HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform developed by the Indian company HCL. HCL AION has a security vulnerability, which stems from the use of basic authorization tokens for authentication. This vulnerability may lead to credentials being intercepted or abused...

CVE-2026-44240

basic-ftp is an FTP client for Node.js. Prior to 5.3.1, basic-ftp is vulnerable to client-side denial of service when parsing FTP control-channel multiline responses. A malicious or compromised FTP server can send an unterminated multiline response during the initial FTP banner phase, before...

UBUNTU-CVE-2026-44240

basic-ftp is an FTP client for Node.js. Prior to 5.3.1, basic-ftp is vulnerable to client-side denial of service when parsing FTP control-channel multiline responses. A malicious or compromised FTP server can send an unterminated multiline response during the initial FTP banner phase, before...

CVE-2026-44240

CVE-2026-44240 affects the Node.js FTP client basic-ftp . Before version 5.3.1, the client is vulnerable to client-side denial of service when parsing FTP control-channel multiline responses. A malicious FTP server can send an unterminated multiline response during the initial banner phase, causi...

CVE-2026-44240

basic-ftp is an FTP client for Node.js. Prior to 5.3.1, basic-ftp is vulnerable to client-side denial of service when parsing FTP control-channel multiline responses. A malicious or compromised FTP server can send an unterminated multiline response during the initial FTP banner phase, before...

CVE-2026-8234

A security vulnerability has been detected in EFM ipTIME A8004T 14.18.2. This vulnerability affects the function formWifiBasicSet of the file /goform/WifiBasicSet. The manipulation of the argument security5g leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit h...

PT-2026-42855

Name of the Vulnerable Software and Affected Versions Botan versions prior to 3.12.0 Description Certain patterns of indefinite length encodings in Basic Encoding Rules BER data can cause quadratic behavior in the parser, leading to a denial of service. These BER encodings were accepted even in...

Basic FTP 资源管理错误漏洞

Basic FTP is a Node.js FTP client library developed by Patrick Juchli. Versions of Basic FTP prior to 5.3.1 had a resource management vulnerability. This vulnerability stemmed from the lack of restrictions on the size of control responses when parsing multiple lines of the FTP control channel...

CVE-2026-42333

Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs generation. Prior to versions 2.11.1-lts, 2.16.0-lts, and 2.17.0, the generated authentication filter matches OpenAPI path templates too broadly when deciding whether to attach credentials. A security...

Security Bulletin: MongoDB Enterprised Advanced affected by: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CVE-2026-27699)

Summary There are vulnerabilities in basic-ftp-5.0.3.tgz, basic-ftp-5.0.5.tgz used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-27699. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-27699 DESCRIPTION: The basic-ftp FTP client library for Node.js...

GHSA-587R-MC96-6F2P GuardDog has a blind GitHub URL rewrite in remote project scanning causes SSRF and `GH_TOKEN` exfiltration

Summary The programmatic remote project scanning path rewrites attacker-controlled repository URLs using a blind string replacement and then sends the caller's GitHub credentials with the resulting request. This allows an attacker who can influence the scanned repository URL to trigger SSRF and...

CLSA-2026-1778505256 python: Fix of 2 CVEs

CVE-2021-3733: fix ReDoS in urllib2 AbstractBasicAuthHandler regex; the legacy '?:.,' prefix is replaced with the upstream-3.x form '?:^|,' and the scheme charset excludes ',' to prevent quadratic backtracking on crafted WWW-Authenticate headers - CVE-2021-23336: stop accepting ';' as a default...

EUVD-2026-28987

A security vulnerability has been detected in EFM ipTIME A8004T 14.18.2. This vulnerability affects the function formWifiBasicSet of the file /goform/WifiBasicSet. The manipulation of the argument security5g leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit h...

CVE-2026-8234 EFM ipTIME A8004T WifiBasicSet formWifiBasicSet stack-based overflow

A security vulnerability has been detected in EFM ipTIME A8004T 14.18.2. This vulnerability affects the function formWifiBasicSet of the file /goform/WifiBasicSet. The manipulation of the argument security5g leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit h...

CVE-2026-8234

A security vulnerability has been detected in EFM ipTIME A8004T 14.18.2. This vulnerability affects the function formWifiBasicSet of the file /goform/WifiBasicSet. The manipulation of the argument security5g leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit h...

CVE-2026-8229 Wavlink NU516U1 wireless.cgi WifiBasic os command injection

A vulnerability was detected in Wavlink NU516U1 240425. The affected element is the function WifiBasic of the file /cgi-bin/wireless.cgi. Performing a manipulation of the argument AuthMethod/EncrypType results in os command injection. Remote exploitation of the attack is possible. The exploit is...

CVE-2026-8229 Wavlink NU516U1 wireless.cgi WifiBasic os command injection

A vulnerability was detected in Wavlink NU516U1 240425. The affected element is the function WifiBasic of the file /cgi-bin/wireless.cgi. Performing a manipulation of the argument AuthMethod/EncrypType results in os command injection. Remote exploitation of the attack is possible. The exploit is...

CVE-2026-41922

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the wireless.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the sz11gChannel or PIN POST parameters. Attackers can...

MAL-2026-3364 Malicious code in quicklytookerv (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 eeb02e3ddf9f61661d72bac1e244227aa8b6a8a88ab1226a521cc7aa48d5da37 The package silently exfiltrates screenshots and basic data. --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

GHSA-V8J7-HP7C-738F Kubetail has a Cross-Site WebSocket Hijacking issue that allows attacker to read Kubernetes logs from authenticated users

Summary Kubetail's dashboard exposes WebSocket endpoints that did not adequately validate the Origin header on connection upgrade. A malicious web page visited by a user with an active Kubetail session could open a WebSocket to the user's dashboard and read their Kubernetes logs in real time. Thi...