EUVD-2026-31243

A dead bounds check in the Spotlight RPC unmarshaller in Netatalk 3.0.0 through 4.4.2 results in an unreachable code path that provides no effective bounds protection, which may allow a remote authenticated attacker to obtain limited information via crafted Spotlight RPC requests...

Netatalk 安全漏洞

Netatalk is an open-source software developed by Netatalk Inc., which provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 3.0.0 to 4.4.2 of Netatalk contain security vulnerabilities. These vulnerabilities stem from dead-end checks in the...

Netatalk 数字错误漏洞

Netatalk is an open-source software developed by Netatalk. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 3.0.0 to 4.4.2 of Netatalk contain a numerical error vulnerability. This vulnerability stems from an integer underflow in the...

azure-ai-generative (>=1.0.0b1 <=1.0.0b3), azure-ai-resources (>=1.0.0b1 <=1.0.0b9) +15 more potentially affected by CVE-2026-2614 via mlflow-skinny (>=3.0.0 <=3.0.1)

mlflow-skinny PYPI version =3.0.0, =1.0.0b1, =1.0.0b1, =0.1.0, =0.1.0, =2.5.0, =0.0.13, =3.0.0, =0.1.0, =0.1.4 and more Source cves: CVE-2026-2614 Source advisory: SNYK:PYTHON-MLFLOWSKINNY-16643511...

Modsecurity 数字错误漏洞

Modsecurity is an open-source web traffic security processing library developed by OWASP ModSecurity. Versions of Modsecurity from 3.0.0 to 3.0.15 contained a numerical error vulnerability. This vulnerability stemmed from an unsigned integer underflow, which led to unhandled exceptions and could...

Nuclei 访问控制错误漏洞

Nuclei is a fast-customizable vulnerability scanner based on simple YAML, open-sourced by ProjectDiscovery. In versions 3.0.0 to 3.8.0 of Nuclei, there was an access control vulnerability. This vulnerability stemmed from the JavaScript protocol’s runtime feature, which allowed reading of local.js...

@aiconnect/codelets-runner (>=0.1.0 <=0.2.0), @cairncms/api (>=1.0.0-beta.1 <=1.0.0-beta.4) +21 more potentially affected by CVE-2026-24118 via vm2 (>=3.0.0 <=3.10.5)

vm2 NPM version =3.0.0, =0.1.0, =1.0.0-beta.1, =3.0.46, =0.1.0, =1.1.15, =1.27.8, =1.0.0-beta.1, =1.1.0, =0.2.0, =0.1.64, =0.1.61, =1.66.16, =1.66.16, =1.72.1 and more Source cves: CVE-2026-24118 Source advisory: SNYK:JS-VM2-16419418...

EUVD-2026-24027

Neko has a Self-service Privilege Escalation for Authenticated Users...

n.eko 输入验证错误漏洞

n.eko is a self-hosted virtual browser developed by Miroslav Šedivý, using Docker and WebRTC. Versions 3.0.0 to 3.0.10, as well as 3.1.0 to 3.1.1, have vulnerabilities related to input validation. These vulnerabilities allow any authenticated user to instantly gain complete control over the entir...

PT-2026-31545

Name of the Vulnerable Software and Affected Versions Sonatype Nexus Repository versions 3.0.0 through 3.90.2 Description A reflected cross-site scripting issue exists that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted UR...

EUVD-2024-55519

There is an injection vulnerability in jeecg boot versions 3.0.0 to 3.5.3 due to lax character filtering, which allows attackers to execute arbitrary code on components through specially crafted HTTP requests...

CVE-2024-40489

There is an injection vulnerability in jeecg boot versions 3.0.0 to 3.5.3 due to lax character filtering, which allows attackers to execute arbitrary code on components through specially crafted HTTP requests...

CVE-2026-4818

In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an issue which allows users without the necessary privileges to execute some management operations against data streams...

CVE-2026-32693

In Juju from version 3.0.0 through 3.6.18, the authorization of the "secret-set" tool is not performed correctly, which allows a grantee to update the secret content, and can lead to reading or updating other secrets. When the "secret-set" tool logs an error in an exploitation attempt, the secret...

airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plugin (=1.5.0) +28 more potentially affected by CVE-2026-26929 via apache-airflow (>=3.0.0 <=3.1.7rc2)

apache-airflow PYPI version =3.0.0, =0.7.0, =0.6.1, =1.10.7, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0, =1.6.0, =1.5.3, =1.25.0, =3.12.0, =0.0.4, =2.0.2, =2.3.0rc1 and more Source cves: CVE-2026-26929 Source advisory: OSV:GHSA-4M3H-WP5W-5HQH...

airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plugin (=1.5.0) +28 more potentially affected by CVE-2026-28563 via apache-airflow (>=3.0.0 <=3.1.7rc2)

apache-airflow PYPI version =3.0.0, =0.7.0, =0.6.1, =1.10.7, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0, =1.6.0, =1.5.3, =1.25.0, =3.12.0, =0.0.4, =2.0.2, =2.3.0rc1 and more Source cves: CVE-2026-28563 Source advisory: OSV:PYSEC-2026-15...

@akash-aw/aw-wizard-forms (=4.14.0), @alfresco/aca-generators (>=1.0.0 <=1.0.1) +134 more potentially affected by CVE-2026-27959 via koa (>=3.0.0 <=3.1.1)

koa NPM version =3.0.0, =1.0.0, =1.0.0, =0.44.0, =0.0.0-nightly-20260213031600, =0.0.0-nightly-20260317031259, =0.0.0-nightly-20260317031259, =0.0.0-nightly-20260213031600, =2025.12.1, =2.23.0, =0.0.1, =0.20.0, =0.0.5, =2026.1.2, =2.0.0, =2.0.1 and more Source cves: CVE-2026-27959 Source advisory...

Security Bulletin: IBM DevOps Plan is vulnerable to Excessive Authentication Attempts ( CVE-2025-36363)

Summary IBM DevOps Plan is vulnerable to brute force attack due to improper restriction of excessive authentication attempts. Vulnerability Details CVEID:CVE-2025-36363 DESCRIPTION: IBM DevOps Plan uses an inadequate account lockout setting that could allow a remote attacker to brute force accoun...

PT-2026-20269

Name of the Vulnerable Software and Affected Versions Liderahenk versions 3.0.0 through 3.3.1 Description A missing authentication check for a critical function in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows for Remote Code Inclusion. The issue impacts the software’s...

Scraparr 信息泄露漏洞

Scraparr is a Prometheus exporter for arr suites Sonarr, Radarr, Lidarr, etc. developed by TheCfU organization. Versions of Scraparr from 3.0.0-beta to 3.0.2 contained an information leakage vulnerability. This vulnerability occurred when the Readarr integration was enabled, as the exporter expos...