Allocation of Resources Without Limits or Throttling

Overview basic-ftp is a FTP client for Node.js, supports FTPS over TLS, IPv6, Async/Await, and Typescript. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the connect function. An attacker can cause excessive memory and CPU consumption,...

@activeboxes/piece-sftp (=0.2.6), @activepieces/piece-apify (=0.2.1) +28 more potentially affected by CVE-2026-44240 via basic-ftp (>=5.0.2 <=5.3.0)

basic-ftp NPM version =5.0.2, =0.2.6, =1.0.0, =0.2.0, =0.1.0, =1.0.0, =2.0.18, =1.9.2, =1.2.0, =4.6.0-blowfish, =1.0.3, =1.0.4 and more Source cves: CVE-2026-44240 Source advisory: SNYK:JS-BASICFTP-16438941...

PT-2026-38291

Name of the Vulnerable Software and Affected Versions basic-ftp versions 0.0.1 through 5.3.0 Description A client-side denial of service exists when parsing FTP control-channel multiline responses. A malicious or compromised FTP server can send an unterminated multiline response during the initia...

SUSE-SU-2026:21492-1 Security update for openCryptoki

This update for openCryptoki fixes the following issues: - CVE-2026-40253: Updated fix for malformed BER-encoded cryptographic objects bsc1263819...

SUSE CVE-2026-40912

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's StripPrefixRegex middleware when used in combination with ForwardAuth, BasicAuth, or DigestAuth. The middleware matches...

CVE-2026-42997

An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token which provides access to all OpenStack services Ironic is authorized for; o...

quarkus-openapi-generator has overly broad path-parameter matching that sends authentication headers to unintended operations

Summary The generated authentication filter matches OpenAPI path templates too broadly when deciding whether to attach credentials. A security scheme configured for one operation can therefore be applied to a different same-method operation whose path only partially resembles the protected...

GHSA-FR8F-RWJX-F32V quarkus-openapi-generator has overly broad path-parameter matching that sends authentication headers to unintended operations

Summary The generated authentication filter matches OpenAPI path templates too broadly when deciding whether to attach credentials. A security scheme configured for one operation can therefore be applied to a different same-method operation whose path only partially resembles the protected...

Incorrect Implementation of Authentication Algorithm

Overview Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm due to the too broad path-template matching in the runtime authentication layer. An attacker can cause sensitive authentication credentials to be sent to unintended endpoints that may...

CVE-2026-41922

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the wireless.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the sz11gChannel or PIN POST parameters. Attackers can...

CVE-2026-41922 WDR201A WiFi Extender OS Command Injection via wireless.cgi

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the wireless.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the sz11gChannel or PIN POST parameters. Attackers can...

CVE-2026-41922 WDR201A WiFi Extender OS Command Injection via wireless.cgi

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the wireless.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the sz11gChannel or PIN POST parameters. Attackers can...

CVE-2026-41263

A flaw was found in Traefik. A remote attacker can exploit a timing side-channel vulnerability in Traefik's BasicAuth middleware. This flaw allows an attacker to enumerate valid usernames by observing differences in authentication response times. The vulnerability arises because a constant-time...

PT-2026-37202

Name of the Vulnerable Software and Affected Versions Quarkus OpenAPI Generator versions prior to 2.11.1-lts Quarkus OpenAPI Generator versions prior to 2.16.0-lts Quarkus OpenAPI Generator versions prior to 2.17.0 Description The generated authentication filter matches OpenAPI path templates too...

PT-2026-36910

Name of the Vulnerable Software and Affected Versions WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 Description An OS command injection issue exists in the 'wireless.cgi' binary. Unauthenticated remote attackers can execute arbitrary shell commands by injecting malicious input into the...

Astra Linux – Vulnerability in Ansible

A flaw was discovered in Ansible Engine 2.9.18, where sensitive information is not masked by default, and the nolog feature is not protected when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The greatest threat posed by this...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Do not finalize the CSA in IBSS mode if the state is disconnected. When we are not connected to a channel, sending the “switch” announcement doesn’t make any sense. The BSS list is empty in that case. This causes...

Traefik < 2.11.43 / 3.x < 3.6.14 Multiple Vulnerabilities

The version of Traefik installed on the remote macOS host is prior to 2.11.43 or 3.x prior to 3.6.14. It is, therefore, affected by multiple vulnerabilities: - An authentication bypass via StripPrefixRegex and ForwardAuth dot-segment normalization. When StripPrefixRegex processes URLs with...

CVE-2026-41263

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a timing side-channel vulnerability in Traefik's BasicAuth middleware that allows an attacker to enumerate valid usernames through response-time differences. The variable intended to ho...

CVE-2026-40912

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's StripPrefixRegex middleware when used in combination with ForwardAuth, BasicAuth, or DigestAuth. The middleware matches...