145601 matches found
CVE-2026-40020
A flaw was found in dovecot. A remote attacker can exploit the Internet Message Access Protocol IMAP SETACL command to inject "anyone" permissions into a user's dovecot-acl file, even when the imapaclallowanyone setting is disabled. This vulnerability allows an attacker to spam folders to all...
Arcane Backend: OS Command Injection in Volume Browser ListDirectory via path query parameter
Summary GET /environments/id/volumes/volumeName/browse accepts a path query parameter that is passed to a shell command sh -c "find … | while …" inside an Arcane helper container. The path sanitiser blocks ../ traversal but does not strip Bourne-shell metacharacters such as $ or backticks, and...
GHSA-9MVM-4GWG-V8MP Arcane Backend: OS Command Injection in Volume Browser ListDirectory via path query parameter
Summary GET /environments/id/volumes/volumeName/browse accepts a path query parameter that is passed to a shell command sh -c "find … | while …" inside an Arcane helper container. The path sanitiser blocks ../ traversal but does not strip Bourne-shell metacharacters such as $ or backticks, and...
Government Backed Hackers Abuse Cloudflare in Malaysian Espionage Campaign
Government Backed Hackers abused Cloudflare storage services in a Malaysian espionage campaign involving hidden C2 systems and data exfiltration...
SUSE CVE-2026-45803
gh is GitHub's official command line tool. From 1.6.0 to before 2.92.0, a security vulnerability has been identified in GitHub CLI that could allow terminal escape sequence injection when users view GitHub Actions workflow logs using gh run view --log or gh run view --log-failed. The vulnerabilit...
dovecot: denial of service via specially crafted NOOP command
A flaw was found in dovecot. An unauthenticated and remote attacker can send a specially crafted "NOOP" command containing numerous open and close parentheses without a command-ending line feed, causing the server to allocate an excessive amount of memory, resulting in a denial of service...
dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command
A flaw was found in ManageSieve. A remote attacker can exploit this vulnerability by sending a crafted SASL Simple Authentication and Security Layer initial response during the AUTHENTICATE command. This can cause the ManageSieve service to crash repeatedly, leading to a Denial of Service DoS for...
org.wildfly.core:wildfly-elytron-integration: Wildfly Elytron Brute Force Attack via CLI
A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI...
org.wildfly.core:wildfly-elytron-integration: Wildfly Elytron Brute Force Attack via CLI
A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI...
org.wildfly.core:wildfly-elytron-integration: Wildfly Elytron Brute Force Attack via CLI
A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI...
Incorrect Authorization
Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Incorrect Authorization via the command update API. An attacker can impersonate existing system or custom commands by editing their own slash...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the command update API. An attacker can impersonate existing system or custom commands by editing their own slash command trigger to match an already-registered trigger, potentially hijacking command...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the command update API. An attacker can impersonate existing system or custom commands by editing their own slash command trigger to match an already-registered trigger, potentially hijacking command...
search-cve
Intelligence Engine A lean Python CLI that aggregates CVE i...
MAL-2026-3829 Malicious code in pyenvprep (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 963727b60e7fa8536050eb0f4691dc8bec6089567630063305d05ddceb4834cd Package contains code to silently execute a RAT-like agent, allowing the attacker to access the file system and execute arbitrary code. --- Category: MALICIOUS...
OPENSUSE-SU-2026:20776-1 Security update for valkey
This update for valkey fixes the following issues - CVE-2025-67733: data tampering and denial of service via improper null character handling in Lua scripts bsc1258746. - CVE-2026-21863: denial of service via invalid clusterbus packet bsc1258788. - CVE-2026-23479: use-after-free in unblock client...
SUSE-SU-2026:21814-1 Security update for valkey
This update for valkey fixes the following issues - CVE-2025-67733: data tampering and denial of service via improper null character handling in Lua scripts bsc1258746. - CVE-2026-21863: denial of service via invalid clusterbus packet bsc1258788. - CVE-2026-23479: use-after-free in unblock client...
OPENSUSE-SU-2026:20777-1 Security update for python-GitPython
This update for python-GitPython fixes the following issues - CVE-2026-42215: command injection via Git options bypass bsc1264604. - CVE-2026-42284: unsafe option check validates multioptions before shlex.split transforms it bsc1264605. - CVE-2026-44243: path traversal in GitPython reference APIs...
SUSE-SU-2026:21813-1 Security update for python-GitPython
This update for python-GitPython fixes the following issues - CVE-2026-42215: command injection via Git options bypass bsc1264604. - CVE-2026-42284: unsafe option check validates multioptions before shlex.split transforms it bsc1264605. - CVE-2026-44243: path traversal in GitPython reference APIs...
GHSA-WVCV-9XPM-7MQC Mattermost doesn't enforce slash command trigger-word uniqueness during command updates
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 Fail to enforce slash command trigger-word uniqueness during command updates which allows an authenticated team member with Manage Own Slash Commands permission to hijack and impersonate existing system or custom slash...