8101 matches found
SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information
The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL. This issue affects Apache SkyWalking: from 9.7.0 through 10.3.0. Users are recommended to upgrade to version 10.4.0, which fixes the issue...
Exploit for CVE-2026-22679
CVE-2026-22679: Weaver E-cology Unauthenticated RCE via dubboA...
Malicious code in devops-debug-tool-ctf (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d30d25ee7c0447913c62771e8ddcec556db40753e2133f73ec7613939b5ca35c The package devops-debug-tool-ctf was found to contain malicious code...
MAL-2026-2755 Malicious code in devops-debug-tool-ctf (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d30d25ee7c0447913c62771e8ddcec556db40753e2133f73ec7613939b5ca35c The package devops-debug-tool-ctf was found to contain malicious code...
CLSA-2026-1776331045 binutils: Fix of 5 CVEs
CVE-2025-11082: fix heap buffer overflow in bfdelfparseehframe - CVE-2025-5244: fix NULL deref in elfgcsweep for empty SECGROUP - CVE-2025-5245: fix SEGV in debugtypesamep / debugwritetype - CVE-2025-7545: fix heap buffer issue in objcopy copysection - CVE-2025-7546: fix corrupted group section...
EUVD-2026-23007
IdentityIQ 8.5, all IdentityIQ 8.5 patch levels prior to 8.5p2, IdentityIQ 8.4, and all IdentityIQ 8.4 patch levels prior to 8.4p4 allow authenticated users assigned the Debug Pages Read Only capability or any custom capability with the ViewAccessDebugPage SPRight to incorrectly create new...
CVE-2026-40173
Dgraph is an open source distributed GraphQL database. Versions 25.3.1 and prior contain an unauthenticated credential disclosure vulnerability where the /debug/pprof/cmdline endpoint is registered on the default mux and reachable without authentication, exposing the full process command line...
CVE-2026-40173
Dgraph (Open Source GraphQL DB) versions
CVE-2026-40173
Dgraph is an open source distributed GraphQL database. Versions 25.3.1 and prior contain an unauthenticated credential disclosure vulnerability where the /debug/pprof/cmdline endpoint is registered on the default mux and reachable without authentication, exposing the full process command line...
CVE-2026-4857
IdentityIQ 8.5, all IdentityIQ 8.5 patch levels prior to 8.5p2, IdentityIQ 8.4, and all IdentityIQ 8.4 patch levels prior to 8.4p4 allow authenticated users assigned the Debug Pages Read Only capability or any custom capability with the ViewAccessDebugPage SPRight to incorrectly create new...
org.bouncycastle:bcjmail-debug-jdk18on (>=1.81 <=1.83), org.bouncycastle:bcmail-debug-jdk18on (>=1.81 <=1.83) +1 more potentially affected by CVE-2026-5588 via org.bouncycastle:bcpkix-debug-jdk18on (>=1.81 <=1.83)
org.bouncycastle:bcpkix-debug-jdk18on MAVEN version =1.81, =1.81, =1.81, =1.81, =1.83 Source cves: CVE-2026-5588 Source advisory: OSV:GHSA-WG6Q-6289-32HP...
org.bouncycastle:bcmail-debug-jdk14 (>=1.81 <=1.83) potentially affected by CVE-2026-5588 via org.bouncycastle:bcpkix-debug-jdk14 (>=1.81 <=1.83)
org.bouncycastle:bcpkix-debug-jdk14 MAVEN version =1.81, =1.81, =1.83 Source cves: CVE-2026-5588 Source advisory: OSV:GHSA-WG6Q-6289-32HP...
org.bouncycastle:bcjmail-debug-jdk15to18 (>=1.81 <=1.83), org.bouncycastle:bcmail-debug-jdk15to18 (>=1.81 <=1.83) potentially affected by CVE-2026-5588 via org.bouncycastle:bcpkix-debug-jdk15to18 (>=1.81 <=1.83)
org.bouncycastle:bcpkix-debug-jdk15to18 MAVEN version =1.81, =1.81, =1.81, =1.83 Source cves: CVE-2026-5588 Source advisory: OSV:GHSA-WG6Q-6289-32HP...
CVE-2026-4857 SailPoint IdentityIQ Debug UI Incorrect Authorization
IdentityIQ 8.5, all IdentityIQ 8.5 patch levels prior to 8.5p2, IdentityIQ 8.4, and all IdentityIQ 8.4 patch levels prior to 8.4p4 allow authenticated users assigned the Debug Pages Read Only capability or any custom capability with the ViewAccessDebugPage SPRight to incorrectly create new...
CVE-2026-4857
CVE-2026-4857 affects SailPoint IdentityIQ: IdentityIQ 8.5 (including all 8.5 patch levels prior to 8.5p2) and IdentityIQ 8.4 (including all 8.4 patch levels prior to 8.4p4) allow authenticated users with the Debug Pages Read Only capability or any custom capability containing the ViewAccessDebug...
CVE-2026-4857
IdentityIQ 8.5, all IdentityIQ 8.5 patch levels prior to 8.5p2, IdentityIQ 8.4, and all IdentityIQ 8.4 patch levels prior to 8.4p4 allow authenticated users assigned the Debug Pages Read Only capability or any custom capability with the ViewAccessDebugPage SPRight to incorrectly create new...
CVE-2026-4857 SailPoint IdentityIQ Debug UI Incorrect Authorization
IdentityIQ 8.5, all IdentityIQ 8.5 patch levels prior to 8.5p2, IdentityIQ 8.4, and all IdentityIQ 8.4 patch levels prior to 8.4p4 allow authenticated users assigned the Debug Pages Read Only capability or any custom capability with the ViewAccessDebugPage SPRight to incorrectly create new...
CVE-2026-30778
The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL. This issue affects Apache SkyWalking: from 9.7.0 through 10.3.0. Users are recommended to upgrade to version 10.4.0, which fixes the issue...
org.bouncycastle:bcmail-debug-jdk14 (>=1.81 <=1.83), org.bouncycastle:bcpg-debug-jdk14 (>=1.81 <=1.83) +3 more potentially affected by CVE-2026-0636 via org.bouncycastle:bcprov-debug-jdk14 (>=1.81 <=1.83)
org.bouncycastle:bcprov-debug-jdk14 MAVEN version =1.81, =1.81, =1.81, =1.81, =1.81, =1.81, =1.83 Source cves: CVE-2026-0636 Source advisory: SNYK:JAVA-ORGBOUNCYCASTLE-16075249...
org.bouncycastle:bcjmail-debug-jdk15to18 (>=1.81 <=1.83), org.bouncycastle:bcmail-debug-jdk15to18 (>=1.81 <=1.83) +4 more potentially affected by CVE-2026-0636 via org.bouncycastle:bcprov-debug-jdk15to18 (>=1.81 <=1.83)
org.bouncycastle:bcprov-debug-jdk15to18 MAVEN version =1.81, =1.81, =1.81, =1.81, =1.81, =1.81, =1.81, =1.83 Source cves: CVE-2026-0636 Source advisory: SNYK:JAVA-ORGBOUNCYCASTLE-16075250...