@fedify/botkit (>=0.4.0-dev.184 <=0.5.0-dev.198), @fedify/botkit-sqlite (>=0.4.0-dev.184 <=0.5.0-dev.198) +1 more potentially affected by CVE-2026-42462 via @fedify/fedify (>=2.1.0 <=2.1.13)

@fedify/fedify NPM version =2.1.0, =0.4.0-dev.184, =0.4.0-dev.184, =2.1.0, =2.1.13 Source cves: CVE-2026-42462 Source advisory: OSV:GHSA-9RFG-V8G9-9367...

CVE-2026-44067

Summary: CVE-2026-44067 affects Netatalk 2.1.0 through 4.4.2, where an EA (extended attribute) header parsing heap over-read can allow a remote, network-accessible attacker to cause information disclosure or a minor service disruption. The issue is fixed in Netatalk 4.5.0. Affected component/vers...

CVE-2026-44052

CVE-2026-44052 affects Netatalk versions 2.1.0 through 4.4.2, where ldap simple-bind passwords are exposed in log output. The underlying issue is log exposure of LDAP credentials, enabling an attacker with log access to obtain credentials. The vulnerability is fixed in Netatalk 4.4.3. As per the ...

com.datasqrl:sqrl-discovery (>=0.9.0-alpha1 <=0.9.0-alpha2), com.datasqrl:sqrl-planner (>=0.9.0-alpha1 <=0.9.0-alpha2) +2 more potentially affected by CVE-2026-35194 via org.apache.flink:flink-table-planner_2.12 (>=2.1.0 <=2.1.1)

org.apache.flink:flink-table-planner2.12 MAVEN version =2.1.0, =0.9.0-alpha1, =0.9.0-alpha1, =0.9.0-alpha1, =2.1.0, =2.1.1 Source cves: CVE-2026-35194 Source advisory: OSV:GHSA-2F54-V4HM-FX73...

CVE-2026-44312

cssparser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle MITM attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with OpenSSL::SSL::VERIFYNONE, meaning...

CVE-2026-44312 css_parser allows to MITM included https css urls

cssparser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle MITM attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with OpenSSL::SSL::VERIFYNONE, meaning...

Ruby CSS Parser 信任管理问题漏洞

Ruby CSS Parser is an open-source tool developed by premailer, used for loading, parsing, and cascading CSS rule sets. Versions of Ruby CSS Parser prior to 2.1.0 and 1.22.0 had a trust management vulnerability. This vulnerability stemmed from unvalidated HTTPS connections, where connections were...

5dee (=0.1.0), a5py (=0.1.1) +457 more potentially affected by CVE-2026-8212 via gdal (>=2.1.0 <=3.13.0)

gdal PYPI version =2.1.0, =0.0.1, =0.9.0, =0.6.1, =0.1.2, =1.0.1, =0.0.6, =1.0.0, =1.9.3, =0.2.0, =1.6.2, =0.0.1, =0.0.5 and more Source cves: CVE-2026-8212 Source advisory: OSV:GHSA-R5M4-5VWW-W9F5...

CVE-2026-8149

A vulnerability in Legion of the Bouncy Castle Inc. BC-LTS on Linux, X8664, AVX, AVX-512f. This vulnerability is associated with program files gcm128w, gcm512w. This issue affects BC-LTS: from 2.73.0 before 2.73.11...

com.github.niupengyu.schedule:ahead-schedule-distributed (>=1.2.6-RELEASE <=1.2.8-RELEASE), com.github.niupengyu:ahead-frame-socket (>=1.2.1-RELEASE <=1.2.3-RELEASE) +40 more potentially affected by CVE-2026-42779 via org.apache.mina:mina-core (>=2.1.0 <=2.1.11)

org.apache.mina:mina-core MAVEN version =2.1.0, =1.2.6-RELEASE, =1.2.1-RELEASE, =2.2.1, =2.2.1, =3.0.0, =1.0.0, =3.0.11, =3.6.7, =3.6.7, =3.6.7, =3.6.10 and more Source cves: CVE-2026-42779 Source advisory: OSV:GHSA-VF5J-865M-MQ7C...

