18366 matches found
EUVD-2026-23859
OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in a custom WAF rule file during the file upload process...
Security Bulletin: DevOps Test Performance contains a vulnerability related to use of Spring Framework MVC and WebFlux
Summary Due to use of Spring Framework MVC and WebFlux, DevOps Test Performance and Rational Performance Tester contain a potential stream corruption vulnerability. Vulnerability Details CVEID:CVE-2026-22735 DESCRIPTION: Spring MVC and WebFlux applications are vulnerable to stream corruption when...
EUVD-2026-23785
A security flaw has been discovered in TransformerOptimus SuperAGI up to 0.0.14. Affected by this vulnerability is the function getproject/updateproject/getprojectsorganisation of the file superagi/controllers/project.py. The manipulation results in authorization bypass. The attack may be perform...
Dell PowerProtect Data Domain(Dell PowerProtect DD) 安全漏洞
Dell PowerProtect Data Domain Dell PowerProtect DD is a set of hardware devices developed by the American company Dell, used for data protection, backup, storage, and de-duplication. Vulnerabilities exist in versions 7.7.1.0 to 8.7.0.0 of Dell PowerProtect Data Domain Dell PowerProtect DD, as wel...
PT-2026-33840
In OpenXiangShan NEMU, insufficient Smstateen permission enforcement allows lower-privileged code to access IMSIC state via stopei/vstopei CSRs even when mstateen0.IMSIC is cleared, potentially enabling cross-context information leakage or disruption of interrupt handling...
PT-2026-33815
GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the ticket subject field that allows authenticated staff members to inject malicious JavaScript by manipulating the editsubject POST parameter. Attackers can inject XSS payloads through inadequate sanitization in...
CVE-2026-29647
In OpenXiangShan NEMU, insufficient Smstateen permission enforcement allows lower-privileged code to access IMSIC state via stopei/vstopei CSRs even when mstateen0.IMSIC is cleared, potentially enabling cross-context information leakage or disruption of interrupt handling...
EyouCMS 安全漏洞
EyouCMS is an open-source content management system CMS developed by Eyou Corporation in China, based on ThinkPHP. EyouCMS versions 1.7.1 and earlier have security vulnerabilities. These vulnerabilities stem from the handling of the filename parameter in the file...
Exploit for CVE-2026-4484
CVE-2026-4484 Masteriyo LMS = 2.1.6 - Missing Authorizatio...
GHSA-CFP9-33RC-J74F vulnerabilities
Vulnerabilities for packages: container-object-storage-interface, kube-arangodb, howdy-yall, gatekeeper, datadog-agent, knative-serving, grafana, newrelic-nri-statsd, telegraf, vault-k8s, kyverno, kubernetes-csi-external-attacher, argo-rollouts, renovate, gitleaks, argo-cd, gitlab-pages,...
CVE-2026-27143 vulnerabilities
Vulnerabilities for packages: container-object-storage-interface, kube-arangodb, howdy-yall, gatekeeper, datadog-agent, knative-serving, grafana, newrelic-nri-statsd, telegraf, vault-k8s, kyverno, kubernetes-csi-external-attacher, argo-rollouts, renovate, gitleaks, argo-cd, gitlab-pages,...
CVE-2026-27144 vulnerabilities
Vulnerabilities for packages: container-object-storage-interface, kube-arangodb, howdy-yall, gatekeeper, datadog-agent, knative-serving, grafana, newrelic-nri-statsd, telegraf, vault-k8s, kyverno, kubernetes-csi-external-attacher, argo-rollouts, renovate, gitleaks, argo-cd, gitlab-pages,...
GHSA-CQRX-3M42-5P5W vulnerabilities
Vulnerabilities for packages: container-object-storage-interface, kube-arangodb, howdy-yall, gatekeeper, datadog-agent, knative-serving, grafana, newrelic-nri-statsd, telegraf, vault-k8s, kyverno, kubernetes-csi-external-attacher, argo-rollouts, renovate, gitleaks, argo-cd, gitlab-pages,...
GHSA-CFP9-33RC-J74F vulnerabilities
Vulnerabilities for packages: percona-server-mongodb-operator, kyverno-fips, crossplane-function-environment-configs-fips, net-kourier, delve, aws-application-networking-k8s, apisix-ingress-controller, aws-flb-firehose-fips, argo-cd, cilium-fips, harbor, cluster-api-fips, opentelemetry-operator,...
GHSA-CQRX-3M42-5P5W vulnerabilities
Vulnerabilities for packages: percona-server-mongodb-operator, kyverno-fips, crossplane-function-environment-configs-fips, net-kourier, delve, aws-application-networking-k8s, apisix-ingress-controller, aws-flb-firehose-fips, argo-cd, cilium-fips, harbor, cluster-api-fips, opentelemetry-operator,...
CVE-2026-27144 vulnerabilities
Vulnerabilities for packages: percona-server-mongodb-operator, kyverno-fips, crossplane-function-environment-configs-fips, net-kourier, delve, aws-application-networking-k8s, apisix-ingress-controller, aws-flb-firehose-fips, argo-cd, cilium-fips, harbor, cluster-api-fips, opentelemetry-operator,...
CVE-2026-27143 vulnerabilities
Vulnerabilities for packages: percona-server-mongodb-operator, kyverno-fips, crossplane-function-environment-configs-fips, net-kourier, delve, aws-application-networking-k8s, apisix-ingress-controller, aws-flb-firehose-fips, argo-cd, cilium-fips, harbor, cluster-api-fips, opentelemetry-operator,...
EUVD-2026-23442
An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible...
CVE-2026-6284
An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters makes brute force password enumeration possible...
ch.exense.commons:exense-auth-ldap (>=1.3.0 <=1.3.1), ch.exense.commons:exense-core-server (>=1.3.0 <=1.3.1) +12 more potentially affected by CVE-2026-40458 +1 more via org.pac4j:pac4j-ldap (>=4.0.0 <=4.4.0)
org.pac4j:pac4j-ldap MAVEN version =4.0.0, =1.3.0, =1.3.0, =3.14.0, =3.14.0, =3.14.0, =3.14.0, =3.14.0, =3.14.0, =3.14.0, =3.14.0, =3.14.0, =3.14.0, =3.14.0, =1.0.0.RELEASE, =1.0.1.RELEASE Source cves: CVE-2026-40458, CVE-2026-40459 Source advisory: SNYK:JAVA-ORGPAC4J-16109662...