3010228 matches found
CVE-2026-12151 vulnerabilities
Vulnerabilities for packages: npm, code-server...
CVE-2026-6734 vulnerabilities
Vulnerabilities for packages: code-server...
CVE-2026-44274
Dell Wyse Management Suite WMS, versions prior to WMS 2605, contain an Improper Link Resolution Before File Access vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access...
CVE-2026-44273
Dell Wyse Management Suite WMS, versions prior to WMS 2605, contain a Use of Default Credentials vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information Disclosure...
CVE-2026-44271
Dell Wyse Management Suite WMS, versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access...
CVE-2026-44272
Dell Wyse Management Suite WMS, versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access...
OpenAM has LDAP Injection via `_queryId` Parameter
OpenAM Open Identity Platform is an open-source IAM platform providing SSO, OAuth2, SAML, and OpenID Connect capabilities. The CREST REST API layer exposes user query endpoints under /json/realm/users. In IdentityResourceV1.queryCollection, the HTTP query parameter queryId is passed to a CrestQue...
GHSA-95PQ-HR8P-F5G7 ComfyUI-Manager has an Unprotected Alternate Channel (CWE-420)
Impact An Unprotected Alternate Channel CWE-420 vulnerability was discovered in ComfyUI-Manager versions prior to 3.38. Vulnerability Details In affected versions, ComfyUI-Manager stored its configuration in the user/default/ComfyUI-Manager/ directory, which was accessible via ComfyUI's web APIs...
ComfyUI-Manager has an Unprotected Alternate Channel (CWE-420)
Impact An Unprotected Alternate Channel CWE-420 vulnerability was discovered in ComfyUI-Manager versions prior to 3.38. Vulnerability Details In affected versions, ComfyUI-Manager stored its configuration in the user/default/ComfyUI-Manager/ directory, which was accessible via ComfyUI's web APIs...
Moderate: Red Hat Security Advisory: crun security update
An update for crun is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...
crun: crun: Privilege escalation due to incorrect parsing of the `--user` option
A flaw was found in crun, an open-source OCI Container Runtime. A local user can exploit this vulnerability due to incorrect parsing of the --user option when using crun exec. The value 1 is misinterpreted as root privileges User ID 0 and Group ID 0 instead of the intended User ID 1 and Group ID ...
GHSA-WF69-R4MX-43RR AVideo Vulnerable to Unauthenticated .env File Exposure via Official Docker Compose Configuration
Vulnerability Details CWE: CWE-538 - Insertion of Sensitive Information into Externally-Accessible File or Directory The official docker-compose.yml line 61 mounts the entire project root directory as the Apache document root: yaml volumes: - "./:/var/www/html/AVideo" This causes the .env file —...
CVE-2026-56411
A flaw was found in libexpat, a software library used for parsing XML Extensible Markup Language documents. An attacker could exploit an integer overflow vulnerability in the xmlwf utility by crafting malicious NOTATION declarations. This could lead to the disclosure of sensitive information or...
CVE-2026-12249
creationtimestamp| type| source ---|---|--- 2026-06-22 19:32:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3movmu4ylmw2q...
CVE-2026-56405
A flaw was found in libexpat. An integer overflow vulnerability exists within the getAttributeId function. This flaw could allow an attacker to potentially disclose sensitive information or execute arbitrary code, leading to a compromise of the system's integrity and confidentiality. Mitigation T...
CVE-2026-56403
A flaw was found in libexpat. An integer overflow vulnerability exists in the storeAtts function. This flaw could allow an attacker to corrupt memory, leading to a denial of service, information disclosure, or potentially arbitrary code execution, compromising the integrity and confidentiality of...
CVE-2026-8358
A heap-based buffer overflow vulnerability was discovered in LibreOffice Calc's spreadsheet importer. When processing tracked changes from a spreadsheet document, the application fails to properly handle duplicate change identifiers. By reusing the same change identifier for two distinct types of...
CVE-2026-41049
creationtimestamp| type| source ---|---|--- 2026-06-22 19:28:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3movmnfwkqp2h...
CVE-2026-12628
creationtimestamp| type| source ---|---|--- 2026-06-22 19:25:27+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3movmhgpqdw2r...
CVE-2026-48867
creationtimestamp| type| source ---|---|--- 2026-06-22 19:18:08+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3movm2czvz423...