6408 matches found
CVE-2026-6198
A vulnerability has been found in Tenda F456 1.0.0.5. This issue affects the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclos...
io.vertx/vertx-core: static handler component cache can be manipulated to deny the access to static files
A flaw was found in Vert.x. The Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URIs, preventing legitimate users from accessing static files with an HTTP 404 response...
io.vertx/vertx-core: static handler component cache can be manipulated to deny the access to static files
A flaw was found in Vert.x. The Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URIs, preventing legitimate users from accessing static files with an HTTP 404 response...
io.vertx/vertx-core: static handler component cache can be manipulated to deny the access to static files
A flaw was found in Vert.x. The Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URIs, preventing legitimate users from accessing static files with an HTTP 404 response...
Important: Red Hat Security Advisory: Red Hat build of Quarkus 3.27.3 release and security update
An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more informatio...
JLSEC-2026-98 Deno's static imports inside dynamically imported modules do not adhere to permission checks
Impact Modules that are dynamically imported through import or new Worker might have been able to bypass network and file system permission checks when statically importing other modules. In Deno 1.5.x and 1.6.x only programs dynamically importing especially transitively untrusted code are...
EUVD-2026-22245
Kiuwan SAST improperly authorizes SSO logins for locally disabled mapped user accounts, allowing disabled users to continue accessing the application. Kiuwan Cloud was affected, and Kiuwan SAST on-premise KOP was affected before 2.8.2509.4...
EUVD-2026-22058
A vulnerability has been found in Tenda F456 1.0.0.5. This issue affects the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclos...
EUVD-2026-21984
A security vulnerability has been detected in UTT HiPER 1200GW up to 2.5.3-170306. This vulnerability affects the function strcpy of the file /goform/formNatStaticMap. The manipulation of the argument NatBind leads to buffer overflow. The attack is possible to be carried out remotely. The exploit...
CVE-2026-6198 Tenda F456 NatStaticSetting fromNatStaticSetting stack-based overflow
A vulnerability has been found in Tenda F456 1.0.0.5. This issue affects the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclos...
CVE-2026-6186
A security vulnerability has been detected in UTT HiPER 1200GW up to 2.5.3-170306. This vulnerability affects the function strcpy of the file /goform/formNatStaticMap. The manipulation of the argument NatBind leads to buffer overflow. The attack is possible to be carried out remotely. The exploit...
CVE-2026-6106
A vulnerability was detected in 1Panel-dev MaxKB up to 2.2.1. This vulnerability affects the function StaticHeadersMiddleware of the file apps/common/middleware/staticheadersmiddleware.py of the component Public Chat Interface. The manipulation of the argument Name results in cross site scripting...
BayreuthWing
A transformer-based deep learning system for detecting securit...
CVE-2026-6106
A vulnerability was detected in 1Panel-dev MaxKB up to 2.2.1. This vulnerability affects the function StaticHeadersMiddleware of the file apps/common/middleware/staticheadersmiddleware.py of the component Public Chat Interface. The manipulation of the argument Name results in cross site scripting...
CVE-2026-6106
A vulnerability was detected in 1Panel-dev MaxKB up to 2.2.1. This vulnerability affects the function StaticHeadersMiddleware of the file apps/common/middleware/staticheadersmiddleware.py of the component Public Chat Interface. The manipulation of the argument Name results in cross site scripting...
CVE-2026-6106 1Panel-dev MaxKB Public Chat static_headers_middleware.py StaticHeadersMiddleware cross site scripting
A vulnerability was detected in 1Panel-dev MaxKB up to 2.2.1. This vulnerability affects the function StaticHeadersMiddleware of the file apps/common/middleware/staticheadersmiddleware.py of the component Public Chat Interface. The manipulation of the argument Name results in cross site scripting...
CVE-2026-6106 1Panel-dev MaxKB Public Chat static_headers_middleware.py StaticHeadersMiddleware cross site scripting
A vulnerability was detected in 1Panel-dev MaxKB up to 2.2.1. This vulnerability affects the function StaticHeadersMiddleware of the file apps/common/middleware/staticheadersmiddleware.py of the component Public Chat Interface. The manipulation of the argument Name results in cross site scripting...
CVE-2026-6106
CVE-2026-6106 affects 1Panel-dev MaxKB
CVE-2026-32281 vulnerabilities
Vulnerabilities for packages: nri-consul, task, aactl, flannel, frp, oras, pulumi, http-echo, local-path-provisioner, kubernetes-csi-node-driver-registrar, dive, terraform-docs, hugo, infinispan-operator, istio, polaris, dynamic-localpv-provisioner, terraform-provider-tls, atlantis, bento,...
CVE-2026-39408
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a path traversal issue in toSSG allows files to be written outside the configured output directory during static site generation. When using dynamic route parameters via ssgParams, specially...