com.github.niupengyu.schedule:ahead-schedule-distributed (>=1.2.6-RELEASE <=1.2.8-RELEASE), com.github.niupengyu:ahead-frame-socket (>=1.2.1-RELEASE <=1.2.3-RELEASE) +40 more potentially affected by CVE-2026-42779 via org.apache.mina:mina-core (>=2.1.0 <=2.1.11)

org.apache.mina:mina-core MAVEN version =2.1.0, =1.2.6-RELEASE, =1.2.1-RELEASE, =2.2.1, =2.2.1, =3.0.0, =1.0.0, =3.0.11, =3.6.7, =3.6.7, =3.6.7, =3.6.10 and more Source cves: CVE-2026-42779 Source advisory: SNYK:JAVA-ORGAPACHEMINA-16354036...

com.github.niupengyu.schedule:ahead-schedule-distributed (>=1.2.6-RELEASE <=1.2.8-RELEASE), com.github.niupengyu:ahead-frame-socket (>=1.2.1-RELEASE <=1.2.3-RELEASE) +40 more potentially affected by CVE-2026-42778 via org.apache.mina:mina-core (>=2.1.0 <=2.1.11)

org.apache.mina:mina-core MAVEN version =2.1.0, =1.2.6-RELEASE, =1.2.1-RELEASE, =2.2.1, =2.2.1, =3.0.0, =1.0.0, =3.0.11, =3.6.7, =3.6.7, =3.6.7, =3.6.10 and more Source cves: CVE-2026-42778 Source advisory: SNYK:JAVA-ORGAPACHEMINA-16354035...

Apache MINA 代码问题漏洞

Apache MINA is a web application framework developed by the Apache Foundation in the United States. This product is primarily used for developing high-performance and highly scalable web applications. There were code vulnerabilities in versions of Apache MINA from 2.1.0 to 2.1.11, as well as in...

PT-2026-28279

Wazuh wazuh-agent and wazuh-manager versions 2.1.0 before 4.8.0 contain multiple shell injection and untrusted search path vulnerabilities that allow attackers to execute arbitrary commands through various components including logcollector configuration, maild SMTP server tags, and Kaspersky AR...

CVE-2025-14806

IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an attacker to trick the caching mechanism into storing and serving sensitive, user-specific responses as publicly cacheable resources...

CVE-2026-1267

IBM Planning Analytics Local versions 2.1.0–2.1.17 are affected by CVE-2026-1267 due to lack of proper access controls, enabling unauthorized access to sensitive data and administrative functionalities. The issue is documented across multiple feeds (NVD, Red Hat, ENISA EUVD, CVE list) with a base...

IBM Planning Analytics Local 信息泄露漏洞

IBM Planning Analytics Local is a web-based local architecture of the International Business Machines IBM company. Versions of IBM Planning Analytics Local from 2.1.0 to 2.1.17 have information leakage vulnerabilities. These vulnerabilities stem from inadequate access control, which may allow...

IBM Planning Analytics Local 安全漏洞

IBM Planning Analytics Local is a web-based local architecture of the International Business Machines IBM company. Versions of IBM Planning Analytics Local from 2.1.0 to 2.1.17 have security vulnerabilities. These vulnerabilities stem from caching mechanisms, which may allow attackers to trick th...

CVE-2026-27406

Insertion of Sensitive Information Into Sent Data vulnerability in Joe Dolson My Tickets my-tickets allows Retrieve Embedded Sensitive Data.This issue affects My Tickets: from n/a through = 2.1.0...

isURLInPortal 输入验证错误漏洞

isURLInPortal is a Plone open-source URL security check patch for Plone. Versions prior to 2.1.0, 3.1.0, and 4.0.0 of isURLInPortal had a input validation vulnerability that could lead to redirection to external websites after login...