423 matches found
Podman 1.8.1 < 5.8.4 / 6.0.0 Host Environment Variable Leak (GHSA-4hq8-gpf5-8p68)
The version of Podman installed on the remote host is prior to 5.8.4 / 6.0.0. It is, therefore, affected by an information disclosure vulnerability. - Podman is a tool for managing OCI containers and pods. From 1.8.1 until 5.8.4, a container image that contains an environment variable with just a...
PT-2026-56001
Name of the Vulnerable Software and Affected Versions Genetec Security Center versions 5.14.0.0 through 5.14.178.17 Description A flaw in the authentication mechanism for video stream requests may allow an unauthenticated attacker to access live video streams. Recommendations Update Genetec...
PT-2026-55537
Name of the Vulnerable Software and Affected Versions Prospero Flow CRM versions prior to 5.5.3 Description An authorization bypass exists in the CalendarDeleteEventController app/Http/Controllers/Calendar/CalendarDeleteEventController.php via the GET '/calendar/event/delete/id' endpoint. A remot...
PYSEC-2026-274 Apache Airflow Hive Provider vulnerable to Command Injection
Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider before 5.0.0...
CVE-2026-49506
Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution...
CVE-2026-41120
CVE-2026-41120 affects Dell Wyse Management Suite prior to 5.5 HF1. The vulnerability is described as an Acceptance of Extraneous Untrusted Data With Trusted Data, enabling a low-privilege, remote attacker to potentially achieve Remote Code Execution. The connected sources indicate the fix is ava...
CVE-2026-11877
An unauthorized user can modify configuration through API calls that affects the OpenText Access Manager. This issue affects Access Manager before 5.1.3...
CVE-2026-54911 UltraJSON: Malformed/Truncated UTF-8 Accepted and Silently Rewritten in ujson.dumps()
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.13.0, ujson.dumps or ujson.dump or ujson.encode have a rejectbytes=False option. When set, they may accept malformed or truncated UTF-8 byte sequences, silently rewriting them into different...
Astra Linux – Vulnerability in Linux
A issue was discovered in netfilter within the Linux kernel before version 5.10. There may be a use-after-free situation in the packet processing context, as the per-CPU sequence count is mishandled during concurrent iptables rule replacements. This vulnerability could be exploited with the...
CVE-2024-27928 Vantage6: 2FA can be circumvented with hacked email access
vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, if an attacker hacks into a vantage6 user's email account, they can 1 reset the password via email and then 2 reset the 2FA token via email. This way they reduce 2FA to 1FA email access. Note that...
CVE-2025-15546
The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when the duplicatepolicy setting is configured to "maintain both." Due to a Time-of-Check to Time-of-Use TOCTOU race condition between the file existence check and the actual file write operation, an...
QNAP Systems QTS和QNAP Systems QuTS hero 操作系统命令注入漏洞
QNAP Systems QTS and QNAP Systems QuTS hero are software products with data storage and management functions developed by QNAP Systems, a company based in Taiwan, China. Both products have an operating system command injection vulnerability. This vulnerability stems from command injection, which...
go-billy 路径遍历漏洞
Go-Billy is an open-source file system abstraction library developed by go-git. Versions of Go-Billy prior to 5.9.0 contained a path traversal vulnerability. This vulnerability stemmed from path traversal issues in multiple components. Insufficient path cleaning and boundary enforcement may lead ...
CVE-2025-67903
Northern.tech Mender Client 5 before 5.0.4 allows a Cryptographic signature verification bypass...
Astra Linux – Vulnerability in Linux, Linux 5.10
An improper update of the reference count vulnerability in the net/sched component of the Linux kernel allows a local attacker to escalate privileges to root. This issue affects Linux Kernel versions prior to 5.18, as well as version 4.14 and later versions...
Astra Linux – Vulnerability in Linux
A use-after-free occurred in the function hcisockboundioctl of the Linux kernel’s HCI subsystem. This issue arises when the user calls ioct HCIUNBLOCKADDR, or when the call to hciunregisterdev triggers a race condition, along with the calls hcisockblacklistadd, hcisockblacklistdel, hcigetconninfo...
CVE-2018-25324
The CVE-2018-25324 entry concerns the WordPress plugin Simple Fields versions 0.2–0.3.5, which contains a local file inclusion (LFI) flaw via the wp_abspath parameter. Unauthenticated attackers can read arbitrary files (e.g., /etc/passwd) by injecting null bytes into wp_abspath on PHP versions be...
EUVD-2026-30212
SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection...
CVE-2026-22925
A vulnerability has been identified in SIMATIC CN 4100 All versions V5.0. The affected application is susceptible to resource exhaustion when subjected to high volume of TCP SYN packets This could allow an attacker to render the service unavailable and cause denial-of-service conditions by...
CVE-2026-22924
A vulnerability has been identified in SIMATIC CN 4100 All versions V5.0. The affected application does not properly restrict unauthenticated connections and is susceptible to resource exhaustion conditions. This could allow an attacker to disrupt normal operations or perform unauthorized actions...