CVE-2026-12206 Grit42 Grit data_table_entity.rb DataTableEntity sql injection

A vulnerability was identified in Grit42 Grit up to 0.11.0. This issue affects the function Grit::Assays::DataTableEntity of the file modules/assays/backend/app/models/grit/assays/datatableentity.rb. The manipulation leads to sql injection. The attack is possible to be carried out remotely. The...

EUVD-2026-36541

Improper handling of HPACK dynamic table size updates in the AWS Common Runtime aws-c-http library might allow a remote threat actor operating a server to cause memory corruption on a connecting client application, potentially leading to arbitrary code execution, via a crafted sequence of HTTP/2...

CLEANSTART-2026-OH43332 Security fixes for CVE-2022-29526, CVE-2025-47907, CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-68121, CVE-2026-24515, CVE-2026-25210, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, ghsa-4f99-4q7p-p3gh applied in versions: 0.10-r0, 0.10-r1, 0.10-r2, 0.10-r3, 0.10-r4, 0.10-r5, 0.11-r0

Multiple security vulnerabilities affect the druid-exporter-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2025-56526

CVE-2025-56526 concerns Kotaemon 0.11.0 and is described as a cross-site scripting (XSS) vulnerability. The issue allows an attacker to execute arbitrary code through a crafted PDF rendered by Kotaemon. The published descriptor includes a CVSS 3.1 base score of 6.1 (Medium) with network attack ve...

CVE-2025-59425 vLLM vulnerable to timing attack at bearer auth

vLLM is an inference and serving engine for large language models LLMs. Before version 0.11.0rc2, the API key support in vLLM performs validation using a method that was vulnerable to a timing attack. API key validation uses a string comparison that takes longer the more characters the provided A...

EUVD-2025-32853

vLLM is an inference and serving engine for large language models LLMs. Before version 0.11.0rc2, the API key support in vLLM performs validation using a method that was vulnerable to a timing attack. API key validation uses a string comparison that takes longer the more characters the provided A...

SUSE CVE-2025-53549

The Matrix Rust SDK is a collection of libraries that make it easier to build Matrix clients in Rust. An SQL injection vulnerability in the EventCache::findeventwithrelations method of matrix-sdk 0.11 and 0.12 allows malicious room members to execute arbitrary SQL commands in Matrix clients that...

Matrix Rust SDK SQL注入漏洞

Matrix Rust SDK is an open source Rust-based Matrix client server development toolkit from The Matrix.org Foundation. A SQL injection vulnerability exists in Matrix Rust SDK versions 0.11 and 0.12, which stems from SQL injection in the EventCache::findeventwithrelations method, and could lead to...

Notepad Next 缓冲区错误漏洞

Notepad Next is a notepad program by dail8859 individual developer. A buffer error vulnerability exists in Notepad Next v0.11 and earlier versions, which stems from an out-of-bounds read in the lparser.C file, which may result in an over-read of the heap buffer...

CVE-2024-42475 OAuth library for nim allows insecure generation of state values by generateState - entropy too low and uses regular PRNG instead of CSPRNG

In the OAuth library for nim prior to version 0.11, the state values generated by the generateState function do not have sufficient entropy. These can be successfully guessed by an attacker allowing them to perform a CSRF vs a user, associating the user's session with the attacker's protected...

Jenkins Plugin Pipeline restFul 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

CVE-2022-1907

Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11...

Prosodical Thoughts Prosody 竞争条件问题漏洞

Prosodical Thoughts Prosody is a Prosodical Thoughts open source application . A modern XMPP communication server. A security vulnerability exists in Prosody prior to version 0.11.9. A remote attacker could exploit the vulnerability to obtain sensitive information...

thrift: Endless loop when feed with specific input data

In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings...