CVE-2026-7474

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to code execution on the client host through a path traversal attack. This vulnerability CVE-2026-7474 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11...

CVE-2026-7474

CVE-2026-7474 affects HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 through a path traversal vulnerability on the client host that can lead to code execution. The issue is fixed in Nomad 2.0.1, 1.11.5, and 1.10.11. Affected component is the client-side handling of dynamic host volumes, with...

CLEANSTART-2026-OM95908 Security fixes for CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-61727, CVE-2025-61729, CVE-2026-1229, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, ghsa-2464-8j7c-4cjm, ghsa-2x5j-vhc8-9cwm, ghsa-6v2p-p543-phr9, ghsa-c6gw-w398-hv78, ghsa-fv92-fjc5-jj9h, ghsa-hcg3-q754-cr77, ghsa-jc7w-c686-c4v9, ghsa-mh63-6h87-95cp, ghsa-p77j-4mvh-x3m3, ghsa-qxp5-gwg8-xv66, ghsa-r92c-9c7f-3pj8, ghsa-vvgc-356p-c3xw, ghsa-wjrx-6529-hcj3 applied in versions: 1.10.7-r0, 1.10.7-r1, 1.11.4-r0, 1.11.5-r0, 1.11.5-r1, 1.11.5-r2, 1.9.4-r0

Multiple security vulnerabilities affect the opentofu-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

Fedora 43 : opentofu (2026-49b5d5c5e6)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-49b5d5c5e6 advisory. Update to 1.11.5 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the SpecificCompiler class, when handling untrusted Avro schemas. An attacker can execute code by supplying a malicious schema with commands injected in doc comment values, which can be executed during...

CVE-2025-33042

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version 1.12.0. Users are recommended to upgrade to version 1.12.1 o...

OPENSUSE-SU-2026:10179-1 python311-maturin-1.11.5-1.1 on GA media

These are all security issues fixed in the python311-maturin-1.11.5-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-23892 OctoPrint has Timing Side-Channel Vulnerability in API Key Authentication

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up to and including 1.11.5 are affected by a theoretical timing attack vulnerability that allows API key extraction over the network. Due to using character based comparison that short-circuits on the firs...

CVE-2026-23892 OctoPrint has Timing Side-Channel Vulnerability in API Key Authentication

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up to and including 1.11.5 are affected by a theoretical timing attack vulnerability that allows API key extraction over the network. Due to using character based comparison that short-circuits on the firs...

EUVD-2026-4775

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up to and including 1.11.5 are affected by a theoretical timing attack vulnerability that allows API key extraction over the network. Due to using character based comparison that short-circuits on the firs...

CVE-2026-23892

OctoPrint (web interface for controlling consumer 3D printers) is affected in versions up to and including 1.11.5 by a timing side‑channel vulnerability in API key authentication. The root cause is a character‑by‑character comparison that short‑circuits on the first mismatched character, rather t...

OctoPrint has Timing Side-Channel Vulnerability in API Key Authentication

Impact OctoPrint versions up to and including 1.11.5 are affected by a theoretical timing attack vulnerability that allows API key extraction over the network. Due to using character based comparison that short-circuits on the first mismatched character during API key validation, rather than a...

OctoPrint security vulnerabilities

OctoPrint is an open-source application developed by OctoPrint. It provides a quick web interface for controlling consumer-grade 3D printers. Versions of OctoPrint prior to 1.11.5 have security vulnerabilities. These vulnerabilities stem from the use of character-based comparisons in API key...

PT-2026-5007

Name of the Vulnerable Software and Affected Versions OctoPrint versions up to and including 1.11.5 Description OctoPrint, a web interface for controlling 3D printers, is affected by a timing attack that could allow an attacker with network access to extract API keys. The issue stems from the use...

EUVD-2018-14345

Malware in sbrugna...

Sparklabs Viscosity 安全漏洞

Sparklabs Viscosity is an OpenVPN client from Sparklabs Australia. A security vulnerability exists in SparkLabs Viscosity versions prior to 1.11.5, which stems from the possibility of exploiting the Launch Agent to load dynamic libraries to gain limited access to resources...

Ingress-NGINX controller < 1.11.5 / 1.12 < 1.12.1 Multiple Vulnerabilities

The version of Ingres-NGINX controller installed on the remote host is prior to 1.11.5/1.12.1. It is, therefore, affected by multiple vulnerabilities as referenced as Ingress Nightmare. - A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker wit...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation through the mirror-target and mirror-host annotations. Remediation Upgrade k8s.io/ingress-nginx/rootfs/etc/nginx/template to version 1.11.5, 1.12.1, 4.11.5, 4.12.1 or higher. References - GitHub Commit - GitHub...

Improper Isolation or Compartmentalization

Overview Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization in the Validating Admission Controller feature. An attacker with access to the pod network can execute code, which allows them to access stored secrets. By default, the controller can access al...

PT-2025-12714 · Unknown +1 · Ingress-Nginx +1

Name of the Vulnerable Software and Affected Versions: ingress-nginx versions prior to v1.11.5 ingress-nginx versions from v1.12.0-beta.0 through v1.12.1 Description: A security issue was discovered in ingress-nginx where the mirror-target and mirror-host Ingress annotations can be used to inject...