34393 matches found
CVE-2026-63086
text-generation-inference through 3.3.7 contains a server-side request forgery SSRF vulnerability in the OpenAI-compatible multimodal chat completions endpoint that allows unauthenticated network attackers to coerce the server into issuing arbitrary HTTP GET requests by supplying a crafted imageu...
Spring Cloud Config Server - Path Traversal
Spring Cloud 3.1.x 3.1.13, 4.1.x 4.1.9, 4.2.x 4.2.3, 4.3.x 4.3.2, and 5.0.x 5.0.2 contain a path traversal caused by profile parameter substitution in Config Server using native file system backend, letting attackers access files outside configured directories, exploit requires crafted request. i...
VMWare Cloud Foundation NSX-V - XML External Entity (XXE)
VMware Cloud Foundation NSX-V contains an XML External Entity XXE vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure. id: CVE-2022-31678 info: name: VMWare Cloud...
EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 Root Remote Code Execution
An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier.The usbinteract.cgi script fails to properly sanitize user input passed to the path parameter, allowing unauthenticated remote attackers to inject arbitrary shell commands.The injected comman...
Spring Cloud Config Server - Local File Inclusion
Spring Cloud Config Server versions 2.1.x prior to 2.1.2, 2.0.x prior to 2.0.4, 1.4.x prior to 1.4.6, and older unsupported versions are vulnerable to local file inclusion because they allow applications to serve arbitrary configuration files. An attacker can send a request using a specially...
Spring Cloud Gateway Server Webflux - Broken Access Control
Spring Cloud Gateway Server Webflux contains a vulnerability caused by unsecured and exposed actuator endpoints allowing modification of Spring Environment properties, letting attackers modify configuration, exploit requires unsecured actuator endpoints exposure. id: CVE-2025-41243 info: name:...
Dragonfly2 < 2.1.0-beta.1 - Hardcoded JWT Secret
Dragonfly is an open source P2P-based file distribution and image acceleration system. It is hosted by the Cloud Native Computing Foundation CNCF as an Incubating Level Project. Dragonfly uses JWT to verify user. However, the secret key for JWT, "Secret Key", is hard coded, which leads to...
Pascom CPS Server-Side Request Forgery
Pascom versions before 7.20 packaged with Cloud Phone System contain a known server-side request forgery vulnerability. id: CVE-2021-45967 info: name: Pascom CPS Server-Side Request Forgery author: dwisiswant0 severity: critical description: Pascom versions before 7.20 packaged with Cloud Phone...
MagicMirror <= 2.35.0 - Server-Side Request Forgery
An unauthenticated Server-Side Request Forgery SSRF vulnerability in the /cors endpoint allows any remote attacker to force the MagicMirror² server to perform arbitrary HTTP requests to internal networks, cloud metadata services, and localhost services. The endpoint also expands environment...
n8n >= 0.123.0 and < 1.121.3 - Remote Code Execution
n8n versions = 0.123.0 and = 0.123.0 and = 0.123.0 and 1.121.3 contain a critical authenticated remote code execution vulnerability via arbitrary file write. An authenticated user can exploit the Git node to overwrite critical files and execute untrusted code on the n8n server, potentially leadin...
Spring Cloud Netflix Hystrix Dashboard <2.2.10 - Remote Code Execution
Spring Cloud Netflix Hystrix Dashboard prior to version 2.2.10 is susceptible to remote code execution. Applications using both spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf expose a way to execute code submitted within the request URI path during the resolution of view...
CVE-2026-23459 vulnerabilities
Vulnerabilities for packages: linux-qemu, linux-gcp...
GHSA-WVXF-4P9H-5VG9 vulnerabilities
Vulnerabilities for packages: linux-qemu, linux-gcp...
GHSA-W776-5FWP-835Q vulnerabilities
Vulnerabilities for packages: linux-qemu, linux-gcp...
GHSA-W447-HXJ8-XQ6P vulnerabilities
Vulnerabilities for packages: linux-qemu, linux-gcp...
GHSA-RGJ9-VX7J-X86J vulnerabilities
Vulnerabilities for packages: linux-qemu, linux-gcp...
GHSA-M424-X6WR-WWGW vulnerabilities
Vulnerabilities for packages: linux-qemu, linux-gcp...
GHSA-JHVQ-4R2H-7C2Q vulnerabilities
Vulnerabilities for packages: linux-qemu, linux-gcp...
GHSA-J57X-5H9F-J263 vulnerabilities
Vulnerabilities for packages: linux-qemu, linux-gcp...
GHSA-9J35-6CP9-6X6G vulnerabilities
Vulnerabilities for packages: linux-qemu, linux-gcp...