CVE-2026-41699

Summary (CVE-2026-41699) : Spring for GraphQL applications are vulnerable to unsafe deserialization when processing paginated GraphQL queries. An attacker can craft a malicious GraphQL request that may lead to Remote Code Execution if the application exposes a paginated (Connection) field and the...

PT-2026-47712

Improper Neutralization of Alternate XSS Syntax vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. AI-generated response content was rendered in the browser without proper sanitization, allowing malicious scripts to be executed when the content was viewed. Users are...

CVE-2026-9844 Vulnerability in navify® Digital Pathology

Use of default credentials vulnerability in Roche Diagnostics navify Digital Pathology RabbitMQ Management interface modules allows Default Usernames and Passwords. This issue affects navify Digital Pathology: from 2.0.0 before 2.4.1...

CVE-2026-9844

The vulnerability CVE-2026-9844 affects Roche Diagnostics navify Digital Pathology, specifically the RabbitMQ Management interface modules, where default credentials are used. Affected versions are navify Digital Pathology 2.0.0 up to (but not including) 2.4.1. The problem is the use of default u...

CVE-2026-9844 Vulnerability in navify® Digital Pathology

Use of default credentials vulnerability in Roche Diagnostics navify Digital Pathology RabbitMQ Management interface modules allows Default Usernames and Passwords. This issue affects navify Digital Pathology: from 2.0.0 before 2.4.1...

CVE-2026-10284 DevaslanPHP project-management Livewire ViewTicket.php doDeleteComment improper authorization

A flaw has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this vulnerability is the function editComment/doDeleteComment of the file app/Filament/Resources/TicketResource/Pages/ViewTicket.php of the component Livewire Handler. Executing a manipulation can lead to...

Hackney 安全漏洞

Hackney is a program library from Hackney, Inc. A security vulnerability exists in Hackney versions 2.0.0-beta.1 through prior to 4.0.1, which stems from the Alt-Svc response header parser's inability to guarantee forward progress, potentially leading to infinite loops and CPU exhaustion...

CVE-2026-44050

A heap-based buffer overflow in the CNID daemon commrcv function in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code with escalated privileges or cause a denial of service...

CVE-2026-7836

CVE-2026-7836 affects Netatalk 2.0.0–4.4.2. The vulnerability is caused by an incorrect calculation in the hextoint macro due to improper uppercase character handling. This can allow a remote authenticated attacker to cause limited data modification via crafted hexadecimal input. A fix is availab...

CVE-2026-44070

Summary: CVE-2026-44070 affects Netatalk 2.0.0 through 4.4.2, with an unbounded memory reallocation in the charset conversion code. The issue can allow a remote authenticated attacker to cause a minor denial of service, as described by CVE records. Root cause: unbounded realloc in charset convers...

PT-2026-42426

Name of the Vulnerable Software and Affected Versions Netatalk versions 2.0.0 through 4.4.2 Description An unbounded memory reallocation in the charset conversion code allows a remote authenticated attacker to cause a minor denial of service via crafted character conversion requests...

Netatalk 安全漏洞

Netatalk is an open-source software developed by Netatalk. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 2.0.0 to 4.4.2 of Netatalk have security vulnerabilities. These vulnerabilities stem from improper handling of uppercase...

@aidps/canvas-flow (>=1.0.0 <=1.0.1), @antv/xflow (>=2.0.1 <=2.2.4) +116 more potentially affected by unknown CVE via @antv/x6-plugin-selection (>=2.0.0 <=2.2.2)

@antv/x6-plugin-selection NPM version =2.0.0, =1.0.0, =2.0.1, =0.0.1, =0.0.2, =1.0.0-beta.46, =0.0.4, =0.7.0, =0.0.3, =2.0.4, =0.0.27, =3.0.0, =4.0.0-600 and more Source cves: unknown CVE Source advisory: SNYK:JS-ANTVX6PLUGINSELECTION-16754927...

1byte-react-design (>=1.7.1 <=1.14.0), @aaf-comp/graph-widget (>=1.0.0 <=1.0.3) +246 more potentially affected by unknown CVE via @antv/g-plugin-dragndrop (>=2.0.0 <=2.1.1)

@antv/g-plugin-dragndrop NPM version =2.0.0, =1.7.1, =1.0.0, =1.1.43, =5.0.48, =1.0.1, =2.0.0, =2.0.0, =1.0.0, =2.0.0, =3.0.3, =3.0.0, =0.5.6, =1.0.0, =1.0.0, =1.0.0, =1.1.1 and more Source cves: unknown CVE Source advisory: SNYK:JS-ANTVGPLUGINDRAGNDROP-16754940...

@antv/g-mobile-webgl (>=1.0.0 <=1.1.1), @antv/g-plugin-3d (>=2.0.0 <=2.1.1) +6 more potentially affected by unknown CVE via @antv/g-plugin-device-renderer (>=2.0.0 <=2.6.1)

@antv/g-plugin-device-renderer NPM version =2.0.0, =1.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =0.2.0, =0.1.0, =1.0.2, =1.0.8 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVGPLUGINDEVICERENDERER-16755101...

@antv/g-mobile-canvas (>=1.0.0 <=1.1.1), @antv/g-mobile-svg (>=1.0.0 <=1.1.1) +1 more potentially affected by unknown CVE via @antv/g-plugin-gesture (>=2.0.0 <=2.1.1)

@antv/g-plugin-gesture NPM version =2.0.0, =1.0.0, =1.0.0, =1.0.0, =1.1.1 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVGPLUGINGESTURE-16754438...

@antv/ava (=3.6.0-alpha.0), @antv/g (>=6.0.0 <=6.2.1) +6 more potentially affected by unknown CVE via @antv/g-camera-api (>=2.0.0 <=2.0.9)

@antv/g-camera-api NPM version =2.0.0, =6.0.0, =0.5.9, =2.0.0, =1.2.5, =1.2.6 - expression-language-editor =0.0.4 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVGCAMERAAPI-16754994...

@agentscope-ai/chat (>=1.1.43 <=1.1.66), @ant-design/charts (>=2.2.2 <=2.6.7) +72 more potentially affected by unknown CVE via @antv/g-svg (>=2.0.0 <=2.1.1)

@antv/g-svg NPM version =2.0.0, =1.1.43, =2.2.2, =2.0.0, =1.0.0, =1.1.0, =2.0.0, =2.0.0, =0.1.6, =0.1.0, =0.1.0, =1.2.0, =2.0.28, =0.0.18, =0.0.23 and more Source cves: unknown CVE Source advisory: SNYK:JS-ANTVGSVG-16755118...

@antv/g-web-components (>=2.0.0 <=2.1.1), @antv/g6-extension-3d (>=0.1.0 <=0.1.23) +1 more potentially affected by unknown CVE via @antv/g-webgl (>=2.0.0 <=2.1.1)

@antv/g-webgl NPM version =2.0.0, =2.0.0, =0.1.0, =1.0.2, =1.0.8 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVGWEBGL-16754845...

org.apache.flink:flink-examples-table_2.12 (>=2.0.0 <=2.0.1) potentially affected by CVE-2026-35194 via org.apache.flink:flink-table-planner_2.12 (>=2.0.0 <=2.0.1)

org.apache.flink:flink-table-planner2.12 MAVEN version =2.0.0, =2.0.0, =2.0.1 Source cves: CVE-2026-35194 Source advisory: SNYK:JAVA-ORGAPACHEFLINK-16799799...