107423 matches found
Migration assessment 安全漏洞
Migration assessment is an open-source tool developed by KubeV2V for evaluating and providing migration recommendations for VMware environments. There is a security vulnerability in Migration assessment. This vulnerability stems from the /api/v1/sources/id/image-url endpoint, where improper acces...
NSA Ghidra 参数注入漏洞
NSA Ghidra is an open-source reverse-engineering tool developed by the National Security Agency National Security Agency of the United States. Prior to version 12.1 of NSA Ghidra, there was a parameter injection vulnerability. This vulnerability stemmed from improper escaping of the ‘cmd.exe’...
Linux Distros Unpatched Vulnerability : CVE-2026-41854
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Due to incorrect host parsing, applications that rely on UriComponentsBuilder to parse and validate an externally provided URL string may be exposed to a...
PT-2026-48495
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious classic dashboard that...
EulerOS 2.0 SP13 : golang (EulerOS-SA-2026-2291)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.CVE-2026-25679 Actions which insert URLs into the...
CVE-2026-46546
Summary: CVE-2026-46546 affects Frappe LMS. Before v2.53.0, an authenticated user could insert crafted content in certain user-editable fields, which—when surfaced in page metadata—caused visitors’ browsers to navigate to an attacker-chosen URL. The issue has been patched in v2.53.0. Impact (as s...
CVE-2026-41706
Spring Security: CookieRequestCache and CookieServerRequestCache store the full absolute pre-authentication URL in a browser cookie and use it as the post-login redirect target without validation. Affected versions include Spring Security 5.7.0–5.7.23; 5.8.0–5.8.25; 6.3.0–6.3.16; 6.4.0–6.4.16; 6....
CVE-2026-41706 Open Redirect When Using CookieRequestCache
Spring Security's CookieRequestCache and CookieServerRequestCache store the pre-authentication request URL in a browser cookie so that users can be redirected back to their intended destination after a successful login. In affected versions, the full absolute URL is stored in the cookie and is us...
CVE-2026-47928
creationtimestamp| type| source ---|---|--- 2026-06-09 22:32:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnvatdnnrd2q 2026-06-10 08:00:52+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnwamaibk62s 2026-06-15 16:37:06+00:00| seen|...
CVE-2026-47930
creationtimestamp| type| source ---|---|--- 2026-06-09 22:27:09+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnvaketsgc2v 2026-06-10 09:01:14+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnwdxh5ab625 2026-06-15 19:37:06+00:00| seen|...
CVE-2026-47932
creationtimestamp| type| source ---|---|--- 2026-06-09 22:07:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnv7gj4vo52e 2026-06-10 07:00:57+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnw5b3mdyo27 2026-06-15 17:07:07+00:00| seen|...
CVE-2026-47106
creationtimestamp| type| source ---|---|--- 2026-06-09 21:56:49+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnv6u2vvte23...
CVE-2026-32856
creationtimestamp| type| source ---|---|--- 2026-06-09 21:51:46+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnv6l4h2yn2v...
CVE-2026-11824
creationtimestamp| type| source ---|---|--- 2026-06-09 21:46:46+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnv6c5utvl2h 2026-06-09 22:23:24+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mnvadonscf2q 2026-06-18 17:10:38+00:00| seen|...
Malicious code in getd-eslint-rules (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 17328047b2ec8dce82cfbdfd5b16c8f862d51dca26b02c9801587c220a48975a On npm install, postinstall.js collects host identifiers os.hostname, os.userInfo username, os.platform, current working directory, CI environment...
MAL-2026-5466 Malicious code in getd-eslint-rules (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 17328047b2ec8dce82cfbdfd5b16c8f862d51dca26b02c9801587c220a48975a On npm install, postinstall.js collects host identifiers os.hostname, os.userInfo username, os.platform, current working directory, CI environment...
Malicious code in db-dx-connector (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0a6cd3a84c38e801823eba4ccf0d4ff2a28f5955309bfb300f7f0f640b1a69b db-dx-connector is a name-transposition of the legitimate divblox package dx-db-connector the package.json even points repository.url at...
CVE-2025-67862
creationtimestamp| type| source ---|---|--- 2026-06-09 17:45:01+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnuqrsjdj32e 2026-06-10 13:15:13+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mnws6ecbbi2y...
CVE-2026-8025
creationtimestamp| type| source ---|---|--- 2026-06-09 17:39:57+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnuqisenyh2x...
CVE-2026-49955
creationtimestamp| type| source ---|---|--- 2026-06-09 17:35:53+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnuqb4o7py2v...