Unity Linux 20.1060e / 20.1070e Security Update: wildfly-security-manager (UTSA-2026-016673)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016673 advisory. Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an...

CVE-2026-32621

Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Prior to 2.9.6, 2.10.5, 2.11.6, 2.12.3, and 2.13.2, a vulnerability exists in query plan execution within the gateway that may allow pollution of Object.prototype in certain scenarios. A malicious client m...

CVE-2026-32621 Apollo Federation has prototype pollution via incomplete key sanitization

Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Prior to 2.9.6, 2.10.5, 2.11.6, 2.12.3, and 2.13.2, a vulnerability exists in query plan execution within the gateway that may allow pollution of Object.prototype in certain scenarios. A malicious client m...

AZL-78374 CVE-2026-27571 affecting package telegraf 1.31.0-12

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The WebSockets handling of NATS messages handles compressed messages via the WebSockets negotiated compression. Prior to versions 2.11.2 and 2.12.3, the implementation bound the memory size of a NATS...

GHSA-QRVQ-68C2-7GRW nats-server websockets are vulnerable to pre-auth memory DoS

Impact The WebSockets handling of NATS messages handles compressed messages via the WebSockets negotiated compression. The implementation bound the memory size of a NATS message but did not independently bound the memory consumption of the memory stream when constructing a NATS message which migh...

CVE-2026-27571

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The WebSockets handling of NATS messages handles compressed messages via the WebSockets negotiated compression. Prior to versions 2.11.2 and 2.12.3, the implementation bound the memory size of a NATS...

Raimersoft TapinRadio 安全漏洞

Raimersoft TapinRadio is a web radio software developed by Raimersoft Corporation. The version 2.12.3 of Raimersoft TapinRadio contains a security vulnerability. This vulnerability stems from a buffer overflow in the proxy address configuration field, which could lead to a denial-of-service attac...

Raimersoft TapinRadio 安全漏洞

Raimersoft TapinRadio is a web radio software developed by Raimersoft Corporation. The version 2.12.3 of Raimersoft TapinRadio contains a security vulnerability. This vulnerability stems from a buffer overflow in the proxy username configuration field, which could lead to a denial-of-service atta...

CVE-2020-37171 TapinRadio 2.12.3 - 'username' Denial of Service

TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy username configuration that allows local attackers to crash the application. Attackers can overwrite the username field with 10,000 bytes of arbitrary data to trigger an application crash and prevent normal...

PT-2026-21766

Name of the Vulnerable Software and Affected Versions NATS-Server versions prior to 2.11.2 NATS-Server versions prior to 2.12.3 Description NATS-Server, a high-performance messaging system, has an issue in its WebSocket implementation. The server handles compressed messages via WebSocket negotiat...

OPENSUSE-SU-2025:15697-1 kumactl-2.12.3-1.1 on GA media

These are all security issues fixed in the kumactl-2.12.3-1.1 package on the GA media of openSUSE Tumbleweed...

EUVD-2019-10980

Malware in sbrugna...

EUVD-2019-10974

Malware in sbrugna...

EUVD-2019-10976

Malware in sbrugna...

EUVD-2019-10975

Malware in sbrugna...

Nginx Proxy Manager 安全漏洞

Nginx Proxy Manager is a Docker container for Nginx Proxy Manager open source. It is used to manage Nginx proxy hosts through a simple and powerful interface. A security vulnerability exists in Nginx Proxy Manager version v2.12.3, which stems from an improperly configured CORS and could lead to a...

CVE-2025-50579

A CORS misconfiguration in Nginx Proxy Manager v2.12.3 allows unauthorized domains to access sensitive data, particularly JWT tokens, due to improper validation of the Origin header. This misconfiguration enables attackers to intercept tokens using a simple browser script and exfiltrate them to a...

CVE-2025-50579

A CORS misconfiguration in Nginx Proxy Manager v2.12.3 allows unauthorized domains to access sensitive data, particularly JWT tokens, due to improper validation of the Origin header. This misconfiguration enables attackers to intercept tokens using a simple browser script and exfiltrate them to a...

PT-2025-33735 · Unknown · Nginx Proxy Manager

Name of the Vulnerable Software and Affected Versions: Nginx Proxy Manager version 2.12.3 Description: A Cross-Origin Resource Sharing CORS misconfiguration allows unauthorized domains to access sensitive data, specifically JSON Web Tokens JWT, due to improper validation of the Origin header. Thi...

GHSA-72WW-4RCW-MC62 Apache JSPWiki Cross-Site Scripting (XSS) Vulnerability in the Image Plugin

A carefully crafted request using the Image plugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.3 or later...