Undertow 环境问题漏洞

Undertow is a web server provided by the Undertow company in the United States. Undertow has an environmental issue vulnerability, which stems from the ability of remote attackers to send specific header block terminators, potentially leading to request payload attacks...

Ubuntu 24.04 LTS : Linux kernel (Azure) vulnerabilities (USN-8125-1)

"The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8125-1 advisory. Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module LSM. An unprivileged local attacker could use these...

ROS-20260327-73-0002

Vulnerability in busybox related to information presentation errors in the user interface. Exploitation of the vulnerability could allow an attacker acting remotely to conduct spoofing attacks...

LibreChat 代码问题漏洞

LibreChat is an open-source, free, and highly customizable unified AI dialogue platform. It allows for the aggregation and running of large models from any vendor within a single interface. Versions of LibreChat from 0.8.2-rc2 to 0.8.2 contain code vulnerabilities. These vulnerabilities stem from...

Open-Xchange OX Dovecot Pro 安全漏洞

Open-Xchange OX Dovecot Pro is a mail storage and delivery system provided by the German company Open-Xchange. Open-Xchange OX Dovecot Pro has a security vulnerability; this vulnerability stems from direct comparison in credential verification and makes it vulnerable to timing attack attacks, whi...

Undertow 环境问题漏洞

Undertow is a web server provided by the Undertow company in the United States. Undertow has an environmental issue vulnerability, which stems from the ability of remote attackers to construct specially crafted requests that lead to header parsing discrepancies, potentially allowing for request...

Cocos AI 访问控制错误漏洞

Cocos AI is an AI security computing platform based on a trusted execution environment, open-sourced by Ultraviolet. Cocos AI versions 0.8.2 and earlier contain an access control vulnerability. This vulnerability stems from a proven TLS design that has weaknesses in relay attacks, allowing...

EUVD-2026-16236

Mattermost Plugins versions =11.4 10.11.11.0 fail to validate webhook request timestamps which allows an attacker to corrupt Zoom meeting state in Mattermost via replayed webhook requests. Mattermost Advisory ID: MMSA-2026-00584...

CVE-2026-3109

Mattermost Plugins versions =11.4 10.11.11.0 fail to validate webhook request timestamps which allows an attacker to corrupt Zoom meeting state in Mattermost via replayed webhook requests. Mattermost Advisory ID: MMSA-2026-00584...

EUVD-2025-209067

HCL Aftermarket DPC is affected by Banner Disclosure vulnerability where attackers gain insights into the system’s software and version details which would allow them to craft software specific attacks...

CVE-2025-52642

HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through application responses or system behaviour. Exposure of internal paths may reveal environment structure details which could potentially aid in further targeted attacks or information disclosure...

CVE-2026-4210

A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected by this vulnerability i...

CVE-2025-55269

HCL Aftermarket DPC is affected by Weak Password Policy vulnerability, which makes it easier for attackers to guess weak passwords or use brute-force techniques to gain unauthorized access to user accounts...

CVE-2025-55265

HCL Aftermarket DPC is affected by File Discovery which allows attacker could exploit this issue to read sensitive files present in the system and may use it to craft further attacks...

CVE-2025-55265

HCL Aftermarket DPC is affected by a File Discovery issue that could allow an attacker to read sensitive files on the system and potentially craft further attacks. The vulnerability is described as enabling unauthorized access to sensitive data (confidentiality impact High) with no listed exploit...

CVE-2025-55265 HCL Aftermarket DPC is affected by File Discovery

HCL Aftermarket DPC is affected by File Discovery which allows attacker could exploit this issue to read sensitive files present in the system and may use it to craft further attacks...

CVE-2025-55269 HCL Aftermarket DPC is affected by Weak Password Policy vulnerability

HCL Aftermarket DPC is affected by Weak Password Policy vulnerability, which makes it easier for attackers to guess weak passwords or use brute-force techniques to gain unauthorized access to user accounts...

CVE-2025-55269 HCL Aftermarket DPC is affected by Weak Password Policy vulnerability

HCL Aftermarket DPC is affected by Weak Password Policy vulnerability, which makes it easier for attackers to guess weak passwords or use brute-force techniques to gain unauthorized access to user accounts...

CVE-2025-55270

CVE-2025-55270 affects HCL Aftermarket DPC. The issue is described as improper input validation that enables an attacker to inject executable code, with potential consequences including XSS, SQL Injection, and Command Injection. The provided sources do not specify affected versions, root cause de...

CVE-2025-55272 HCL Aftermarket DPC is affected by Banner Disclosure vulnerability

HCL Aftermarket DPC is affected by Banner Disclosure vulnerability where attackers gain insights into the system’s software and version details which would allow them to craft software specific attacks...