1633 matches found
Leantime < 2.4 - Authenticated SQL Injection
Leantime is an open source project management system. A 'userId' variable in app/domain/files/repositories/class.files.php is not parameterized. An authenticated attacker can send a carefully crafted POST request to /api/jsonrpc to exploit an SQL injection vulnerability. Confidentiality is impact...
CVE-2026-15476
A security vulnerability has been detected in QILING Disk Master 6.0.0.0. The impacted element is an unknown function in the library diskbckp.sys of the component Kernel Driver. Such manipulation leads to improper access controls. The attack can only be performed from a local environment. The...
CVE-2026-15330
A vulnerability was determined in zhayujie CowAgent up to 2.1.1. Impacted is the function buildimagecontent/downloadtodataurl of the file agent/tools/vision/vision.py of the component Vision Tool. Executing a manipulation of the argument image can lead to server-side request forgery. The attack c...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.12.93 security and extras update
Red Hat OpenShift Container Platform release 4.12.93 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Low...
[SECURITY] [DSA 6382-1] postfix security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6382-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 07, 2026 https://www.debian.org/security/faq -...
CVE-2026-48828
The CVE-2026-48828 issue affects Apache Airflow’s Bulk Variables API: the redactor was invoked without passing the variable key, so the key-based should_hide_value_for_key check (triggered by secret-suffixed keys like *_password, *_token, *_secret) could not redact JSON-typed variable values. An ...
EUVD-2026-42024
The Config API in Apache Airflow surfaced per-key secrets-backend overrides environment variables like AIRFLOWSECRETSBACKENDKWARGSECRETID and AIRFLOWWORKERSSECRETSBACKENDKWARGSECRETID as synthetic config options whose option names were not in sensitiveconfigvalues, so the masker did not redact...
Debian dsa-6381 : ata-modules-6.12.90+deb13-armmp-di - security update
The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6381 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6381-1 [email protected] https://www.debian.org/securit...
Debian dsa-6377 : libapache2-mod-php8.4 - security update
The remote Debian 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6377 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6377-1 [email protected] https://www.debian.org/security/ Moritz...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.18.46 security and extras update
Red Hat OpenShift Container Platform release 4.18.46 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a security impact of...
CVE-2026-53404
Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant that if the first condition in an OR chain matched, subsequent non-OR conditions were skipped. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...
EUVD-2026-40011
A weakness has been identified in Chess Play and Learn App up to 4.9.42 on Android. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.chess. This manipulation causes exposure of backup file to an unauthorized control sphere. It is feasible to perform...
CVE-2026-13514
A weakness has been identified in Chess Play and Learn App up to 4.9.42 on Android. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.chess. This manipulation causes exposure of backup file to an unauthorized control sphere. It is feasible to perform...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.13.68 packages and security update
Red Hat OpenShift Container Platform release 4.13.68 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a...
Debian dsa-6362 : gir1.2-gst-plugins-bad-1.0 - security update
The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6362 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6362-1 [email protected] https://www.debian.org/securit...
[SECURITY] [DLA 4635-1] firefox-esr security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4635-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort June 19, 2026 https://wiki.debian.org/LTS -...
GHSA-4XPC-PV4P-PM3W LiteLLM: Authentication Bypass via Host Header Injection
Impact A Host-header parsing flaw in the LiteLLM proxy could, under specific conditions, allow unauthenticated access to protected management routes. The auth layer derived the effective route from request.url.path in litellm/proxy/auth/authutils.py::getrequestroute, which Starlette reconstructs...
GHSA-83PC-3RW9-QPWJ Deno: WebSocket API sandbox bypass via missing post-DNS check
Summary When a WebSocket connection was opened, Deno checked the destination hostname against --deny-net rules but did not re-check the IP addresses that hostname resolved to. An attacker-controlled script could use a specially crafted domain name that passes the hostname check yet resolves to a...
PT-2026-50173
Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.55 n8n versions prior to 2.25.7 n8n versions prior to 2.26.2 Description An open source workflow automation platform contains an issue where a member-level user with editor access to a shared workflow can reference...
EUVD-2026-36666
A security vulnerability has been detected in GL.iNet GL-MT3000 up to 4.4.5. Affected by this vulnerability is an unknown functionality of the file /usr/bin/oneclickupgrade of the component Online Firmware Upgrade Handler. Such manipulation leads to command injection. The attack can be launched...