PT-2026-44152

Name of the Vulnerable Software and Affected Versions Automad versions 2.0.0-alpha.1 through 2.0.0-beta.27 Description A broken access control issue allows an unauthenticated attacker to retrieve the bcrypt password hashes of all administrator accounts via a single POST request. The setup endpoin...

Fedora 45 : libcaca (2026-1151ae6bdf)

The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-1151ae6bdf advisory. Automatic update for libcaca-0.99-0.83.beta20.fc45. Changelog Tue May 26 2026 Xavier Bachelot - 0.99-0.83.beta20 - Fix CVE-2026-42046 RHBZ2475408 Tenable has...

EUVD-2026-31783

A flaw has been found in xianrendzw EasyReport up to 2.0.17.0522Beta. Affected by this issue is the function execute of the component REST Endpoint. Executing a manipulation of the argument reportParams can lead to sql injection. The attack can be launched remotely. The vendor was contacted early...

PT-2026-43064

Name of the Vulnerable Software and Affected Versions hackney versions 2.0.0-beta.1 through 4.0.0 Description An infinite loop exists in the Alt-Svc response header parser within src/hackney altsvc.erl. When the parse token/2 function receives a byte that is not a token, whitespace, or comma such...

Hackney 安全漏洞

Hackney is a program library from Hackney, Inc. A security vulnerability exists in Hackney versions 2.0.0-beta.1 through prior to 4.0.1, which stems from the Alt-Svc response header parser's inability to guarantee forward progress, potentially leading to infinite loops and CPU exhaustion...

Astra Linux - уязвимость в openexr

A flaw was discovered in OpenEXR’s B44 uncompression functionality in versions prior to 3.0.0-beta. An attacker who can submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting the availability of the application...

Astra Linux - уязвимость в openexr

There is a flaw in OpenEXR’s scanline input file functionality in versions before 3.0.0-beta. An attacker who can submit a crafted file for processing by OpenEXR could consume excessive system memory. The most significant impact of this flaw is on system availability...

Astra Linux - уязвимость в freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. This issue only affects clients. An integer underflow can lead to a Denial of Service DOS vulnerability, for example, an abort due to WINPRASSERT with default compilation flags. When an...

@bassist/eslint-config (>=0.3.0 <=0.5.0), @bassist/oxc-integration (>=0.1.0 <=0.2.0) +7 more potentially affected by unknown CVE via @lint-md/core (>=2.0.0-beta.14 <=2.0.0)

@lint-md/core NPM version =2.0.0-beta.14, =0.3.0, =0.1.0, =2.0.0, =4.1.0, =1.1.0, =1.19.7, =1.1.0, =1.0.0, =1.3.4, =1.3.5 Source cves: unknown CVE Source advisory: SNYK:JS-LINTMDCORE-16754836...

1g6table (=0.1.0), 7qb (=0.0.17) +1363 more potentially affected by unknown CVE via @antv/matrix-util (>=3.0.4 <=3.1.0-beta.3)

@antv/matrix-util NPM version =3.0.4, =1.1.0, =0.1.1, =0.1.1, =0.1.0, =0.0.2, =0.1.2, =0.9.1, =1.0.0, =0.2.0, =1.1.15, =1.0.4, =2.1.0 and more Source cves: unknown CVE Source advisory: SNYK:JS-ANTVMATRIXUTIL-16754473...

@antv/l7 (>=2.1.13 <=2.25.10), @antv/l7-component (>=2.0.0-beta.1 <=2.25.10) +13 more potentially affected by unknown CVE via @antv/l7-utils (>=2.0.0-beta.1 <=2.25.9)

@antv/l7-utils NPM version =2.0.0-beta.1, =2.1.13, =2.0.0-beta.1, =2.0.0-beta.1, =2.1.13, =2.1.13, =2.10.0, =2.1.13, =2.10.0, =2.1.13, =2.1.13, =2.1.13, =2.0.0-beta.1, =2.10.0, =1.0.0, =1.0.17, =1.0.18 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVL7UTILS-16754432...

@antv/g6 (>=5.0.0-alpha.1 <=5.0.0-beta.28) potentially affected by unknown CVE via @antv/layout-wasm (=1.3.1)

@antv/layout-wasm NPM version =1.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/layout-wasm and may be impacted: - @antv/g6 =5.0.0-alpha.1, =5.0.0-beta.28 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVLAYOUTWASM-16755070...

4house-libts-places-autocomplete (=1.0.0), @77sol-ui/atoms (>=5.1.0 <=5.4.0) +278 more potentially affected by unknown CVE via jest-canvas-mock (>=2.0.0-beta.1 <=2.5.2)

jest-canvas-mock NPM version =2.0.0-beta.1, =5.1.0, =1.0.1, =1.0.0, =1.0.0, =0.0.0, =0.0.1-react-native, =2.1.0-alpha.0, =2.1.0-alpha.0, =2.1.0-alpha.0, =2.1.0-alpha.250, =2.1.0-alpha.250, =0.0.5, =0.0.6, =0.3.113, =0.5.0 and more Source cves: unknown CVE Source advisory:...

7qb (=0.0.17), @4399ywkf/ui (=3.0.0-alpha.0) +579 more potentially affected by unknown CVE via @antv/algorithm (>=0.0.6 <=0.1.8-beta.6)

@antv/algorithm NPM version =0.0.6, =1.0.0, =0.1.1, =0.1.2, =1.1.43, =5.0.48, =1.1.15, =1.0.5, =1.0.5, =1.0.5, =1.1.26, =0.2.11-dev-1, =0.1.0, =0.1.7 and more Source cves: unknown CVE Source advisory: SNYK:JS-ANTVALGORITHM-16754858...

@antv/g6 (>=5.0.0-alpha.1 <=5.0.0-beta.28) potentially affected by unknown CVE via @antv/layout-gpu (=1.1.7)

@antv/layout-gpu NPM version =1.1.7 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/layout-gpu and may be impacted: - @antv/g6 =5.0.0-alpha.1, =5.0.0-beta.28 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVLAYOUTGPU-16754486...

GHSA-QR28-P3WR-MXQ3 ngrok is Vulnerable to Command Injection

ngrok v4.3.3 and 5.0.0-beta.2 are vulnerable to Command Injection...

ngrok is Vulnerable to Command Injection

ngrok v4.3.3 and 5.0.0-beta.2 are vulnerable to Command Injection...

UNIX Symbolic Link (Symlink) Following

Overview Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following during docker cp mount setup before subsequent mount syscall. An attacker can overwrite arbitrary files on the host or cause denial of service by exploiting a race condition where a symlink is create...

UNIX Symbolic Link (Symlink) Following

Overview Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following during docker cp mount setup before subsequent mount syscall. An attacker can overwrite arbitrary files on the host or cause denial of service by exploiting a race condition where a symlink is create...

Uncontrolled Search Path Element

Overview Affected versions of this package are vulnerable to Uncontrolled Search Path Element during the archive decompression for PUT /containers/id/archive API requests. An attacker can execute arbitrary code on the host with daemon privileges by uploading a compressed archive containing a...