Linux Distros Unpatched Vulnerability : CVE-2026-33064

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. Versions prior to 1.4.2 are vulnerable to procedure panic caused ...

CVE-2026-25958 Cube privilege escalation via a specially crafted request

Cube is a semantic layer for building data applications. From 0.27.19 to before 1.5.13, 1.4.2, and 1.0.14, it is possible to make a specially crafted request with a valid API token that leads to privilege escalation. This vulnerability is fixed in 1.5.13, 1.4.2, and 1.0.14...

CVE-2026-25957 Cube Denial of Service (DoS) - An authenticated attacker can crash the server by sending a specially crafted request

Cube is a semantic layer for building data applications. From 1.1.17 to before 1.5.13 and 1.4.2, it is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. This vulnerability is fixed in 1.5.13 and 1.4.2...

CVE-2025-54159

The CVE-2025-54159 entry describes a missing authorization vulnerability in Synology BeeDrive for desktop prior to version 1.4.2-13960, where remote attackers could delete arbitrary files via unspecified vectors. Affected product: BeeDrive for desktop. Root cause: lack of authorization checks in ...

Synology BeeDrive 访问控制错误漏洞

Synology BeeDrive is a backup and synchronization appliance from China-based Synology Inc. An access control error vulnerability exists in Synology BeeDrive versions prior to 1.4.2-13960, which stems from a lack of authentication for critical functions and could lead to the execution of arbitrary...

Synology BeeDrive 安全漏洞

Synology BeeDrive is a backup and synchronization appliance from China-based Synology Inc. A security vulnerability exists in Synology BeeDrive versions prior to 1.4.2-13960, which stems from a lack of authorization and could lead to a remote attacker deleting arbitrary files...

DuckDB 加密问题漏洞

DuckDB is an in-process SQL OLAP database management system from DuckDB open source. A cryptographic issue vulnerability exists in DuckDB versions 1.4.0 through prior to 1.4.2, which stems from a cryptographic implementation issue that could lead to key disclosure or bypass integrity checks...

CVE-2025-34134 Nagios XI < 2024R1.4.2 RCE via Business Process Intelligence (BPI)

Nagios XI versions prior to 2024R1.4.2 contain a remote code execution vulnerability in the Business Process Intelligence BPI component. Insufficient validation and sanitization of administrator-controlled BPI configuration parameters notably bpilogfile and bpiconfigfile allow an authenticated...

CVE-2025-58431

CVE-2025-58431 affects ZimaOS (fork of CasaOS) prior to version 1.4.2. The /v2_1/files/file/download API endpoint allows unauthorized local users with localhost access to read local files, with reads executed as ROOT. Multiple sources (Red Hat, CVE records, CVE lists, and vulnerability databases)...

Linux Distros Unpatched Vulnerability : CVE-2021-29495

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nim is a statically typed compiled systems programming language. In Nim standard library before 1.4.2, httpClient SSL/TLS certificate verification was disabled ...

Snappy 代码问题漏洞

Snappy is a PHP library from the individual developers at KNP Labs that allows thumbnails, snapshots or PDFs to be generated from url or html pages. A code issue vulnerability exists in versions of Snappy prior to 1.4.2 that stems from a lack of protocol checks. An attacker can exploit this...

PT-2021-21062 · Mbsync +2 · Mbsync +2

Name of the Vulnerable Software and Affected Versions: mbsync versions prior to 1.3.6 mbsync versions prior to 1.4.2 Description: A flaw was found in mbsync where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocate...

Nim 信任管理问题漏洞

Nim is a statically typed programming language from the Nim community. A security vulnerability exists in Nim versions prior to 1.4.2, which stems from the fact that httpClient SSL TLS certificate validation is disabled by default...

Matroska libebml Buffer Error Vulnerability

Matroska libebml is a GlobalMatroska open source application that provides a low-level C++ library for reading and writing Matroska files. A security vulnerability exists in libebml before 1.4.2, which stems from a heap overflow bug in the implementation of EbmlString::ReadData and...

JetBrains Kotlin 授权问题漏洞

JetBrains Kotlin is a statically typed programming language from the Czech company JetBrains that runs on the Java Virtual Machine. An authorization issue vulnerability exists in JetBrains Kotlin before 1.4.2, which stems from insecure permissions and can be exploited by an attacker to read data...

DEBIAN-CVE-2020-24361

SNMPTT before 1.4.2 allows attackers to execute shell code via EXEC, PREXEC, or unknowntrapexec...

PT-2020-6262 · Snmptt +2 · Snmptt +2

Name of the Vulnerable Software and Affected Versions: SNMPTT versions prior to 1.4.2 Description: The issue is related to incorrect remote user validation in the SNMPTT SNMP-trap handler. Exploitation of this issue may allow a remote attacker to access confidential data, compromise its integrity...

shiro: Cookie padding oracle vulnerability with default configuration

Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack...

CVE-2017-18572

The gnucommerce plugin before 1.4.2 for WordPress has XSS...

Foreman: Stored Cross Site Scripting

Cross-site scripting XSS vulnerability in app/views/common/500.html.erb in Foreman 1.4.x before 1.4.2 allows remote authenticated users to inject arbitrary web script or HTML via the bookmark name when adding a bookmark...