1520 matches found
PT-2026-57481
This update for libredwg fixes the following issues: Changes in libredwg: - Update to snapshot 0.14.8413 fix dwg next entity NULL pointer dereference CVE-2026-15184, boo1271170 Fix dwg bmp thumbnail overflow checks CVE-2026-15181, boo1271169 Resolve NULL pointer dereference SEGV in match BLOCK...
CVE-2026-11274 vulnerabilities
Vulnerabilities for packages: chromium...
[SECURITY] Fedora 44 Update: 389-ds-base-3.2.2-2.fc44
389 Directory Server is an LDAPv3 compliant server. The base package includes the LDAP server and command line utilities for server administration...
OPENSUSE-SU-2026:10853-1 libppsdocument4_0-6-50.1-2.1 on GA media
These are all security issues fixed in the libppsdocument40-6-50.1-2.1 package on the GA media of openSUSE Tumbleweed...
MAL-2026-3710 Malicious code in ethers-logger (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8f43ab2ac9caeed4f5dd0895f4da7d3a646038768f5d0024f443bb527fd1ad95 The OpenSSF Package Analysis project identified 'ethers-logger' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...
Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: sed: sed-4.10-1.hum1 aarch64, x8664 sed-4.10-1.hum1.src src...
Malicious code in sparkling-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a51b8dc4e5a69bd2a09d2bb1c705963de6b9513ff871237d21a5f6641abc0ac The package sparkling-sdk was found to contain malicious code. Source: ghsa-malware b0457cea0504e91fd51a3802d694a20e91fab0bf48731ae4a18c484eab349202...
CLEANSTART-2026-DK61762 filippo
Multiple security vulnerabilities affect the prometheus-mysqld-exporter package. filippo. See references for individual vulnerability details...
CVE-2026-30082
Multiple stored cross-site scripting XSS vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters...
EUVD-2026-17095
Multiple stored cross-site scripting XSS vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters...
CVE-2026-30082
Multiple stored cross-site scripting XSS vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters...
CVE-2026-30082
Multiple stored cross-site scripting XSS vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters...
CVE-2026-30082
Multiple stored cross-site scripting XSS vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters...
PT-2026-29029
Multiple stored cross-site scripting XSS vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters...
IngEstate Server 安全漏洞
IngEstate Server is a real estate asset management and information service platform developed by IngEstate Server Inc. IngEstate Server v11.14.0 contains a security vulnerability. This vulnerability stems from an editing function on the software package list page that allows for stored cross-site...
CVE-2026-30082
CVE-2026-30082 describes multiple stored cross-site scripting (XSS) vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 . The issue allows an attacker to inject crafted payloads via the About application, What’s new, or Release note parameters to exe...
CVE-2026-30082
Multiple stored cross-site scripting XSS vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters...
CVE-2026-34387 Fleet vulnerable to OS command injection via crafted software package metadata in uninstall scripts
Fleet is open source device management software. Prior to 4.81.1, a command injection vulnerability in Fleet's software installer pipeline allows an attacker to achieve arbitrary code execution as root macOS/Linux or SYSTEM Windows on managed hosts when an uninstall is triggered for a crafted...
Malicious code in nodecognivault (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7709482c6e8d04dee2a9310780eff8f0f31cb64800273088f08a5cd1a8570c0a The package nodecognivault was found to contain malicious code...
MAL-2026-2359 Malicious code in env-embed (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb6e9ae149bf8b69194b4ae8fea78a4f31cbd1c01a9f65a188c063380b5c1d34 The package env-embed was found to contain malicious code...