4942 matches found
Apache ActiveMQ security vulnerabilities
Apache ActiveMQ is an open-source messaging middleware developed by the Apache Foundation in the United States. It supports Java Message Service, clustering, Spring Framework, etc. There is a security vulnerability in Apache ActiveMQ. This vulnerability stems from the MessageServlet in the web...
CodexBar security vulnerabilities
CodexBar is an AI programming service usage monitoring tool developed by Peter Steinberger. Versions of CodexBar prior to 0.32.0 contained security vulnerabilities. These vulnerabilities were caused by a session cookie leakage issue, which could allow network attackers to exploit the improper...
CVE-2026-27136 affecting package cert-manager for versions less than 1.12.15-8
CVE-2026-27136 affecting package cert-manager for versions less than 1.12.15-8. A patched version of the package is available...
CVE-2026-46597 affecting package kubevirt for versions less than 1.7.1-5
CVE-2026-46597 affecting package kubevirt for versions less than 1.7.1-5. A patched version of the package is available...
CVE-2026-27136 affecting package telegraf for versions less than 1.31.0-21
CVE-2026-27136 affecting package telegraf for versions less than 1.31.0-21. A patched version of the package is available...
CVE-2026-39834 affecting package gh for versions less than 2.62.0-16
CVE-2026-39834 affecting package gh for versions less than 2.62.0-16. A patched version of the package is available...
CVE-2026-39830 affecting package gh for versions less than 2.62.0-16
CVE-2026-39830 affecting package gh for versions less than 2.62.0-16. A patched version of the package is available...
CVE-2026-42506 affecting package docker-buildx for versions less than 0.14.0-13
CVE-2026-42506 affecting package docker-buildx for versions less than 0.14.0-13. A patched version of the package is available...
CVE-2026-42506 affecting package containerd2 for versions less than 2.1.6-3
CVE-2026-42506 affecting package containerd2 for versions less than 2.1.6-3. A patched version of the package is available...
WWBN AVideo 安全漏洞
WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to version 29 contain security vulnerabilities. These vulnerabilities stem from storing user-input category descriptions as raw HTML during Gallery view rendering. This allows...
Avro 资源管理错误漏洞
Avro is a fast Go Avro decoder developed by hamba. Versions prior to 2.33.0 contained a resource management vulnerability. This vulnerability stemmed from the Avro array and mapping decoders’ tendency to loop through a counter controlled by the attacker without checking the error status of the...
StrongDM 安全漏洞
StrongDM is an infrastructure access management platform developed by the US company StrongDM. Versions of StrongDM prior to 23.74.0 contained security vulnerabilities. These vulnerabilities stemmed from the storage of authentication status in plaintext, including JSON Web Tokens and key material...
WWBN AVideo 操作系统命令注入漏洞
WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 29.0 contained an operating system command injection vulnerability. This vulnerability stemmed from the execAsync command in the YPTSocket notification branch, which constructed...
BIT-MLFLOW-2026-2614 Arbitrary File Read via Prompt Tag Source Validation Bypass in mlflow/mlflow
A vulnerability in the createmodelversion handler of mlflow/server/handlers.py in mlflow/mlflow versions 3.9.0 and earlier allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem. The issue arises when a CreateModelVersion request includes the tag...
CVE-2026-9807 Incorrect Authorization in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed a blocked Project Access Token to continue accessing private resources due to incorrect authorization...
Follet School Solutions Destiny 安全漏洞
Follet School Solutions Destiny is a school solution provided by Follet Corporation. Versions of Follet School Solutions Destiny prior to 22.0.1 AU1 contained security vulnerabilities. These vulnerabilities stemmed from a cross-site scripting vulnerability in the site parameter of...
deepobj 安全漏洞
DeepObj is a deep object manipulation tool developed by RANFdev’s individual developer. Versions of DeepObj prior to 1.0.3 contained security vulnerabilities; these vulnerabilities could lead to prototype pollution when the property path included proto/constructor/prototype...
phpMyFAQ 安全漏洞
phpMyFAQ is a multilingual, fully database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.3 contained security vulnerabilities. These vulnerabilities stemmed from an authentication bypass in the password reset endpoint, allowing unverified attackers to reset the...
Zed 操作系统命令注入漏洞
Zed is a code editor developed by Zed Industries. Versions of Zed prior to 0.229.0 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the terminal tool permissions system, which could be bypassed through bash arithmetic extensions, allowing...
go-billy 路径遍历漏洞
Go-Billy is an open-source file system abstraction library developed by go-git. Versions of Go-Billy prior to 5.9.0 contained a path traversal vulnerability. This vulnerability stemmed from path traversal issues in multiple components. Insufficient path cleaning and boundary enforcement may lead ...