CVE-2026-6657

A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin validation when the alloworiginpat configuration is used. The issue arises from the use of re.match for validating the Origin header, which only anchors at the start of the string. This allow...

EUVD-2025-206910

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version 1.12.0. Users are recommended to upgrade to version 1.12.1 o...

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by torch

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by torch Vulnerability Details CVEID:CVE-2025-2953 DESCRIPTION: A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is the function torch.mkldnnmaxpool2d...

CVE-2025-12083

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal CivicTheme Design System allows Cross-Site Scripting XSS.This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0...

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-pip-wheel python3.11-pip python3.11-pip-wheel urllib3

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-pip-wheel python3.11-pip python3.11-pip-wheel urllib3 Vulnerability Details CVEID:CVE-2025-50182 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. Starting in version...

Slackware Linux 15.0 / current tigervnc Multiple Vulnerabilities (SSA:2025-302-02)

The version of tigervnc installed on the remote host is prior to 1.12.0 / 1.15.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2025-302-02 advisory. New tigervnc packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted...

Unity Linux 20.1070e Security Update: flatpak (UTSA-2025-680655)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-680655 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0, Flatpak apps with direct...

CVE-2025-58156 Centurion ERP users can view hashed authentication tokens that belong to other users

Centurion ERP is an ERP with a focus on ITSM and automation. In versions starting from 1.12.0 to before 1.21.0, an authenticated user can view all authentication token details within the database. This includes the actual token, although only the hashed token. This does not include any un-hashed...

PT-2025-5572 · Snowflake · Snowflake-Connector-Nodejs

Name of the Vulnerable Software and Affected Versions: snowflake-connector-nodejs versions 1.12.0 through 2.0.1 Description: The issue concerns a vulnerability in the Snowflake NodeJS Driver where file permissions checks of the temporary credential cache could be bypassed by an attacker with writ...

acia (>=0.3.0 <=0.3.2), aocs-lab (>=0.0.7 <=0.0.15) +223 more potentially affected by CVE-2024-30896 via influxdb-client (>=1.12.0 <=1.7.0)

influxdb-client PYPI version =1.12.0, =0.3.0, =0.0.7, =1.0.0, =0.1.0, =1.0.8, =0.0.1, =0.1.6, =0.1.0a1, =1.0.37, =0.1.0, =0.5.0, =0.12.0, =1.6.0, =20.0.0, =0.1.0, =1.15.2 and more Source cves: CVE-2024-30896 Source advisory: SNYK:PYTHON-INFLUXDBCLIENT-8422793...

Aardvark-dns 资源管理错误漏洞

Aardvark-dns is a dns server from Containers open source. Aardvark-dns versions 1.12.0 and 1.12.1 have a resource management error vulnerability that stems from serial processing of TCP DNS queries, which can lead to a denial of service by Containers...

merakidatafetcher (>=1.0.0 <=1.1.5), merakifirewalledservices (=0.1.3) +3 more potentially affected by CVE-2023-49081 via meraki (>=1.12.0 <=1.38.0)

meraki PYPI version =1.12.0, =1.0.0, =0.0.2, =0.0.1, =3.3.0, =4.3.11 Source cves: CVE-2023-49081 Source advisory: OSV:GHSA-6X4H-9622-FQR6...

org.apache.nifi:nifi-hadoop-dbcp-service-nar (>=1.12.0 <=1.22.0) potentially affected by CVE-2023-36542 via org.apache.nifi:nifi-hadoop-dbcp-service (>=1.12.0 <=1.22.0)

org.apache.nifi:nifi-hadoop-dbcp-service MAVEN version =1.12.0, =1.12.0, =1.22.0 Source cves: CVE-2023-36542 Source advisory: OSV:GHSA-R969-8V3H-23V9...

SUSE CVE-2018-11782

In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server...

Istio 授权问题漏洞

Istio is an open platform for connecting, managing, and securing microservices. Istio is vulnerable to an authorization issue in versions 1.12.0 and 1.12.1, which stems from a lack of authentication measures or insufficient authentication strength in a networked system or product. An attacker cou...

PT-2021-7728 · Hdf5 +3 · Hdf5 +3

Name of the Vulnerable Software and Affected Versions: HDF5 versions 1.12.0 through 1.13.0 Description: The issue is related to a buffer overflow in the h5tools str sprint function, located in /hdf5/tools/lib/h5tools str.c, which can cause a denial of service. This can be exploited by a remote...

PT-2019-12209 · Kubernetes +1 · Kubernetes +1

Name of the Vulnerable Software and Affected Versions: Kubernetes versions 1.12.0 through 1.12.4 Kubernetes version 1.13.0 Description: The issue concerns the rest.AnonymousClientConfig method, which is supposed to return a copy of the provided config with credentials removed. However, in the...

PT-2018-9226 · Artifex +1 · Mupdf +1

Name of the Vulnerable Software and Affected Versions: Artifex MuPDF versions 1.12.0 and earlier Description: A stack buffer overflow in the pdf lookup cmap full function in pdf/pdf-cmap.c could allow an attacker to execute arbitrary code via a crafted file. This issue affects the MuPDF library,...

Wireshark Memory Leak Vulnerability

Wireshark is the most popular network protocol parser. A memory leak vulnerability exists in the packet reassembly code in Wireshark versions 1.12.0-1.12.4. An attacker can exploit this vulnerability to exhaust CPU resources and initiate a denial of denial of service...

Wireshark Websocket Parser Remote Denial of Service Vulnerability (CNVD-2015-03170)

Wireshark is the most popular network protocol parser. A remote denial of service vulnerability exists in the Websocket parser in Wireshark versions 1.12.0-1.12.4. An attacker exploiting this vulnerability could exhaust CPU resources and cause a denial of service...