CVE-2026-42339

CVE-2026-42339 (New API: SSRF Filter Bypass via 0.0.0.0) Affects New API (LLM gateway) up to v0.11.9-alpha.1. The SSRF protection is incomplete: 0.0.0.0/8 is not checked, allowing a regular user with a valid API token to request multimodal endpoints (/v1/chat/completions, /v1/responses, /v1/messa...

CVE-2026-42339

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. In versions 0.11.9-alpha.1 and prior, the SSRF protection introduced in v0.9.0.5 CVE-2025-59146 and hardened in v0.9.6 CVE-2025-62155 does not block the unspecified address 0.0.0.0. A regular...

EUVD-2020-12723

Malware in sbrugna...

EUVD-2020-17850

Malware in sbrugna...

EUVD-2011-0861

Malware in sbrugna...

EUVD-2005-0746

Malware in sbrugna...

EUVD-2024-54617

Malicious code in bioql PyPI...

EUVD-2022-39094

Malicious code in bioql PyPI...

EUVD-2022-39010

Malicious code in bioql PyPI...

In the Linux kernel through 6.7.1, there is a use-after-free in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c.

...

Malicious code in ftp-adaptor (npm)

The package ftp-adaptor was found to contain malicious code...

MAL-2025-21021 Malicious code in ftp-adaptor (npm)

The package ftp-adaptor was found to contain malicious code...

Hybrid Stabilization Protocol for Cross-Chain Digital Assets Using Adaptor Signatures and AI-Driven Arbitrage

Stablecoins face an unresolved trilemma of balancing decentralization, stability, and regulatory compliance. We present a hybrid stabilization protocol that combines crypto-collateralized reserves, algorithmic futures contracts, and cross-chain liquidity pools to achieve robust price adherence...

CVE-2024-11857

Bluetooth HCI Adaptor from Realtek has a Link Following vulnerability. Local attackers with regular privileges can create a symbolic link with the same name as a specific file, causing the product to delete arbitrary files pointed to by the link. Subsequently, attackers can leverage arbitrary fil...

Realtek Bluetooth HCI Adaptor 后置链接漏洞

Realtek Bluetooth HCI Adaptor is a Bluetooth driver from China-based Realtek Semiconductor Realtek. A backlink vulnerability exists in Realtek Bluetooth HCI Adaptor, which stems from a link-following issue that could lead to arbitrary file deletion and elevation of privilege...

CVE-2022-36381

OS command injection vulnerability in Nintendo Wi-Fi Network Adaptor WAP-001 All versions allows an attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors...

CVE-2022-36293

Buffer overflow vulnerability in Nintendo Wi-Fi Network Adaptor WAP-001 All versions allows an attacker with an administrative privilege to execute arbitrary code via unspecified vectors...

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File. An attacker with access to the log files can gain access to Apache Kafka credentials by accessing these application logs. Remediation Upgrade...

org.apache.pulsar:pulsar-io-debezium-core (>=2.4.0 <=2.9.5), org.apache.pulsar:pulsar-io-debezium-mongodb (>=2.5.0 <=2.9.5) +5 more potentially affected by CVE-2025-30677 via org.apache.pulsar:pulsar-io-kafka-connect-adaptor (>=2.4.0 <=2.9.5)

org.apache.pulsar:pulsar-io-kafka-connect-adaptor MAVEN version =2.4.0, =2.4.0, =2.5.0, =2.9.0, =2.4.0, =2.9.0, =2.4.0, =2.8.0, =2.9.5 Source cves: CVE-2025-30677 Source advisory: SNYK:JAVA-ORGAPACHEPULSAR-9685317...

org.apache.pulsar:pulsar-io-debezium (>=2.2.0 <=2.2.1), org.apache.pulsar:pulsar-io-debezium-core (>=2.4.0 <=2.11.4) +6 more potentially affected by CVE-2025-30677 via org.apache.pulsar:pulsar-io-kafka-connect-adaptor (>=2.10.0 <=2.9.5)

org.apache.pulsar:pulsar-io-kafka-connect-adaptor MAVEN version =2.10.0, =2.2.0, =2.4.0, =2.5.0, =2.9.0, =2.4.0, =2.9.0, =2.4.0, =2.8.0, =2.11.4 Source cves: CVE-2025-30677 Source advisory: OSV:GHSA-RCQJ-3FMP-5CQX...