CVE-2026-5189

CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3.70.5 allows an unauthenticated attacker with network access to gain unauthorized read/write access to the internal database and execute arbitrary OS commands as the Nexus process user. Exploitatio...

airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plug (=1.6.2) +38 more potentially affected by CVE-2026-42359 via apache-airflow-core (>=3.0.0 <=3.2.1rc3)

apache-airflow-core PYPI version =3.0.0, =0.7.0, =1.5.0, =0.6.1, =1.10.7, =0.6.0, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0, =1.6.0, =1.5.3, =1.25.0, =3.12.0, =3.12.0rc1 and more Source cves: CVE-2026-42359 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-17137551...

view_component 安全漏洞

viewcomponent is an open-source framework developed by ViewComponent, designed for building reusable and testable view components. There are security vulnerabilities in the viewcomponent version 3.0.0 to 4.9.0. These vulnerabilities arise from the system’s testing entry point using File.realpath ...

CVE-2026-43827

CVE-2026-43827 affects Apache Shiro. In affected versions (1.0–2.1.0 and 3.0.0-alpha-1), an existing session is not invalidated nor a new session with a new ID issued after login, enabling session fixation. Upgraded fixes are available in 2.1.1 and 3.0.0-alpha-2 or later; apply the patch to mitig...

CVE-2026-7837

A time-of-check time-of-use TOCTOU condition in the adflush function in Netatalk 3.0.0 through 4.4.2 involves root-privileged file operations, which may allow a remote attacker to cause limited data modification under specific race conditions...

EUVD-2026-31218

An integer underflow in the volxlate function in Netatalk 3.0.0 through 4.4.2 allows a local privileged user to obtain limited information, modify limited data, or cause a minor service disruption via crafted volume translation input...

Netatalk 安全漏洞

Netatalk is an open-source software developed by Netatalk. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 3.0.0 to 4.4.2 of Netatalk contain security vulnerabilities. These vulnerabilities stem from a check on time usage conditions...

Astra Linux - уязвимость в node-brace-expansion

A vulnerability was discovered in the juliangruber brace-expansion library up to versions 1.1.11/2.0.1/3.0.0/4.0.0. This issue has been identified as problematic. The affected function is the “expand” function of the file index.js. Manipulation of this function leads to inefficient use of regular...

Astra Linux - уязвимость в wireshark

In Wireshark versions 3.0.0 to 3.0.6, and 2.6.0 to 2.6.12, the CMS dissector could crash. This issue was addressed in the epan/dissectors/asn1/cms/packet-cms-template.c file by ensuring that an object identifier is set to NULL after the ContentInfo dissection...

ai.pipestream:account-service (>=0.0.2 <=0.0.18), ai.pipestream:connector-admin-service (>=0.1.1 <=0.1.18) +412 more potentially affected by CVE-2026-45799 via com.squareup.wire:wire-runtime-jvm (>=3.0.0-alpha03 <=5.3.3)

com.squareup.wire:wire-runtime-jvm MAVEN version =3.0.0-alpha03, =0.0.2, =0.1.1, =0.2.7, =0.2.7, =0.2.7, =0.1.1, =0.2.7, =0.7.21, =0.7.21, =0.7.21, =0.1.7, =0.0.1, =0.7.24 and more Source cves: CVE-2026-45799 Source advisory: OSV:GHSA-7XPR-HC2W-34M9...

org.glassfish.main.admingui:admingui (>=6.0.0 <=9.0.0-M1), org.glassfish.main.admingui:console-cluster-plugin (>=6.0.0 <=9.0.0-M1) +19 more potentially affected by CVE-2026-2586 via org.glassfish.jsftemplating:jsftemplating (>=3.0.0 <=4.1.0)

org.glassfish.jsftemplating:jsftemplating MAVEN version =3.0.0, =6.0.0, =6.0.0, =7.0.16, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =9.0.0-M1 and more Source cves: CVE-2026-2586 Source advisory: OSV:GHSA-96V6-HQ43-X9H4https://vulners.c...

SUSE CVE-2026-44699

LibJWT is a C JSON Web Token Library. From 3.0.0 to 3.3.2, libjwt accepts an RSA JWK that does not contain an alg parameter as the verification key for an HS256/HS384/HS512 token. In the OpenSSL backend, this causes HMAC verification to run with a zero-length key, so an attacker can forge a valid...

CVE-2026-44308

CVE-2026-44308 concerns Spring Cloud AWS, where the SNS HTTP/HTTPS endpoint support methods (@NotificationMessageMapping, @NotificationSubscriptionMapping, @NotificationUnsubscribeConfirmationMapping) failed to verify incoming SNS message signatures from versions 3.0.0 through 4.0.1. An unauthent...

CVE-2026-3048

An authenticated administrator who configures or tests LDAP connectivity in Sonatype Nexus Repository Manager versions 3.0.0 through 3.91.1 may be able to initiate unintended server-side connections when interacting with a malicious LDAP server...

CVE-2026-3048 Nexus Repository 3 - Improper LDAP Referral Handling

An authenticated administrator who configures or tests LDAP connectivity in Sonatype Nexus Repository Manager versions 3.0.0 through 3.91.1 may be able to initiate unintended server-side connections when interacting with a malicious LDAP server...

@budibase/cli (>=3.0.0 <=3.2.26), @budibase/pro (>=3.0.0 <=3.2.26) +2 more potentially affected by CVE-2026-45061 via @budibase/backend-core (>=3.0.0 <=3.2.7)

@budibase/backend-core NPM version =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.2.26 Source cves: CVE-2026-45061 Source advisory: SNYK:JS-BUDIBASEBACKENDCORE-16759131...

OESA-2026-2240 pdfbox security update

Apache PDFBox is an open source Java PDF library for working with PDF documents. This project allows creation of new PDF documents, manipulation of existing documents and the ability to extract content from documents. Apache PDFBox also includes several command line utilities. Apache PDFBox is...

CVE-2026-41645

CVE-2026-41645 affects Nuclei up to version 3.8.0, where the expression evaluation engine can be tricked by HTTP response-derived DSL expressions reused in multi-step templates. If -env-vars (-ev) is explicitly enabled, response data containing DSL expressions can expose host environment variable...

@aiconnect/codelets-runner (>=0.1.0 <=0.2.0), @cairncms/api (>=1.0.0-beta.1 <=1.0.0-beta.4) +16 more potentially affected by CVE-2026-44001 via vm2 (>=3.0.0 <=3.10.5)

vm2 NPM version =3.0.0, =0.1.0, =1.0.0-beta.1, =3.0.46, =1.0.0-beta.1, =0.1.64, =0.1.61, =1.66.16, =1.66.16, =1.66.16, =1.66.16, =1.66.16, =1.66.16, =1.66.16, =1.72.1 and more Source cves: CVE-2026-44001 Source advisory: SNYK:JS-VM2-16438945...

ai.platon.pulsar:pulsar-persist (>=1.9.0 <=1.10.23), be.eliwan:eoddata-client (=1.0) +2282 more potentially affected by CVE-2026-42402 via org.apache.neethi:neethi (>=3.0.0 <=3.2.1)

org.apache.neethi:neethi MAVEN version =3.0.0, =1.9.0, =1.1.7, =1.1.9, =1.2.5, =3.00.4, =3.00.3, =4.00.10, =11.4-37, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.1.0.RELEASE and more Source cves: CVE-2026-42402 Source advisory: SNYK:JAVA-ORGAPACHENEETHI-16354028...