0.0.1 <=0.0.3.155020) +46 more potentially affected by CVE-2026-31245 via mem0ai (>=0.0.20 <=0.1.93)
mem0ai PYPI version =0.0.20, =0.0.1, =1.1.0, =1.1.0, =0.1.41, =1.0.4, =0.61.0, =0.13.0, =0.1.108, =0.1.117, =0.1.120a1, =0.1.120, =0.1.3, =0.1.0, =0.2.1 and more Source cves: CVE-2026-31245 Source advisory: OSV:GHSA-CGX8-QGVR-F7VF...
EUVD-2026-29512
Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via graph container parameter. This issue affects Pandora FMS: from 777 through 800...
CVE-2026-30805
Insecure Default Initialization of Resource vulnerability allows Authentication Bypass via API access. This issue affects Pandora FMS: from 777 through 800...
azure-ai-generative (>=1.0.0b1 <=1.0.0b3), azure-ai-resources (>=1.0.0b1 <=1.0.0b9) +15 more potentially affected by CVE-2026-2614 via mlflow-skinny (>=3.0.0 <=3.0.1)
mlflow-skinny PYPI version =3.0.0, =1.0.0b1, =1.0.0b1, =0.1.0, =0.1.0, =2.5.0, =0.0.13, =3.0.0, =0.1.0, =0.1.4 and more Source cves: CVE-2026-2614 Source advisory: SNYK:PYTHON-MLFLOWSKINNY-16643511...
CVE-2026-34187 SQL Injection in Graph Container Parameter
Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via graph container parameter. This issue affects Pandora FMS: from 777 through 800...
CVE-2026-30808
CVE-2026-30808 concerns Pandora FMS versions 777–800, where a session fixation flaw allows session hijacking via crafted session IDs. The connected sources confirm the vulnerability title and affected range, indicating a problem in authentication/session handling. The impact details in the source...
CVE-2026-30808 Session Fixation in Authentication leads to Session Hijacking
Session Fixation vulnerability allows Session Hijacking via crafted session ID. This issue affects Pandora FMS: from 777 through 800...
NPM: protobuf.js: Code injection in pbjs static output from crafted schema names
NPM: protobuf.js: Code injection in pbjs static output from crafted schema names vulnerability discovered by ? in WordPress Npm protobufjs-cli versions = 1.2.0...
node-ral (=0.17.0), protobufjs (=6.1.0) +1 more potentially affected by CVE-2026-44293 via @protobufjs/utf8 (>=1.0.1 <=1.1.0)
@protobufjs/utf8 NPM version =1.0.1, =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on @protobufjs/utf8 and may be impacted: - node-ral =0.17.0 - protobufjs =6.1.0 - protobufjs-mod =6.8.2 Source cves: CVE-2026-44293 Source advisory:...
@0xchain/telemetry (>=1.1.0-beta.8 <=1.1.0-beta.18), @20206205tech/nestjs-common (>=0.8.0 <=0.11.3) +958 more potentially affected by CVE-2026-44288 via protobufjs (>=8.0.0 <=8.0.1)
protobufjs NPM version =8.0.0, =1.1.0-beta.8, =0.8.0, =1.0.0, =1.1.4, =0.3.1, =0.3.1, =0.7.1, =0.7.0, =0.8.0 and more Source cves: CVE-2026-44288 Source advisory: SNYK:JS-PROTOBUFJS-16643234...
CVE-2026-32687 SQL injection via channel name in Postgrex.Notifications.listen/3 and unlisten/3
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in elixir-ecto postgrex 'Elixir.Postgrex.Notifications' module allows SQL Injection. The channel argument passed to 'Elixir.Postgrex.Notifications':listen/3 and...