1921 matches found
Medium: amazon-ecr-credential-helper
Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...
Siemens SCALANCE
SUMMARY SCALANCE W-700 IEEE 802.11n family before V6.6.0 are affected by multiple vulnerabilities. Siemens has released a new version for SCALANCE W-700 IEEE 802.11n family and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a general security measure, Siemens strongly...
CVE-2026-6108 1Panel-dev MaxKB Model Context Protocol Node base_mcp_node.py execute os command injection
A vulnerability was found in 1Panel-dev MaxKB up to 2.6.1. The affected element is the function execute of the file apps/application/flow/stepnode/mcpnode/impl/basemcpnode.py of the component Model Context Protocol Node. Performing a manipulation results in os command injection. The attack is...
SUSE SLES12 Security Update : python-PyJWT (SUSE-SU-2026:1199-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1199-1 advisory. - CVE-2026-32597: Fixed unknown crit header extensions accepts bsc1259616. Tenable has extracted the preceding description block directly fr...
Debian dla-4514 : gir1.2-gst-plugins-base-1.0 - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4514 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-4514-1 [email protected] https://www.debian.org/lts/security/...
PT-2026-28729
Name of the Vulnerable Software and Affected Versions elecV2 versions up to 3.8.3 Description A flaw exists in elecV2, specifically within the Endpoint component. Manipulation of the filename argument in a function related to the /logs file can lead to cross-site scripting. This issue is...
CVE-2026-27876
A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact RCE. This is enabled by a feature in Grafana OSS, so all users are always recommended to update to avoid future attack vectors going this path. Only instances with the...
PT-2026-28545
Name of the Vulnerable Software and Affected Versions Gematik Authenticator versions 4.12.0 through 4.15.9 Description The Gematik Authenticator, used for secure user authentication in digital health applications, has a flaw on Mac OS systems. Opening a specially crafted file can lead to remote...
EUVD-2026-14786
Apache Artemis before version 2.52.0 is affected by an authentication bypass flaw which allows reading all messages exchanged via the broker and injection of new message CVE-2026-27446 https://www.cve.org/CVERecord . Since KNIME Business Hub uses Apache Artemis it is also affected by the issue...
CVE-2026-4649
Apache Artemis before version 2.52.0 is affected by an authentication bypass flaw which allows reading all messages exchanged via the broker and injection of new message CVE-2026-27446 https://www.cve.org/CVERecord . Since KNIME Business Hub uses Apache Artemis it is also affected by the issue...
Siemens SICAM SIAPP SDK
SUMMARY The SICAM SIAPP SDK contains multiple vulnerabilities that could allow an attacker to disrupt the customer-developed SIAPP or its simulation environment. Potential impacts include denial of service within the SIAPP, corruption of SIAPP data, or exploit the simulation environment. These...
Zoom Workplace VDI Client < 6.4.17 Vulnerability (ZSB-26005)
The version of Zoom Workplace VDI Client installed on the remote host is prior to 6.4.17. It is, therefore, affected by a vulnerability as referenced in the ZSB-26005 advisory. - External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an...
PT-2026-20292
Name of the Vulnerable Software and Affected Versions Rent Fetch plugin for WordPress versions up to and including 0.32.4 Description The Rent Fetch plugin for WordPress is susceptible to Stored Cross-Site Scripting through the keyword parameter. This is due to inadequate input sanitization and...
PT-2026-20265
Name of the Vulnerable Software and Affected Versions Datart version 1.0.0-rc.3 Description An issue exists that allows attackers to execute arbitrary code through the url parameter within the JDBC configuration. The affected component is the JDBC configuration. Recommendations Update to a newer...
PT-2026-7291
Name of the Vulnerable Software and Affected Versions Intel Ethernet Controller E810 firmware versions prior to 1.7.8.x Description An out-of-bounds write issue exists in the firmware of some Intel Ethernet Controller E810 devices. A local attacker with privileged user access and low complexity...
PT-2026-7302
Name of the Vulnerable Software and Affected Versions Intel Ethernet Network Adapter E810 versions prior to cvl fw 1.7.6, cpk 1.3.7 Description An out-of-bounds read issue exists in the firmware of certain Intel Ethernet Network Adapter E810 devices. A network-based attacker with authenticated...
PT-2026-6938
Name of the Vulnerable Software and Affected Versions UTT HiPER 810 version 1.7.4-141218 Description A flaw exists in the rehttpd component of UTT HiPER 810. Specifically, the sub 4407D4 function within the /goform/formReleaseConnect file is susceptible to command injection. Manipulating the Isp...
PT-2026-6895
Name of the Vulnerable Software and Affected Versions MP-Ukagaka plugin for WordPress versions through 1.5.2 Description The MP-Ukagaka plugin for WordPress is susceptible to Reflected Cross-Site Scripting due to inadequate input sanitization and output escaping. This allows unauthenticated...
PT-2026-6909
Name of the Vulnerable Software and Affected Versions PHPGurukul Beauty Parlour Management System version 1.1 Description A flaw exists in PHPGurukul Beauty Parlour Management System that allows for SQL injection. This issue is located in the /admin/accepted-appointment.php file. Manipulation of...
PT-2026-6557
Name of the Vulnerable Software and Affected Versions IBM webMethods Integration Server versions 10.15 through IS 10.15 Core Fix2411.1 to IS 11.1 Core Fix8 Description IBM webMethods Integration Server may reveal sensitive user information within its server responses. Recommendations Update to a...