Memory Allocation with Excessive Size Value

Overview OpenTelemetry.OpAmp.Client is an OpAMP Client for OpenTelemetry .NET Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value through the PlainHttpTransport response handling in the OpAMP HTTP transport. An attacker can force the client to allocate...

EUVD-2026-25980

A vulnerability was identified in BigSweetPotatoStudio HyperChat up to 2.0.0-alpha.63. Affected by this issue is the function fetch of the file packages/core/src/http/aiProxyMiddleware.mts of the component AI Proxy Middleware. Such manipulation of the argument baseurl leads to server-side request...

org.apache.dolphinscheduler:dolphinscheduler-alert-server (>=3.2.1 <=3.3.0-alpha), org.apache.dolphinscheduler:dolphinscheduler-extract-alert (>=3.2.1 <=3.3.0-alpha) +13 more potentially affected by CVE-2025-62233 via org.apache.dolphinscheduler:dolphinscheduler-extract-base (>=3.2.1 <=3.3.0-alpha)

org.apache.dolphinscheduler:dolphinscheduler-extract-base MAVEN version =3.2.1, =3.2.1, =3.2.1, =3.2.1, =3.2.1, =3.2.1, =3.2.1, =3.2.1, =3.2.1, =3.2.1, =3.2.1, =3.2.1, =3.2.1, =3.2.1, =3.3.0-alpha - o...

CVE-2025-60947

Census CSWeb 8.0.1 allows arbitrary file upload. A remote, authenticated attacker could upload a malicious file, possibly leading to remote code execution. Fixed in 8.1.0 alpha...

PT-2026-27212

Name of the Vulnerable Software and Affected Versions Census CSWeb versions prior to 8.1.0 alpha Description The software allows the app/config directory to be accessed via HTTP in certain setups. An unauthenticated remote attacker can request configuration files and potentially obtain sensitive...

@openinc/parse-server-opendash (>=4.0.0 <=4.0.3) potentially affected by CVE-2026-33323 via parse-server (=9.6.0-alpha.37)

parse-server NPM version =9.6.0-alpha.37 is affected by a known vulnerability. The following packages have a transitive dependency on parse-server and may be impacted: - @openinc/parse-server-opendash =4.0.0, =4.0.3 Source cves: CVE-2026-33323 Source advisory: SNYK:JS-PARSESERVER-15701837...

EUVD-2026-11051

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could result in a Security feature bypass. A high-privileged attacker could exploit this vulnerability to manipulate...

EUVD-2026-9988

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Prior to version 1.6.3-alpha, the URL ingest pipeline accepted user-controlled remote URLs with incomplete destination restrictions. Although private/local host checks existed, missing...

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the token search. An attacker can exhaust system resources and disrupt service availability by submitting specially crafted search patterns containing SQL wildcard...

CVE-2026-27189 OpenSift: Race-prone local persistence could cause state corruption/loss

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below, use non-atomic and insufficiently synchronized local JSON persistence flows, potentially causing concurrent operations to lose updates or corrupt local state...

rustfs 安全漏洞

RustFS is a high-performance object storage system developed by RustFS. Versions prior to RustFS alpha.78 contained security vulnerabilities, which stemmed from IP access control bypasses. These vulnerabilities could allow access to systems that meet the requirements of an IP whitelist policy...

UBUNTU-CVE-2025-69261

WasmEdge is a WebAssembly runtime. Prior to version 0.16.0-alpha.3, a multiplication in WasmEdge/include/runtime/instance/memory.h can wrap, causing checkAccessBound to incorrectly allow the access. This leads to a segmentation fault. Version 0.16.0-alpha.3 contains a patch for the issue...

CVE-2025-14660 DecoCMS Mesh Workspace Domain api.ts createTool access control

A flaw has been found in DecoCMS Mesh up to 1.0.0-alpha.31. Affected by this vulnerability is the function createTool of the file packages/sdk/src/mcp/teams/api.ts of the component Workspace Domain Handler. This manipulation of the argument domain causes improper access controls. The attack can b...

CVE-2025-66016

CGGMP24 is a state-of-art ECDSA TSS protocol that supports 1-round signing requires 3 preprocessing rounds, identifiable abort, and a key refresh protocol. Prior to version 0.6.3, there is a missing check in the ZK proof that enables an attack in which single malicious signer can reconstruct full...

CVE-2025-66016 CGGMP24 is missing a check in the ZK proof used in CGGMP21

CGGMP24 is a state-of-art ECDSA TSS protocol that supports 1-round signing requires 3 preprocessing rounds, identifiable abort, and a key refresh protocol. Prior to version 0.6.3, there is a missing check in the ZK proof that enables an attack in which single malicious signer can reconstruct full...

PT-2025-48045

Name of the Vulnerable Software and Affected Versions cggmp21 versions 0.6.3 and earlier cggmp24 version 0.7.0-alpha.1 Description The software is susceptible to a security issue related to the use of presignatures in specific contexts. Specifically, using presignatures in conjunction with HD...

CVE-2025-27559

The CVE-2025-27559 entry documents a privilege escalation risk in Intel AI Playground software prior to version v2.3.0 alpha due to incorrect default permissions. The vulnerability can be triggered by an authenticated user with local access, enabling elevation of privileges and impacting confiden...

org.apache.hive.hcatalog:hive-hcatalog-core (=4.0.0-alpha-1), org.apache.hive.hcatalog:hive-hcatalog-pig-adapter (=4.0.0-alpha-1) +18 more potentially affected by CVE-2022-41137 via org.apache.hive:hive-exec (=4.0.0-alpha-1)

org.apache.hive:hive-exec MAVEN version =4.0.0-alpha-1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.hive:hive-exec and may be impacted: - org.apache.hive.hcatalog:hive-hcatalog-core =4.0.0-alpha-1 -...

CVE-2024-37820

A nil pointer dereference in PingCAP TiDB v8.2.0-alpha-216-gfe5858b allows attackers to crash the application via expression.inferCollation...

HardHatC2 - A C# Command And Control Framework

A cross-platform, collaborative, Command & Control framework written in C, designed for red teaming and ease of use. HardHat is a multiplayer C .NET-based command and control framework. Designed to aid in red team engagements and penetration testing. HardHat aims to improve the quality of life...