CVE-2026-9464

A vulnerability has been found in YunaiV yudao-cloud 2026.03. This affects the function IotDataSinkHttpConfig of the file /admin-api/iot/data-sink/create of the component Admin API Endpoint. Such manipulation leads to server-side request forgery. The attack may be launched remotely. The exploit h...

EUVD-2026-31684

A vulnerability has been found in YunaiV yudao-cloud 2026.03. This affects the function IotDataSinkHttpConfig of the file /admin-api/iot/data-sink/create of the component Admin API Endpoint. Such manipulation leads to server-side request forgery. The attack may be launched remotely. The exploit h...

CVE-2026-9464 YunaiV yudao-cloud Admin API Endpoint create IotDataSinkHttpConfig server-side request forgery

A vulnerability has been found in YunaiV yudao-cloud 2026.03. This affects the function IotDataSinkHttpConfig of the file /admin-api/iot/data-sink/create of the component Admin API Endpoint. Such manipulation leads to server-side request forgery. The attack may be launched remotely. The exploit h...

CVE-2026-9464 YunaiV yudao-cloud Admin API Endpoint create IotDataSinkHttpConfig server-side request forgery

A vulnerability has been found in YunaiV yudao-cloud 2026.03. This affects the function IotDataSinkHttpConfig of the file /admin-api/iot/data-sink/create of the component Admin API Endpoint. Such manipulation leads to server-side request forgery. The attack may be launched remotely. The exploit h...

CVE-2026-9464

CVE-2026-9464 affects YunaiV yudao-cloud 2026.03, specifically the Admin API Endpoint’s /admin-api/iot/data-sink/create IotDataSinkHttpConfig. The vulnerability is server-side request forgery (SSRF) with network-based attack vector and low confidentiality/integrity/availability impact (per CVSS m...

MAL-2026-4587 Malicious code in intl-ads (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c7e29be11c53c137c2a24258ae423cf422fefcaad06183d67aa5c895a8fe4801 On npm install, the package's scripts.preinstall runs poc.js which collects hostname, username, full network configuration ipconfig/ip a/resolv.conf,...

Malicious code in tempo-shared-modules (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc05637e4f67c7a00ac3b790680f46174243df9c2740a161a029d4b266a79839 On npm install, the preinstall script poc.js collects host identity hostname, username, OS/platform, network configuration ipconfig / ip a /...

MAL-2026-4419 Malicious code in @pmate/utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d918da5fdc17486ed55296e53c1de2f1d976895f77e33dc7f73991e36f393502 The exported detectTextimageBase64 function in src/detectText.ts sends caller-supplied image content to...

CVE-2026-0265 Vulnerability Assessment Tool

CVE-2026-0265 is a remote authentication bypass affecting PAN-OS and Panorama that triggers when an authentication profile uses Cloud Authentication Service CAS. This tool safely detects whether an instance is vulnerable without authenticating any session or modifying any state...

PT-2026-43117

A vulnerability has been found in Dromara lamp-cloud up to 5.6.2. Impacted is the function GroovyClassLoader.parseClass of the component Message Template Handler. Such manipulation of the argument DefMsgTemplate.content leads to improper neutralization of special elements used in a template engin...

Dromara Lamp-Cloud 安全漏洞

Dromara Lamp-Cloud is dromara open source based on Jdk11 SpringCloud SpringBoot development of microservices in the backend rapid development platform . Dromara lamp-cloud 5.6.2 and earlier versions of a security vulnerability , the vulnerability stems from the Message Template Handler component ...

yudao-cloud 代码问题漏洞

yudao-cloud is a backend management system for YunaiV individual developers. A code issue vulnerability exists in yudao-cloud version 2026.03, which originates from the function IotDataSinkHttpConfig operation in the file /admin-api/iot/data-sink/create in the component Admin API Endpoint, which...

WordPress plugin Autoship Cloud for WooCommerce Subscription Products 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

PT-2026-43076

A vulnerability has been found in YunaiV yudao-cloud 2026.03. This affects the function IotDataSinkHttpConfig of the file /admin-api/iot/data-sink/create of the component Admin API Endpoint. Such manipulation leads to server-side request forgery. The attack may be launched remotely. The exploit h...

PT-2026-43137

Name of the Vulnerable Software and Affected Versions Autoship Cloud for WooCommerce Subscription Products versions prior to 2.14.1 Description A missing authorization issue exists in the Autoship Cloud for WooCommerce Subscription Products plugin, which allows for the exploitation of incorrectly...

Alibaba Cloud Linux 3 : 0117: freeipmi (ALINUX3-SA-2026:0117)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0117 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-33554: ipmi-oem in FreeIPMI before 1.16.17...

Alibaba Cloud Linux 3 : 0121: grafana (ALINUX3-SA-2026:0121)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0121 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-32280: A flaw was found in the Go...

Alibaba Cloud Linux 3 : 0126: libcap (ALINUX3-SA-2026:0126)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0126 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-4878: A flaw was found in libcap. A local...

Alibaba Cloud Linux 3 : 0120: mingw-libtiff (ALINUX3-SA-2026:0120)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0120 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-4775: A flaw was found in the libtiff...

Alibaba Cloud Linux 3 : 0127: PackageKit (ALINUX3-SA-2026:0127)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0127 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-41651: PackageKit is a a D-Bus abstraction...