109 matches found
CVE-2026-22753
Vulnerability in Spring Spring Security. If an application is using securityMatchersString and a PathPatternRequestMatcher.Builder bean to prepend a servlet path, matching requests to that filter chain may fail and its related security components will not be exercised as intended by the...
Arbitrary Command Injection
Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the actioner process. An attacker can execute arbitrary system commands by sending specially crafted requests to the metadata service endpoint. Remediation There is no fixed version for...
EUVD-2026-10578
Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network...
EUVD-2026-10577
Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network...
GitHub: Zero Shot SCFoundation Remote Code Execution Vulnerability
Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network...
PT-2026-24264
Name of the Vulnerable Software and Affected Versions zero-shot-scfoundation affected versions not specified Description A dependency on a vulnerable third-party component within the zero-shot-scfoundation GitHub repository enables an unauthorized attacker to execute code over a network...
CVE-2026-2130
A vulnerability was determined in BurtTheCoder mcp-maigret up to 1.0.12. This affects an unknown part of the file src/index.ts of the component searchusername. Executing a manipulation of the argument Username can lead to command injection. The attack may be launched remotely. Upgrading to versio...
CVE-2026-0500
Due to the usage of vulnerable third party component in SAP Wily Introscope Enterprise Manager WorkStation, an unauthenticated attacker could create a malicious JNLP Java Network Launch Protocol file accessible by a public facing URL. When a victim clicks on the URL the accessed Wily Introscope...
CVE-2025-69275
Dependency on Vulnerable Third-Party Component vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows DOM-Based XSS.This issue affects DX NetOps Spectrum: 24.3.9 and earlier...
PT-2026-1950
Name of the Vulnerable Software and Affected Versions Broadcom DX NetOps Spectrum versions 24.3.9 and earlier Description The software has a flaw due to reliance on a vulnerable third-party component, which allows for DOM-Based Cross-Site Scripting XSS. DOM-Based XSS occurs when client-side scrip...
CVE-2022-42229
Wedding Planner v1.0 is vulnerable to Arbitrary code execution via packageedit.php...
PT-2026-1904
Name of the Vulnerable Software and Affected Versions themesuite Automotive Listings versions n/a through 18.6 Description An issue exists in themesuite Automotive Listings that allows for Blind SQL Injection due to Improper Neutralization of Special Elements used in an SQL Command. This allows a...
PT-2025-43196
Name of the Vulnerable Software and Affected Versions CrocoBlock JetBlog versions through 2.4.4.1 Description A flaw exists in CrocoBlock JetBlog that allows for Stored Cross-site Scripting XSS. This issue arises from improper neutralization of input during web page generation. An attacker could...
CVE-2025-55551
CVE-2025-55551 affects PyTorch (torch.linalg.lu) and is described as an issue in PyTorch v2.8.0 where a slice operation can cause a Denial of Service. The connected IBM bulletin lists the Torch wheel (torch-2.9.1) among vulnerable dependencies, but the provided materials do not include explicit r...
CVE-2025-10226
Dependency on Vulnerable Third-Party Component CWE-1395 in the PostgreSQL backend in AxxonSoft Axxon One C-Werk 2.0.8 and earlier on Windows and Linux allows a remote attacker to escalate privileges, execute arbitrary code, or cause denial-of-service via exploitation of multiple known CVEs presen...
CVE-2025-10226
CVE-2025-10226 affects AxxonSoft Axxon One (C-Werk) 2.0.8 and earlier due to a dependency on vulnerable PostgreSQL back-end (v10.x). The root cause is reported as dependencies on vulnerable third-party components in PostgreSQL, enabling a remote attacker to escalate privileges, execute arbitrary ...
PT-2025-32448
Medtronic MyCareLink Patient Monitor has an internal serial interface, which allows an attacker with physical access to access a login prompt via a UART terminal....
PT-2025-32449 · Undefined · Undefined
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Inc. Equipment: FX80 and FX90 Vulnerability: Dependency on Vulnerable Third-Party Component 2. RISK EVALUATION... CVE-2025-43867 Source:...
CVE-2025-7452
A vulnerability was found in kone-net go-chat up to f9e58d0afa9bbdb31faf25e7739da330692c4c63. It has been declared as critical. This vulnerability affects the function GetFile of the file go-chat/api/v1/filecontroller.go of the component Endpoint. The manipulation of the argument fileName leads t...
Moderate: go-toolset:rhel8 security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: net/http: Sensitive headers not cleared on cross-origin redirect in net/http CVE-2025-4673 For more details about the security issues, including the impact, a CVSS score,...