CVE-2026-26190

Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath...

EUVD-2024-28156

Malicious code in bioql PyPI...

EUVD-2023-0404

Malicious code in bioql PyPI...

CVE-2023-22795 affecting package ruby 2.6.10-1

CVE-2023-22795 affecting package ruby 2.6.10-1. This CVE either no longer is or was never applicable...

CVE-2024-28882

OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session...

WordPress Loco Translate Plugin <= 2.6.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software Loco Translate Type Plugin Vulnerable versions = 2.6.9 Fixed in 2.6.10 OWASP Top 10 A4: Insecure Design Classification Cross Site Request Forgery CSRF CVE CVE-2024-37236 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f02123bf72f2 Credits Nosa Shandy Required...

CVE-2024-25116 Specially crafted CF.RESERVE command can lead to denial-of-service

RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, authenticated users can use the CF.RESERVE command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in RedisBloom 2.4.7...

PT-2023-26814 · Crocoblock · Crocoblock Jetelements For Elementor

Name of the Vulnerable Software and Affected Versions: Crocoblock JetElements For Elementor versions 2.6.10 and earlier Description: The issue is related to an Improper Control of Generation of Code 'Code Injection' vulnerability. This allows for code injection, which can be exploited by attacker...

GHSA-FPRR-RRM8-4534 Apache Dubbo vulnerable to remote code execution via Telnet Handler

Apache Dubbo is a Java based, open source RPC framework. Versions prior to 2.6.10 and 2.7.10 are vulnerable to pre-authorization remote code execution via arbitrary bean manipulation in the Telnet handler. The Dubbo main service port can be used to access a Telnet Handler which offers some basic...

Apache Dubbo vulnerable to remote code execution via Telnet Handler

Apache Dubbo is a Java based, open source RPC framework. Versions prior to 2.6.10 and 2.7.10 are vulnerable to pre-authorization remote code execution via arbitrary bean manipulation in the Telnet handler. The Dubbo main service port can be used to access a Telnet Handler which offers some basic...

PT-2022-17580 · Vuetify · Vuetify

Name of the Vulnerable Software and Affected Versions: vuetify versions 2.0.0-beta.4 through 2.6.10 Description: The issue is related to Cross-site Scripting XSS due to improper input sanitization in the eventName function within the VCalendar component. This allows for potential malicious script...

PT-2021-19956 · Apache · Apache Dubbo

Name of the Vulnerable Software and Affected Versions: Apache Dubbo versions prior to 2.6.10 and 2.7.10 Description: Apache Dubbo is a Java-based, open-source RPC framework. The issue concerns pre-auth remote code execution via arbitrary bean manipulation in the Telnet handler. The Dubbo main...

SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2017:1400-1)

This update for java-170-openjdk fixes the following issues : - Update to 2.6.10 - OpenJDK 7u141 bsc1034849 - Security fixes - S8163520, CVE-2017-3509: Reuse cache entries - S8163528, CVE-2017-3511: Better library loading - S8165626, CVE-2017-3512: Improved window framing - S8167110, CVE-2017-351...

Postfix SMTP Server Cyrus SASL Support Memory Corruption Vulnerability

Postfix SMTP server is prone to a memory corruption vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

security flaw

Signedness error in the copyfromreadbuf function in ntty.c for Linux kernel 2.6.10 and 2.6.11rc1 allows local users to read kernel memory via a negative argument...

Linux Kernel <= 2.6.10 Local Denial of Service Exploit

Exploit for linux platform in category dos / poc ====================================================== Linux Kernel include include include include include include include include include include include define SIZE 0x80004242 syscall5int, llseek, uint, fd, ulong, hi, ulong, lo, lofft , res, uin...

PT-2005-1583 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 2.6.10 through 2.6.11rc1 Description: A signedness error in the copy from read buf function in n tty.c allows local users to read kernel memory via a negative argument. Recommendations: For Linux kernel versions 2.6.10...