Improper Removal of Sensitive Information Before Storage or Transfer

Overview renovate is a dependency updater. Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer due to spawned child processes inheriting and not properly filtering environment variables. An attacker can access sensitive...

CVE-2026-26217

Crawl4AI versions prior to 0.8.0 contain a local file inclusion vulnerability in the Docker API deployment. The /executejs, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing unauthenticated remote attackers to read arbitrary files from the server filesystem. An attacker can...

CVE-2026-20627

An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3, watchOS 26.3. An app may be able to access sensitive user data...

GHSA-3C9M-GQ32-G4JX NeuVector scanner insecurely handles passwords as command arguments

Impact A vulnerability has been identified in the NeuVector scanner where the scanner process accepts registry and controller credentials as command-line arguments, potentially exposing sensitive credentials to local users. This may allow unauthorized access to registries or the NeuVector...

NeuVector scanner insecurely handles passwords as command arguments

Impact A vulnerability has been identified in the NeuVector scanner where the scanner process accepts registry and controller credentials as command-line arguments, potentially exposing sensitive credentials to local users. This may allow unauthorized access to registries or the NeuVector...

CVE-2026-26217

Crawl4AI versions prior to 0.8.0 contain a local file inclusion vulnerability in the Docker API deployment. The /executejs, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing unauthenticated remote attackers to read arbitrary files from the server filesystem. An attacker can...

CVE-2026-26217 Crawl4AI < 0.8.0 Docker API Local File Inclusion via file URL Handling

Crawl4AI versions prior to 0.8.0 contain a local file inclusion vulnerability in the Docker API deployment. The /executejs, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing unauthenticated remote attackers to read arbitrary files from the server filesystem. An attacker can...

CVE-2025-13004 IDOR in Farktor Software's E-Commerce Package

Authorization Bypass Through User-Controlled Key vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Manipulating User-Controlled Variables. This issue affects E-Commerce Package: through 27112025...

Malicious code in b10connoisseur (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3b004210d186f2b625699f4d863f3ba95407f836eadfee0168be63f85124b5b7 During installation, package attempts to enumerate the environment and exfiltrates potentially sensitive data to a hardcoded location. --- Category: MALICIOUS ...

PT-2026-7842

Name of the Vulnerable Software and Affected Versions Farktor Software E-Commerce Package versions through 27112025 Description An authorization bypass exists in Farktor Software E-Commerce Package due to manipulation of user-controlled variables. This allows bypassing intended access restriction...

PT-2026-7954

Name of the Vulnerable Software and Affected Versions NeuVector versions prior to 4.072 Description The NeuVector scanner insecurely handles passwords as command arguments. The scanner process accepts registry and controller credentials as command-line arguments, potentially exposing sensitive...

GitLab 13.7 < 18.2.8 / 18.3 < 18.3.4 / 18.4 < 18.4.2 (CVE-2025-9825)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 to 18.2.8, 18.3 before 18.3.4, and 18.4 before 18.4.2 that could have allowed authenticated users without project...

CVE-2026-20627

An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3, watchOS 26.3. An app may be able to access sensitive user data...

CVE-2026-20627

An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in watchOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to access sensitive user data...

CVE-2026-20627

An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3, watchOS 26.3. An app may be able to access sensitive user data...

CVE-2026-20627

An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in watchOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to access sensitive user data...

CVE-2026-20627

An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3, watchOS 26.3. An app may be able to access sensitive user data...

CVE-2026-20627

Affected platforms: watchOS 26.3; macOS Tahoe 26.3; macOS Sonoma 14.8.4; visionOS 26.3; iOS 26.3; iPadOS 26.3.Issue: improper handling of environment variables, with root cause described as improved validation.Impact: an app may access sensitive user data due to this handling.Status: fixed in the...

QNAP Systems QTS和QNAP Systems QuTS hero 安全漏洞

QNAP Systems QTS and QNAP Systems QuTS Hero are both software products with data storage and management functions developed by QNAP Systems, a company based in Taiwan, China. There were security vulnerabilities in versions of QNAP Systems QTS 5.2.8.3332 and QNAP Systems QuTS Hero h5.2.8.3321. The...

Apple多款产品 安全漏洞

Apple watchOS is a smartwatch operating system. apple macOS is a dedicated operating system developed for Mac computers. apple visionOS is an operating system for AR glasses. An information disclosure vulnerability exists in multiple Apple products and is caused due to an issue with the handling ...