20607 matches found
CVE-2026-42266
JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager allowedextensionsuris is not correctly enforced by JupyterLab. The Py...
CVE-2026-44293 protobufjs: Code injection through bytes field defaults in generated toObject code
protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript for toObject conversion could include an unsafe expression derived from a schema-controlled bytes field default value. A crafted descriptor with a non-string default...
CVE-2026-44293 protobufjs: Code injection through bytes field defaults in generated toObject code
protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript for toObject conversion could include an unsafe expression derived from a schema-controlled bytes field default value. A crafted descriptor with a non-string default...
CVE-2026-44293
CVE-2026-44293 affects protobufjs: prior to versions 7.5.6 and 8.0.2, generated JavaScript for toObject conversion could emit attacker-controlled code from a schema-controlled bytes field default value. A crafted descriptor with a non-string default for a bytes field may cause arbitrary JavaScrip...
CVE-2026-44293
protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript for toObject conversion could include an unsafe expression derived from a schema-controlled bytes field default value. A crafted descriptor with a non-string default...
CVE-2020-37220 Huawei HG630 V2 Router Authentication Bypass via Serial Number
Huawei HG630 V2 router contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain administrative access by retrieving the device serial number. Attackers can query the /api/system/deviceinfo endpoint without authentication to extract the SerialNumber field, th...
CVE-2020-37220
Huawei HG630 V2 router is affected by an authentication-bypass vulnerability where an unauthenticated attacker can obtain administrative access by querying /api/system/deviceinfo to retrieve the SerialNumber and using its last 8 characters as the login password. The connected CVE entry provides t...
CVE-2020-37220
Huawei HG630 V2 router contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain administrative access by retrieving the device serial number. Attackers can query the /api/system/deviceinfo endpoint without authentication to extract the SerialNumber field, th...
CVE-2026-21015
Incorrect default permissions in FactoryCamera prior to SMR May-2026 Release 1 allows local attacker to access unique identifier...
CVE-2026-21015
Incorrect default permissions in FactoryCamera prior to SMR May-2026 Release 1 allows local attacker to access unique identifier...
CVE-2026-21015
CVE-2026-21015 : The issue concerns incorrect default permissions in the FactoryCamera prior to the SMR May-2026 Release 1, enabling a local attacker to access the device’s unique identifier. The CVSS v4.0 metrics indicate a LOCAL attack vector, LOW attack complexity, and LOW privilegesRequired, ...
CVE-2026-21015
Incorrect default permissions in FactoryCamera prior to SMR May-2026 Release 1 allows local attacker to access unique identifier...
CVE-2026-21015
Incorrect default permissions in FactoryCamera prior to SMR May-2026 Release 1 allows local attacker to access unique identifier...
Auth Proxy IPv6 whitelist bypass
When using an IPv6 allow-list for the Auth Proxy feature, it defaults to /32 addresses. Addresses specifying a mask explicitly are not affected; to mitigate easily, add the desired mask usually /128 to the addresses. Only auth proxy is affected; Okta, SAML, LDAP, etc are unaffected here...
SAMSUNG Mobile devices 安全漏洞
Samsung Mobile devices are a series of mobile devices produced by Samsung Electronics in South Korea. This includes smartphones, tablets, etc. Versions of Samsung Mobile devices prior to SMR May-2026 Release 1 contained security vulnerabilities. These vulnerabilities were caused by incorrect...
PT-2026-40756
An arbitrary File Read and Delete Vulnerability in Palo Alto Networks WildFire® WF-500 and WF-500-B appliances enables users to read sensitive information and delete arbitrary files. This vulnerability affects WF-500 and WF-500-B appliances running in the default non-FIPS configuration mode. The...
Flight 安全漏洞
Flight is a PHP microframework developed by Mike Cao. Versions of Flight prior to 3.18.1 contained a security vulnerability. This vulnerability stemmed from the default error handling mechanism Engine::error, which wrote the entire exception message into the HTTP 500 response. Without debugging...
PT-2026-40621
Huawei HG630 V2 router contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain administrative access by retrieving the device serial number. Attackers can query the /api/system/deviceinfo endpoint without authentication to extract the SerialNumber field, th...
PT-2026-40790
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An issue exists in the Auth Proxy feature where IPv6 allow-lists default to /32 addresses. This behavior is specific to the Auth Proxy and does not impact other...
PT-2026-40568
Incorrect default permissions in FactoryCamera prior to SMR May-2026 Release 1 allows local attacker to access unique identifier...