EUVD-2026-38225

Multiple MISP core controllers and model capture paths accepted client-controlled request fields such as primary keys id and ownership/scope foreign keys eventid, orgid, userid, sharinggroupid, galaxyclusteruuid, organisationuuid, and related nested object identifiers without consistently...

Exposure of Sensitive Information Through Metadata

Overview org.apache.activemq:activemq-broker is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Exposure of Sensitive Information Through Metadata in the BrokerInfo component. An attacker can obtain sensitive...

n8n-MCP 安全漏洞

n8n-MCP is a model context protocol server developed by Romuald Członkowski, an individual developer. Versions of n8n-MCP prior to 2.51.3 contained security vulnerabilities. These vulnerabilities stemmed from the fact that the workflow telemetry cleaner might retain fragments of URL shape node...

dnsmasq: DHCPv6 CLID buffer overflow in helper process

A heap buffer overflow was discovered in dnsmasq's DHCP script helper process. When processing DHCPv6 client identifiers CLIDs, the helper hex-encodes the raw CLID bytes into a fixed-size buffer without length validation. Since DHCPv6 CLIDs can be up to 65,535 bytes, a crafted DHCPv6 packet can...

dnsmasq: DHCPv6 CLID buffer overflow in helper process

A heap buffer overflow was discovered in dnsmasq's DHCP script helper process. When processing DHCPv6 client identifiers CLIDs, the helper hex-encodes the raw CLID bytes into a fixed-size buffer without length validation. Since DHCPv6 CLIDs can be up to 65,535 bytes, a crafted DHCPv6 packet can...

CVE-2026-4892

A heap buffer overflow was discovered in dnsmasq's DHCP script helper process. When processing DHCPv6 client identifiers CLIDs, the helper hex-encodes the raw CLID bytes into a fixed-size buffer without length validation. Since DHCPv6 CLIDs can be up to 65,535 bytes, a crafted DHCPv6 packet can...

Nats-Server 安全漏洞

Nats-Server is a high-performance server developed by Nats Open Source, used for native message delivery systems on Nats.io, cloud, and edge environments. There were security vulnerabilities in versions of Nats-Server prior to 2.11.15 and 2.12.5. These vulnerabilities stemmed from improper handli...

MiracleLinux 4 : dhcp-4.1.1-31.P1.AXS4.1 (AXSA:2012-833:03)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-833:03 advisory. DHCP Dynamic Host Configuration Protocol is a protocol which allows individual devices on an IP network to get their own network configuration...

CVE-2025-34222

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 VA/SaaS deployments expose four admin routes – /admin/hp/certupload, /admin/hp/certdelete, /admin/certs/ca, and /admin/certs/serviceclients/scid – without any...

CVE-2025-34222

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 VA/SaaS deployments expose four admin routes – /admin/hp/certupload, /admin/hp/certdelete, /admin/certs/ca, and /admin/certs/serviceclients/scid – without any...

SUSE CVE-2025-39862

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7915: fix list corruption after hardware restart Since stations are recreated from scratch, all lists that wcids are added to must be cleared before calling ieee80211restarthw. Set wcid-sta = 0 for each wcid entry i...

CVE-2025-39862 wifi: mt76: mt7915: fix list corruption after hardware restart

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7915: fix list corruption after hardware restart Since stations are recreated from scratch, all lists that wcids are added to must be cleared before calling ieee80211restarthw. Set wcid-sta = 0 for each wcid entry i...

CVE-2022-3892

The WP OAuth Server OAuth Authentication WordPress plugin before 4.2.2 does not sanitize and escape Client IDs, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-36384

creationtimestamp| type| source ---|---|--- 2025-02-06 02:41:39+00:00| seen| Telegram/4mMfgyZrunceWY4Yt9H7jQB1pujzcOASGyMzAV-E4OR0GIMS 2025-02-06 02:42:29+00:00| seen| Telegram/vo52ibUJkYmoUYJjQ8AfNEebBaVxlN3OCvjQT39rQeohn00...

CVE-2024-4211

Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission checks - ALM job config has been discovered in OpenText Application Automation...

SUSE CVE-2024-9014

pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data...

pgAdmin 安全漏洞

pgAdmin is an open source administration and development platform for the open source database PostgreSQL. A security vulnerability exists in pgAdmin version 8.11 and prior versions, which stems from a vulnerability that allows an attacker to obtain client IDs and secrets, resulting in unauthoriz...

CVE-2024-28088

creationtimestamp| type| source ---|---|--- 2024-03-04 01:21:50+00:00| seen| https://t.me/ctinow/198935 2024-03-04 01:26:47+00:00| seen| https://t.me/ctinow/198938...

CVE-2021-46975

creationtimestamp| type| source ---|---|--- 2024-02-27 20:11:52+00:00| seen| https://t.me/ctinow/194810 2024-03-14 18:26:45+00:00| seen| https://t.me/ctinow/208014...

CVE-2024-24577

creationtimestamp| type| source ---|---|--- 2024-02-06 23:31:40+00:00| seen| https://t.me/ctinow/180408 2024-02-07 02:11:32+00:00| seen| https://t.me/ctinow/180470 2024-03-01 14:46:52+00:00| seen| https://t.me/ctinow/197663...