1908 matches found
File Browser has a Command Execution Allowlist Bypass via Shell Metacharacter Injection
!NOTE This feature has been disabled by default for all installations from v2.33.8 onwards, including for existent installations. To exploit this vulnerability, the instance administrator must turn on a feature and ignore all the warnings about known vulnerabilities. We're publishing this new...
CVE-2026-7184 Mattermost Remote Cluster PATCH API Leaks Authentication Tokens
Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15 fail to sanitize the Remote Cluster API response on PATCH operations, which allows authenticated users with the managesecureconnections permission to obtain remote cluster authentication tokens via a PATCH request to the...
EUVD-2026-36400
A further incomplete fix for a previous advisory CVE-2026-44417 Untrusted JMS configuration can lead to RCE for Apache CXF has been identified, which can allow code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended to upgrade to versions...
GHSA-Q7VR-J5WC-2XCH vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-R236-5PC3-3QCP AWS Advanced Go Wrapper has Privilege Escalation in Aurora PostgreSQL instance
Aurora PostgreSQL is a fully managed relational database engine that's compatible with PostgreSQL. An issue in Aurora PostgreSQL using the AWS Go Wrapper waa identified, see CVE-2026-11401. Impact An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to...
GHSA-HFXV-24RG-XRQF vulnerabilities
Vulnerabilities for packages: opensearch-dashboards...
AlmaLinux 8 : .NET 10.0 (ALSA-2026:25114)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:25114 advisory. dotnet: .NET: Local file tampering via link following vulnerability CVE-2026-45491 dotnet: ASP.NET Core: Denial of Service via uncontrolled resource...
Oracle Linux 8 : .NET / 8.0 (ELSA-2026-25110)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-25110 advisory. 8.0.128-1.0.1 - Add support for Oracle Linux 8.0.128-1 - Update to .NET SDK 8.0.128 and Runtime 8.0.28 - Resolves: RHEL-181052 8.0.126-2 - Update to...
@meme-sdk/trade (>=1.0.0 <=1.0.1), @solana-launchpad/sdk (>=1.0.10 <=1.0.13) +2 more potentially affected by unknown CVE via @validate-sdk/v2 (>=1.22.11 <=1.22.31)
@validate-sdk/v2 NPM version =1.22.11, =1.0.0, =1.0.10, =1.0.5, =1.0.6 - openpaw-graveyard =3.0.0 Source cves: unknown CVE Source advisory: OSV:MAL-2026-5497...
Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server is affected by multiple vulnerabilities when using when using Web Server Plug-ins.
Summary The security issue described in CVE-2026-8633, CVE-2026-8620 has been identified in WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...
Splunk Enterprise 9.3.0 < 9.3.13, 9.4.0 < 9.4.12, 10.0.0 < 10.0.7, 10.2.0 < 10.2.4 (SVD-2026-0607)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0607 advisory. - In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13...
ai.spice:spiceai (=0.6.0), cn.isqing.icloud:icloud-common-utils (>=4.0.3-M1 <=4.0.3.1) +417 more potentially affected by CVE-2026-46340 via io.netty:netty-transport-sctp (>=4.2.0.Final <=4.2.14.Final)
io.netty:netty-transport-sctp MAVEN version =4.2.0.Final, =4.0.3-M1, =1.21.9, =3.4.7, =25.4.1, =26.2.1, =7.9.0, =5.1.0, =5.1.0, =6.80, =0.2.2, =0.2.4 and more Source cves: CVE-2026-46340 Source advisory: OSV:GHSA-5XRH-QMMQ-W6CH...
ROOT-OS-UBUNTU-2204-CVE-2026-31454 CVE-2026-31454 in rootio-linux - Patched by Root
Root has patched CVE-2026-31454 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...
Amazon Linux 2 : perl-HTTP-Daemon, --advisory ALAS2-2026-3341 (ALAS-2026-3341)
The version of perl-HTTP-Daemon installed on the remote host is prior to 6.01-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3341 advisory. HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. sendfile opens its string argument with...
Amazon Linux 2023 : device-mapper-persistent-data (ALAS2023-2026-1791)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1791 advisory. An unsoundness issue RUSTSEC-2026-0097 was found in the bundled Rust rand crate used by device-mapper- persistent-data. ThreadRng methods use unsafe code that can create aliased mutable references when...
EulerOS Virtualization 2.13.1 : dhcp (EulerOS-SA-2026-2123)
According to the versions of the dhcp package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into...
EulerOS Virtualization 2.12.1 : shim (EulerOS-SA-2026-2089)
According to the versions of the shim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Issue summary: Processing a malformed PKCS12 file can trigger a NULL pointer dereference in the PKCS12itemdecryptd2iex function. Impa...
CVE-2026-9910 vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-855J-754P-55FW vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-GM2W-GW5X-592F vulnerabilities
Vulnerabilities for packages: chromium...