1687 matches found
Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in jasperreports (CVE-2025-10492)
Summary IBM Sterling Control Center is affected by a vulnerability CVE-2025-10492 reported for jasperreports-7.0.2.jar. Vulnerability Details CVEID:CVE-2025-10492 DESCRIPTION: A Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied...
Security update for hauler (moderate)
openSUSE security update: security update for hauler ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20662-1 Rating: moderate References: bsc1258614 Cross-References: CVE-2026-24122 CVSS scores: CVE-2026-24122 SUSE : 3.7...
TRENDnet TEW-821DAP 数据伪造问题漏洞
TRENDnet TEW-821DAP is a wireless access point from the company TRENDnet. Versions of TRENDnet TEW-821DAP prior to 1.12B01 contained a data falsification vulnerability. This vulnerability stems from insufficient validation of data authenticity in the platformdoupgradecameodev function within the...
OPENSUSE-SU-2026:20662-1 Security update for hauler
This update for hauler fixes the following issues: Changes in hauler: - update to 1.4.2 bsc1258614, CVE-2026-24122: Bump github.com/theupdateframework/go-tuf/v2 from 2.3.0 to 2.3.1 in the gomodules group across 1 directory fix for new helm chart features Bump github.com/sigstore/rekor from 1.4.3 ...
GHSA-MP4J-H6GH-F6MP n8n has SQL Injection in SeaTable Node
Impact A flaw in the SeaTable node's row:search and row:get operations allowed user-controlled input to be concatenated directly into SQL query strings without escaping or parameterization. In workflows where external user input is passed via expressions into the SeaTable node's search or row...
CVE-2026-41399
OpenClaw before 2026.3.28 accepts unbounded concurrent unauthenticated WebSocket upgrades without pre-authentication budget allocation. Unauthenticated network attackers can exhaust socket and worker capacity to disrupt WebSocket availability for legitimate clients...
CVE-2026-41399 OpenClaw < 2026.3.28 - Denial of Service via Unbounded Pre-auth WebSocket Upgrades
OpenClaw before 2026.3.28 accepts unbounded concurrent unauthenticated WebSocket upgrades without pre-authentication budget allocation. Unauthenticated network attackers can exhaust socket and worker capacity to disrupt WebSocket availability for legitimate clients...
CVE-2026-41399
OpenClaw before 2026.3.28 accepts unbounded concurrent unauthenticated WebSocket upgrades without pre-authentication budget allocation. Unauthenticated network attackers can exhaust socket and worker capacity to disrupt WebSocket availability for legitimate clients...
EUVD-2026-26107
OpenClaw before 2026.3.28 accepts unbounded concurrent unauthenticated WebSocket upgrades without pre-authentication budget allocation. Unauthenticated network attackers can exhaust socket and worker capacity to disrupt WebSocket availability for legitimate clients...
CVE-2026-41399
OpenClaw before 2026.3.28 allows unbounded concurrent unauthenticated WebSocket upgrades without pre-authentication budget Allocation, enabling unauthenticated attackers to exhaust socket and worker capacity and disrupt WebSocket availability for legitimate clients. The issue is tracked as CVE-20...
PT-2026-35783
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.28 Description OpenClaw accepts unbounded concurrent unauthenticated WebSocket upgrades without pre-authentication budget allocation. This allows unauthenticated network attackers to exhaust socket and worker...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.28 contained security vulnerabilities. These vulnerabilities stemmed from accepting unlimited concurrent unauthenticated WebSocket upgrades, which could allow unauthenticated...
PT-2026-35080
Name of the Vulnerable Software and Affected Versions tough versions prior to 0.22.0 Description Remote authenticated users with delegated signing authority can bypass TUF specification integrity checks for delegated targets metadata and poison the local metadata cache. This occurs because the lo...
virt:kvm_utils3 bug fix update
hivex 1.3.18-23 - Limit recursion in ri-records CVE-2021-3622 resolves: rhbz1976194 1.3.18-22.el8 - Resolves: bz2000225 Rebase virt:rhel module:stream based on AV-8.6 1.3.18-21 - Bounds check for block exceeding page length CVE-2021-3504 resolves: rhbz1950501 1.3.18 - Resolves: bz1810193 Upgrade...
Security Bulletin: Due to use of jetty-server-12.0.16.jar, IBM Sterling Connect:Direct Web Services is affected by response not compressed issue for corresponding HTTP request, causing the leak.
Summary jetty-server-12.0.16.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-1605. Vulnerability Details CVEID:CVE-2026-1605 DESCRIPTION: In Eclipse Jetty, versions 12.0.0-12.0.31 and 12.1.0-12.0.5, class GzipHandler exposes a vulnerability when a compressed HTTP request, with...
GHSA-2GW9-C2R2-F5QF Neko has a Self-service Privilege Escalation for Authenticated Users
Impact Any authenticated user can immediately obtain full administrative control of the entire Neko instance member management, room settings, broadcast control, session termination, etc.. This results in a complete compromise of the instance. Patches The vulnerability has been patched in the...
Debian dsa-6211 : thunderbird - security update
The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6211 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6211-1 [email protected]...
CVE-2026-40306
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. All new installations of DNN 10.x.x - 10.2.1 have the same Host GUID. This does not affect upgrades from 9.x.x. Version 10.2.2 patches the issue...
CVE-2026-40306
DNN Platform (DotNetNuke) CVE-2026-40306 describes a flaw where all new installations of DNN 10.x.x–10.2.1 use the same Host GUID. Red Hat, NVD, CVE listings, and related advisories indicate this shortcoming stems from predictable HostGUID values introduced in releases prior to 10.2.2, which patc...
CVE-2026-40306
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. All new installations of DNN 10.x.x - 10.2.1 have the same Host GUID. This does not affect upgrades from 9.x.x. Version 10.2.2 patches the issue...