3 matches found
EUVD-2026-19484
OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft...
CVE-2026-27571
NATS-Server WebSockets handling is vulnerable to a pre-auth memory DoS via a compression bomb. Prior to v2.11.2 and v2.12.3, memory bounds for a NATS message were not independently applied to the memory stream, allowing excessive memory consumption and potential OS termination. The issue is explo...
PT-2025-43691
Name of the Vulnerable Software and Affected Versions Rancher Manager versions prior to 2.12.3 Description A security issue exists in Rancher Manager that allows exposure of sensitive information, including secret data, cluster import URLs, and registration tokens, to anyone with access to Ranche...