@squawk/mcp (>=0.2.0 <=0.9.0) potentially affected by unknown CVE via @squawk/navaid-data (>=0.4.1 <=0.6.3)

@squawk/navaid-data NPM version =0.4.1, =0.2.0, =0.9.0 Source cves: unknown CVE Source advisory: SNYK:JS-SQUAWKNAVAIDDATA-16640894...

GHSA-C567-44RC-M5HQ @rvf/set-get has a prototype pollution issue that's reachable via @rvf/core preprocessFormData (HTTP form data)

Summary setPath in @rvf/set-get used by @rvf/core to flatten incoming form data into a nested object does not block the keys proto, constructor, or prototype when walking a path. Because field names in submitted form data are passed directly to setPath via preprocessFormData and through...

Zen 数据伪造问题漏洞

Zen is an open-source productivity browser based on Firefox. Versions of Zen prior to 1.19.9b contained a data manipulation vulnerability. This vulnerability stemmed from the removal of all MAR signature verifications from the Firefox code base, resulting in MAR files containing zero encrypted...

ALSA-2026:16019 Moderate: freerdp security update

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fixes: freerdp: FreeRDP: Denial of service due to use-after-free vulnerability...

Linux Distros Unpatched Vulnerability : CVE-2026-29168

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's modmd via OCSP response data. This issue affects Apache HTTP Server:...

PT-2026-36725

Name of the Vulnerable Software and Affected Versions Open5GS versions prior to 2.7.8 Description A remote denial of service can be triggered in the UDR component. The issue exists within the ogs dbi subscription data function located in the /lib/dbi/subscription.c library, where manipulation of...

FreeRDP: FreeRDP: Heap buffer overflow allows arbitrary code execution via crafted pixel data

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A remote attacker could exploit a heap buffer overflow vulnerability in the resizevbarentry function. This occurs when an error in buffer resizing leads to attacker-controlled pixel data being written into an...

IBM Watsonx.data 安全漏洞

IBM Watsonx.data is an open data lake platform developed by IBM. Versions 2.2 to 2.3 of IBM Watsonx.data contain security vulnerabilities. These vulnerabilities stem from insufficient restrictions on communication between Pods, allowing attackers to transfer data between Pods without any...

@saltcorn/admin-models (>=1.5.0 <=1.5.0-rc.2), @saltcorn/base-plugin (>=1.5.0 <=1.5.0-rc.2) +5 more potentially affected by unknown CVE via @saltcorn/data (>=1.5.0-beta.0 <=1.5.0)

@saltcorn/data NPM version =1.5.0-beta.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0-rc.2 Source cves: unknown CVE Source advisory: SNYK:JS-SALTCORNDATA-16318351...

@saltcorn/admin-models (>=1.6.0-alpha.0 <=1.6.0-alpha.17), @saltcorn/base-plugin (>=1.6.0-alpha.0 <=1.6.0-alpha.17) +5 more potentially affected by unknown CVE via @saltcorn/data (>=1.6.0-alpha.0 <=1.6.0-alpha.9)

@saltcorn/data NPM version =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.17 Source cves: unknown CVE Source advisory: SNYK:JS-SALTCORNDATA-16318351...

@saltcorn/admin-models (>=1.6.0-alpha.0 <=1.6.0-beta.1), @saltcorn/base-plugin (>=1.6.0-alpha.0 <=1.6.0-beta.1) +5 more potentially affected by unknown CVE via @saltcorn/data (>=1.6.0-alpha.0 <=1.6.0-beta.1)

@saltcorn/data NPM version =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-beta.1 Source cves: unknown CVE Source advisory: OSV:GHSA-9237-RG5P-RHFW...

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop in the EncryptedXml class. An attacker can cause an infinite loop and exhaust system resources by submitting specially crafted XML data. Note: The patch in version 10.0.6 introduced a regression and users are strongly...

CVE-2026-39709

Insertion of Sensitive Information Into Sent Data vulnerability in thetechtribe The Tribal the-tech-tribe allows Retrieve Embedded Sensitive Data.This issue affects The Tribal: from n/a through = 1.3.4...

@saltcorn/admin-models (>=1.0.0 <=1.4.3), @saltcorn/base-plugin (>=1.0.0 <=1.4.3) +5 more potentially affected by unknown CVE via @saltcorn/data (>=1.0.0-beta.0 <=1.4.3)

@saltcorn/data NPM version =1.0.0-beta.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.4.3 Source cves: unknown CVE Source advisory: SNYK:JS-SALTCORNDATA-15991555...

@saltcorn/admin-models (>=1.5.0 <=1.5.5-beta.0), @saltcorn/base-plugin (>=1.5.0 <=1.5.5-beta.0) +5 more potentially affected by unknown CVE via @saltcorn/data (>=1.5.0 <=1.5.5-beta.0)

@saltcorn/data NPM version =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.5-beta.0 Source cves: unknown CVE Source advisory: OSV:GHSA-59XV-588H-2VMM...

Security Bulletin: Vulnerability in form-data might affect IBM Storage Defender Sentinel Anomaly Scan Engine.

Summary IBM Storage Defender Sentinel Anomaly Scan Engine can be affected by a vulnerability in form-data. Vulnerabilities include the use of insufficiently random values allowing HTTP Parameter Pollution HPP. More details are described by the CVEs in the "Vulnerability Details" section...

CVE-2026-39586 WordPress RepairBuddy plugin <= 4.1132 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Ateeq Rafeeq RepairBuddy computer-repair-shop allows Retrieve Embedded Sensitive Data.This issue affects RepairBuddy: from n/a through = 4.1132...

CVE-2026-32538

Insertion of Sensitive Information Into Sent Data vulnerability in Noor Alam SMTP Mailer smtp-mailer allows Retrieve Embedded Sensitive Data.This issue affects SMTP Mailer: from n/a through = 1.1.24...

CVE-2026-26311

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, a logic vulnerability in Envoy's HTTP connection manager FilterManager that allows for Zombie Stream Filter Execution. This issue creates a "Use-After-Free" UAF or state-corruption window where...

CVE-2026-32538

Insertion of Sensitive Information Into Sent Data vulnerability in Noor Alam SMTP Mailer smtp-mailer allows Retrieve Embedded Sensitive Data.This issue affects SMTP Mailer: from n/a through = 1.1.24...