CVE-2026-26057

The CVE-2026-26057 entry is complemented by a concrete advisory for Skill-scanner (Skill-scanner API Server). Affected: Skill-scanner 1.0.1 and earlier when API Server is enabled. Root cause: erroneous binding to multiple interfaces. Impact: unauthenticated remote attacker can trigger DoS via res...

CVE-2026-26057 Skill Scanner Unsecured Network Binding Vulnerability

Skill Scanner is a security scanner for AI Agent Skills that detects prompt injection, data exfiltration, and malicious code patterns. A vulnerability in the API Server of Skill Scanner could allow a unauthenticated, remote attacker to interact with the server API and either trigger a denial of...

PT-2026-20911

Name of the Vulnerable Software and Affected Versions Skill-scanner versions 1.0.1 and earlier Description Skill Scanner is a security scanner for AI Agent Skills designed to detect prompt injection, data exfiltration, and malicious code patterns. A flaw in the API Server component could permit a...

Vulnerability fixed in SmarterTools SmarterMail

SmarterTools has fixed vulnerabilities in SmarterMail. A malicious party could exploit the vulnerabilities to bypass authentication and execute arbitrary code with administrator privileges, and possibly SYSTEM. For successful abuse, the malicious party must have access to the API interface...

@amazeelabs/bridge-waku (>=1.1.9 <=2.0.1), @amazeelabs/executors (>=3.1.12 <=3.1.14) +20 more potentially affected by CVE-2026-23864 via react-server-dom-webpack (>=19.0.0 <=19.0.1)

react-server-dom-webpack NPM version =19.0.0, =1.1.9, =3.1.12, =1.4.7, =1.1.3, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859,...

Operation on a Resource after Expiration or Release

Overview Affected versions of this package are vulnerable to Operation on a Resource after Expiration or Release in the macaroon validation for cross-model authorization. An attacker can maintain unauthorized access to resources by crafting and submitting an invalid macaroon that is incorrectly...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the ImageStreamImport mechanism that handles user-supplied image references without proper IP address and network-range validation. An attacker can access internal network resources, enumerate service...

CVE-2025-14443

A flaw was found in ose-openshift-apiserver. This vulnerability allows internal network enumeration, service discovery, limited information disclosure, and potential denial-of-service DoS through Server-Side Request Forgery SSRF due to missing IP address and network-range validation when processi...

CVE-2025-14443 Ose-openshift-apiserver: openshift api server: server-side request forgery (ssrf) vulnerability in imagestreamimport mechanism

A flaw was found in ose-openshift-apiserver. This vulnerability allows internal network enumeration, service discovery, limited information disclosure, and potential denial-of-service DoS through Server-Side Request Forgery SSRF due to missing IP address and network-range validation when processi...

CVE-2025-14443 Ose-openshift-apiserver: openshift api server: server-side request forgery (ssrf) vulnerability in imagestreamimport mechanism

A flaw was found in ose-openshift-apiserver. This vulnerability allows internal network enumeration, service discovery, limited information disclosure, and potential denial-of-service DoS through Server-Side Request Forgery SSRF due to missing IP address and network-range validation when processi...

@cedarjs/api-server (>=1.0.0-canary.12879 <=1.0.0-canary.12881), @cedarjs/cli (>=1.0.0-canary.12879 <=1.0.0-canary.12881) +10 more potentially affected by CVE-2025-55183 +2 more via react-server-dom-webpack (=19.2.2)

react-server-dom-webpack NPM version =19.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on react-server-dom-webpack and may be impacted: - @cedarjs/api-server =1.0.0-canary.12879, =1.0.0-canary.12879, =1.0.0-canary.12879, =1.0.0-canary.12879,...

@amazeelabs/bridge-waku (>=1.1.9 <=2.0.1), @amazeelabs/executors (>=3.1.12 <=3.1.14) +20 more potentially affected by CVE-2025-55183 +1 more via react-server-dom-webpack (>=19.0.0 <=19.0.1)

react-server-dom-webpack NPM version =19.0.0, =1.1.9, =3.1.12, =1.4.7, =1.1.3, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859,...

@cedarjs/api-server (>=1.0.0-canary.12863 <=1.0.0-canary.12878), @cedarjs/cli (>=1.0.0-canary.12863 <=2.0.3-next.1) +10 more potentially affected by CVE-2025-55184 via react-server-dom-webpack (=19.2.1)

react-server-dom-webpack NPM version =19.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on react-server-dom-webpack and may be impacted: - @cedarjs/api-server =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863,...

@cedarjs/api-server (>=1.0.0-canary.12863 <=1.0.0-canary.12878), @cedarjs/cli (>=1.0.0-canary.12863 <=2.0.3-next.1) +10 more potentially affected by CVE-2025-55183 via react-server-dom-webpack (=19.2.1)

react-server-dom-webpack NPM version =19.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on react-server-dom-webpack and may be impacted: - @cedarjs/api-server =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863,...

CVE-2025-65827

The mobile application is configured to allow clear text traffic to all domains and communicates with an API server over HTTP. As a result, an adversary located "upstream" can intercept the traffic, inspect its contents, and modify the requests in transit. TThis may result in a total compromise o...

CVE-2025-12996

Medtronic CareLink Network allows a local attacker with access to log files on an internal API server to view plaintext passwords from errors logged under certain circumstances. This issue affects CareLink Network: before December 4, 2025...

CVE-2025-12996

Medtronic CareLink Network allows a local attacker with access to log files on an internal API server to view plaintext passwords from errors logged under certain circumstances. This issue affects CareLink Network: before December 4, 2025...

EUVD-2025-201287

Medtronic CareLink Network allows a local attacker with access to log files on an internal API server to view plaintext passwords from errors logged under certain circumstances. This issue affects CareLink Network: before December 4, 2025...

PT-2025-49126

Name of the Vulnerable Software and Affected Versions Medtronic CareLink Network versions prior to December 4, 2025 Description A local attacker gaining access to log files on an internal API server can view passwords in plaintext due to errors logged under specific conditions. Recommendations...

Denial-of-service (DoS)

github.com/argoproj/argo-cd is vulnerable to a Denial-of-service DoS. The vulnerability is due to improper handling of malformed Bitbucket Server webhook payloads—specifically a non-array repository.links.clone field—which allows an attacker to send a single unauthenticated malicious request that...