CVE-2026-6106

CVE-2026-6106 affects 1Panel-dev MaxKB

CVE-2026-6106 1Panel-dev MaxKB Public Chat static_headers_middleware.py StaticHeadersMiddleware cross site scripting

A vulnerability was detected in 1Panel-dev MaxKB up to 2.2.1. This vulnerability affects the function StaticHeadersMiddleware of the file apps/common/middleware/staticheadersmiddleware.py of the component Public Chat Interface. The manipulation of the argument Name results in cross site scripting...

CVE-2026-6106 1Panel-dev MaxKB Public Chat static_headers_middleware.py StaticHeadersMiddleware cross site scripting

A vulnerability was detected in 1Panel-dev MaxKB up to 2.2.1. This vulnerability affects the function StaticHeadersMiddleware of the file apps/common/middleware/staticheadersmiddleware.py of the component Public Chat Interface. The manipulation of the argument Name results in cross site scripting...

CVE-2026-6106

A vulnerability was detected in 1Panel-dev MaxKB up to 2.2.1. This vulnerability affects the function StaticHeadersMiddleware of the file apps/common/middleware/staticheadersmiddleware.py of the component Public Chat Interface. The manipulation of the argument Name results in cross site scripting...

CVE-2026-32281 vulnerabilities

Vulnerabilities for packages: zot, secrets-store-csi-driver-provider-aws, flux-image-automation-controller, witness, esbuild, govulncheck, mattermost, kaf, istio, tigera-operator, kubernetes-csi-external-health-monitor, ctop, smarter-device-manager, custom-pod-autoscaler-operator,...

CVE-2026-39408

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a path traversal issue in toSSG allows files to be written outside the configured output directory during static site generation. When using dynamic route parameters via ssgParams, specially...

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: xz: xz-5.8.3-1.1.hum1 aarch64, x8664 xz-devel-5.8.3-1.1.hum1 aarch64, x8664 xz-libs-5.8.3-1.1.hum1 aarch64, x8664 xz-lzma-compat-5.8.3-1.1.hum1 aarch64, x8664 xz-static-5.8.3-1.1.hum1 aarch64,...

PT-2026-32127

A vulnerability was detected in 1Panel-dev MaxKB up to 2.2.1. This vulnerability affects the function StaticHeadersMiddleware of the file apps/common/middleware/static headers middleware.py of the component Public Chat Interface. The manipulation of the argument Name results in cross site...

MaxKB 代码注入漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB 2.2.1 and earlier have a code injection vulnerability. This vulnerability stems from incorrect handling of parameters in the file...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: libxml2: libxml2-16-2.15.2-0.3.hum1 aarch64, x8664 libxml2-2.15.2-0.3.hum1 aarch64, x8664 libxml2-devel-2.15.2-0.3.hum1 aarch64, x8664 libxml2-static-2.15.2-0.3.hum1 aarch64, x8664...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: libcap: captree-2.78-1.1.hum1 aarch64, x8664 libcap-2.78-1.1.hum1 aarch64, x8664 libcap-devel-2.78-1.1.hum1 aarch64, x8664 libcap-static-2.78-1.1.hum1 aarch64, x8664 libcap-2.78-1.1.hum1.src src...

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: glib2: glib2-2.88.0-1.1.hum1 aarch64, x8664 glib2-devel-2.88.0-1.1.hum1 aarch64, x8664 glib2-doc-2.88.0-1.1.hum1 aarch64, x8664 glib2-static-2.88.0-1.1.hum1 aarch64, x8664...

EUVD-2026-21239

A flaw has been found in Tenda F451 1.0.0.7. Affected is the function fromRouteStatic of the file /goform/RouteStatic. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used...

Tenda F451 安全漏洞

The Tenda F451 is a wireless router produced by the Chinese company Tenda. Version 1.0.0.7 of the Tenda F451 contains a security vulnerability. This vulnerability stems from the improper validation of the fromRouteStatic function in the file /goform/RouteStatic, which handles the page parameter...

CVE-2026-5989 Tenda F451 RouteStatic fromRouteStatic stack-based overflow

A flaw has been found in Tenda F451 1.0.0.7. Affected is the function fromRouteStatic of the file /goform/RouteStatic. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used...

CVE-2026-5989

A flaw has been found in Tenda F451 1.0.0.7. Affected is the function fromRouteStatic of the file /goform/RouteStatic. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used...

CVE-2026-5989 Tenda F451 RouteStatic fromRouteStatic stack-based overflow

A flaw has been found in Tenda F451 1.0.0.7. Affected is the function fromRouteStatic of the file /goform/RouteStatic. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used...

CVE-2026-34392

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 20.0.0 to before 27.0.3 and 28.0.1, a bug in the static file router can allow an attacker to traverse outside of the intended directory...

CVE-2025-57175

Siklu EtherHaul 8010 siklu-uimage-nxp-enc-1062-18707-ea552dc00b devices have a static root password...

PT-2026-31829

Name of the Vulnerable Software and Affected Versions Tenda F451 version 1.0.0.7 Description A flaw in the fromRouteStatic function within the /goform/RouteStatic file allows for a remote stack-based buffer overflow. This occurs when the page argument is manipulated, enabling a remote attacker to...