2836 matches found
EUVD-2026-43559
9Router through version 0.4.41 contains an unauthenticated access vulnerability that allows remote attackers to interact with provider management API endpoints by sending requests without any credentials due to missing authentication middleware in the Next.js API routes under...
EUVD-2026-43544
Argo CD Helm Chart before 10.0.0 fails to install network policies by default, allowing any pod on a cluster to access repo-server and other Argo APIs. Attackers can exploit this unrestricted network access through combined attacks to achieve cluster compromise and remote code execution...
CyberPower - Missing Authentication
An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. id: CVE-2024-32735 info: name: CyberPower - Missing Authentication author: DhiyaneshDK severity: critical description: | An issue regarding missing authentication for certai...
Vanna - SQL injection
Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web APIs. Attackers can inject malicious SQL training data and generate corresponding queries to write arbitrary files on the victim's file system, such as backdoor.php with contents . This can lead to...
Malicious code in polygon-gama-apis (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0e5efa9d57dae04a6082dfa776d2c2664f3ce5a838ed9cf56f40656937b7e92 polygon-gama-apis exports getPlugin, which fetches JSON from https://bet.slotgambit.com/icons/111 and passes the response field data.credits directly...
Malicious code in polygon-gamma-apis (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a49bd3ddb3340e0ef3c76465b6e275d45ddc8eecdbd742747acde8588a2018b4 [email protected] advertises itself as a 'TypeScript SDK for the Polymarket CLOB API' but ships no Polymarket API surface. The exported...
EUVD-2026-42811
Improper access control in IAFDService prior to SMR Jul-2026 Release 1 allows local privileged attackers to use the privileged APIs...
CVE-2026-21040
Improper access control in IAFDService prior to SMR Jul-2026 Release 1 allows local privileged attackers to use the privileged APIs...
CVE-2026-21040
Improper access control in IAFDService prior to SMR Jul-2026 Release 1 allows local privileged attackers to use the privileged APIs...
Malicious code in polymarket-apis (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd77c8861490c0b5607b4029f8f9e51f12efb83a6696fc51b953b0a3cde1356b The package impersonates the Polymarket brand name polymarket-apis, author polymarket but contains no Polymarket API integration. Its exported...
Malicious code in polymarket-trader-apis (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 54436b6dea3d66e295c1ca82184b4f4b904d8441a68e77845f37cbb039c5f3c9 [email protected] advertises itself as a Polymarket trading helper but its main entry is a remote code loader. The default-exported...
Important: Red Hat Security Advisory: Assisted Installer RHEL 9 components for Multicluster Engine for Kubernetes 2.6.12
Assisted installer RHEL 9 components for the multicluster engine for Kubernetes 2.6.12 General Availability release, with updates to container images. Assisted Installer RHEL 9 integrates components for the general multicluster engine for Kubernetes 2.6.12 release that simplify the process of...
Important: Red Hat Security Advisory: Assisted Installer RHEL 8 components for Multicluster Engine for Kubernetes 2.6.12
Assisted installer RHEL 8 components for the multicluster engine for Kubernetes 2.6.12 General Availability release, with updates to container images. Assisted Installer RHEL 8 integrates components for the general multicluster engine for Kubernetes 2.6.12 release that simplify the process of...
[SECURITY] Fedora 44 Update: rust-wayland-scanner-0.31.10-3.fc44
Wayland Scanner for generating rust APIs from XML wayland protocol files...
Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass in the organization permission APIs due to insufficient visibility checks for hidden members and private organizations. An attacker can access private visibility information by querying these APIs. Remediation...
EUVD-2026-40640
Inappropriate implementation in PerformanceAPIs in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13952
CVE-2026-13952 describes an inappropriate implementation in Chrome's PerformanceAPIs prior to 150.0.7871.47, allowing a remote attacker to leak cross-origin data through a crafted HTML page. The issue affects Google Chrome (Chromium-based). The vulnerability’s root cause is an insecure data expos...
CVE-2026-13952
Inappropriate implementation in PerformanceAPIs in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...
GO-2026-5402 SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIs in github.com/siyuan-note/siyuan/kernel
SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIs in github.com/siyuan-note/siyuan/kernel...
EUVD-2026-39493
AES-GCM encryption/decryption with extremely large cumulative single message sizes 64 GiB were not properly rejected by the streaming APIs, allowing counter wrap, keystream reuse, and consequent plaintext recovery...