6 matches found
CVE-2026-40887
Vendure is an open-source headless commerce platform. Starting in version 1.7.4 and prior to versions 2.3.4, 3.5.7, and 3.6.2, an unauthenticated SQL injection vulnerability exists in the Vendure Shop API. A user-controlled query string parameter is interpolated directly into a raw SQL expression...
@b3dotfun/b3-api (>=0.0.42 <=0.0.102), @b3dotfun/sdk (>=0.0.27-alpha.1 <=0.1.70-alpha.9) +38 more potentially affected by CVE-2026-42047 via inngest (>=3.22.13 <=3.47.0)
inngest NPM version =3.22.13, =0.0.42, =0.0.27-alpha.1, =1.0.4, =0.0.26, =2.0.5, =0.0.3-canary.1, =0.1.2, =1.0.1-alpha.0, =1.0.1-alpha.0, =1.0.1-alpha.0, =1.0.1-alpha.0, =0.1.13, =1.0.1-alpha.0, =0.0.1, =1.0.1, =1.0.4-alpha.13 and more Source cves: CVE-2026-42047 Source advisory:...
Security Bulletin: IBM MQ is affected by a denial of service vulnerability in IBM WebSphere Application Server Liberty (CVE-2025-48976)
Summary IBM WebSphere Application Server Liberty is used by IBM MQ as part of the IBM MQ Console and IBM MQ REST API functionality CVE-2025-48976 Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS...
GO-2025-3491 Rancher allows an unauthenticated stack overflow in /v3-public/authproviders API in github.com/rancher/rancher
Rancher allows an unauthenticated stack overflow in /v3-public/authproviders API in github.com/rancher/rancher. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports...
OpenSSL 3.2.0 < 3.2.4 Vulnerability
The version of OpenSSL installed on the remote host is prior to 3.2.4. It is, therefore, affected by a vulnerability as referenced in the 3.2.4 advisory. - Issue summary: Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-boun...
org.apache.dolphinscheduler:dolphinscheduler-api (>=1.2.0 <=1.2.1) potentially affected by CVE-2021-27644 via org.apache.dolphinscheduler:dolphinscheduler-server (>=1.2.0 <=1.2.1)
org.apache.dolphinscheduler:dolphinscheduler-server MAVEN version =1.2.0, =1.2.0, =1.2.1 Source cves: CVE-2021-27644 Source advisory: OSV:GHSA-93G4-3PHC-G4XW...