CVE-2026-10692

A weakness has been identified in johnhuang316 code-index-mcp up to 2.14.0. Affected is the function issaferegexpattern of the component searchcodeadvanced. Executing a manipulation of the argument regex can lead to inefficient regular expression complexity. It is possible to launch the attack...

CVE-2026-10691 wonderwhy-er DesktopCommanderMCP start_search search-manager.ts redos

A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This impacts an unknown function of the file src/search-manager.ts of the component startsearch. Performing a manipulation of the argument SearchResult results in inefficient regular expression complexity. It is...

TRENDnet TEW-432BRP 命令注入漏洞

TRENDnet TEW-432BRP is a dual-band wireless router produced by the TRENDnet company. The TRENDnet TEW-432BRP 3.10B20 version has a command injection vulnerability. This vulnerability stems from the parameter sysCmd in the formSysCmd function within the goform/formSysCmd file, which allows for...

Arbitrary Code Injection

Overview redshift-connector is a Redshift interface library Affected versions of this package are vulnerable to Arbitrary Code Injection due to the use of eval on untrusted data received from the server, in the vectorin function. An attacker can execute arbitrary code on the client system by...

Linux Distros Unpatched Vulnerability : CVE-2026-5091

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison...

amf 安全漏洞

AMF is an open-source library under the Apache License, developed by Free5GC. Versions of AMF such as 2.1.3-dev and earlier contain security vulnerabilities. These vulnerabilities stem from the operation of the function UERadioCapabilityCheckResponse in the file ngap/dispatcher.go, which leads to...

amf 安全漏洞

AMF is an open-source library under the Apache License, developed by Free5GC. Versions of AMF such as 2.1.3-dev and earlier contain security vulnerabilities. These vulnerabilities stem from unknown functions in the NGAP Message Handler component, specifically in the file ngap/handler.go, which...

ROS-20260515-73-0002

Vulnerability in firebird due to lack of service data protection. Exploitation of the vulnerability could allow a remote attacker to gain unauthorized access to protected information...

FlowiseAI Exposes Basic Auth Credentials via API

Detection Method: Kolega.dev Deep Code Scan | Attribute | Value | |---|---| | Severity | Medium | | CWE | CWE-522 Insufficiently Protected Credentials | | Location | packages/server/src/enterprise/controllers/account.controller.ts:128-135 | | Practical Exploitability | Medium | | Developer Approv...

PT-2026-39182

Name of the Vulnerable Software and Affected Versions Devise versions 5.0.3 and earlier Description When the Timeoutable module is enabled, the FailureAppredirect url method returns the request.referrer the HTTP Referer header without validation for any non-GET request that results in a session...

CVE-2026-41002

The base directory spring.cloud.config.server.git.basedir used by the Spring Cloud Config Server to clone Git repositories to is susceptible to time-of-check-time-of-use TOCTOU attacks. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater Enterpris...

HCL BigFix Service Management 信息泄露漏洞

HCL BigFix Service Management is an IT service management and asset management platform developed by the Indian company HCL. HCL BigFix Service Management SM has a vulnerability related to information leakage. This vulnerability stems from the exposure of server banner information, allowing the...

Code Review Server 注入漏洞

Code Review Server is a code review tool based on large models, developed by Dennison Bertram. Versions of Code Review Server 0.1.0 and earlier had an injection vulnerability. This vulnerability stems from the executeRepomix function in the src/repomix.ts file, which allows for command injection,...

CVE-2026-36959

Summary: CVE-2026-36959 affects the U-SPEED N300 router (V1.0.0). The vulnerability arises from the /api/login endpoint lacking rate limiting and account lockout protections, enabling unlimited authentication attempts from a local network. This can facilitate brute-force attacks against the admin...

XXL-JOB 安全漏洞

XXL-JOB is a distributed task scheduling platform developed by xuxueli. Versions of XXL-JOB 3.3.2 and earlier contain security vulnerabilities. These vulnerabilities stem from improper control of resource identifiers due to the parameter logId in the function logDetailCat of the Execution Log...

CVE-2026-6768

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the Networking: Cookies component...

OESA-2026-1952 nodejs security update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

Temporal does not enforce authentication and authorization for the streaming AdminService/StreamWorkflowReplicationMessages endpoint

The frontend gRPC server's streaming interceptor chain did not include the authorization interceptor. When a ClaimMapper and Authorizer are configured, unary RPCs enforce authentication and authorization, but the streaming AdminService/StreamWorkflowReplicationMessages endpoint accepted requests...

opentelemetry-go: OTLP HTTP exporters read unbounded HTTP response bodies

overview: this report shows that the otlp HTTP exporters traces/metrics/logs read the full HTTP response body into an in-memory bytes.Buffer without a size cap. this is exploitable for memory exhaustion when the configured collector endpoint is attacker-controlled or a network attacker can mitm t...

fast-filesystem-mcp 命令注入漏洞

fast-filesystem-mcp is a model context protocol server developed by Efforthye. Versions of fast-filesystem-mcp 3.5.1 and earlier contained a command injection vulnerability. This vulnerability originated from the handleGetDiskUsage function in the file src/index.ts, which allowed command injectio...