4453 matches found
PT-2026-49529
Name of the Vulnerable Software and Affected Versions i18next-http-middleware versions prior to 3.9.7 i18next-fs-backend versions 2.6.5 and earlier Description The missingKeyHandler in i18next-http-middleware fails to reject dotted variants of restricted keys, such as proto .polluted, while only...
BIT-MARIADB-MIN-2026-49261 MariaDB server has unsafe parameter handling in `wsrep_notify_cmd`
MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 with wsrepnotifycmd enabled would execute shell commands embedded in the name of the joiner node. This is fixed in...
Credential Exposure
Overview Affected versions of this package are vulnerable to Credential Exposure in jsonnetfetcher.go that may expose the Kubernetes service account token of the Grafana Operator manager to users with sufficient privileges to create Dashboard or LibraryPanel resources. This token can be used to...
Incorrect Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the native command handling process. An attacker can gain unauthorized access to privileged operations by sending crafted commands that bypass the configured...
[SECURITY] [DSA 6343-1] librabbitmq security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6343-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 12, 2026 https://www.debian.org/security/faq -...
Information Disclosure org.apache.tomcat:tomcat-catalina Dependency in Jira Software Data Center
This High severity Information Disclosure vulnerability was introduced in versions 9.12.1, 9.15.2, 9.16.0, 9.17.0, 10.0.1, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.0 of Jira Software Data Center. This Information Disclosure vulnerability, with a CVS...
OESA-2026-2662 ffmpeg security update
FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash. Security Fixes: When calculating the...
Authentication Bypass by Alternate Name
Overview org.apache.cxf:cxf-rt-rs-security-oauth2 is a services framework. Affected versions of this package are vulnerable to Authentication Bypass by Alternate Name via the JwtAccessTokenValidator class. An attacker can gain unauthorized access to protected resources by replaying a JWT access...
CVE-2026-50633 Apache CXF: JNDI Injection vulnerability in DispatchMDBMessageListenerImpl
A JNDI Injection vulnerability has been discovered in Apache CXF's JCA integration module, which can allow for code execution, if an attacker is able to manipulate the JCA deployment descriptor ra.xml or runtime activation parameters. Users are recommended to upgrade to versions 4.2.2 or 4.1.7,...
Incorrect Privilege Assignment
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Privilege Assignment due to the incorrect assignment of owner-scoped MCP loopback authority to hook-triggered agent processes. An attacker can perform unauthorized privileged...
SSRF (Server-Side Request Forgery) axios Dependency in Bamboo Data Center
This High severity SSRF Server-Side Request Forgery vulnerability was introduced in versions 10.0.0, 10.1.0, 10.2.0, 11.0.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This SSRF Server-Side Request Forgery vulnerability, with a CVSS Score of 8.6 and a CVSS Vector of...
Debian dsa-6339 : libinput-bin - security update
The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6339 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6339-1 [email protected] https://www.debian.org/security/...
CVE-2026-42305
Dulwich is a pure-Python implementation of the Git file formats and protocols. Versions starting with 0.10.0 and prior to 1.2.5 have an arbitrary file write leading to remote code execution when cloning or checking out a malicious Git repository on Windows. Dulwich's path-element validator accept...
CVE-2026-42558
Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.2, a vulnerability chain consisting of Stored XSS and Iframe Sandbox escape in the Xibo CMS allows users with DataSet permissions to use the Data Connector...
Uncontrolled Recursion
Overview Magick.NET-Q16-HDRI-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Heap-based Buffer Overflow
Overview Magick.NET-Q8-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package ar...
Heap-based Buffer Overflow
Overview Magick.NET-Q16-HDRI-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Heap-based Buffer Overflow
Overview Magick.NET-Q8-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Allocation of Resources Without Limits or Throttling
Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Allocation of Resources Without Limits or Throttling
Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...