939 matches found
CVE-2026-8242
A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. The impacted element is the function doAction of the component Login RMI Interface. Performing a manipulation results in observable response discrepancy. The attack is possible to be carried out remotely. A high...
CVE-2026-8242 Industrial Application Software IAS Canias ERP Login RMI doAction response discrepancy
A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. The impacted element is the function doAction of the component Login RMI Interface. Performing a manipulation results in observable response discrepancy. The attack is possible to be carried out remotely. A high...
CVE-2026-8242 Industrial Application Software IAS Canias ERP Login RMI doAction response discrepancy
A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. The impacted element is the function doAction of the component Login RMI Interface. Performing a manipulation results in observable response discrepancy. The attack is possible to be carried out remotely. A high...
CVE-2026-8242
Technical details about CVE-2026-8242 are not publicly available in the provided documents. Monitor for updates from the vendor and security advisories.
gitsign verify accepts signatures over go-git-normalized bytes, enabling trust confusion on malformed commits
Summary gitsign verify and gitsign verify-tag re-encode commit/tag objects through go-git's EncodeWithoutSignature before checking the signature, instead of verifying against the raw git object bytes. For malformed objects with duplicate tree headers, git-core and go-git parse different trees:...
dssrf: every IPv6 category bypasses is_url_safe
A vulnerability on dssrf allow, an attacker to use, one of them following ipv6 rust Input Category http://::1/ IPv6 loopback http://fc00::1/ IPv6 ULA http://fe80::1/ IPv6 link-local http://::ffff:127.0.0.1/ IPv4-mapped loopback http://::ffff:169.254.169.254/ IPv4-mapped IMDS...
GHSA-8P33-Q827-GHJ5 dssrf: every IPv6 category bypasses is_url_safe
A vulnerability on dssrf allow, an attacker to use, one of them following ipv6 rust Input Category http://::1/ IPv6 loopback http://fc00::1/ IPv6 ULA http://fe80::1/ IPv6 link-local http://::ffff:127.0.0.1/ IPv4-mapped loopback http://::ffff:169.254.169.254/ IPv4-mapped IMDS...
CVE-2026-20195 Cisco Identity Services Engine Observable Response Discrepancy Vulnerability
A vulnerability in an identity management API endpoint of Cisco ISE could allow an unauthenticated, remote attacker to enumerate valid user accounts on an affected device. This vulnerability exists because error messages are observed when the affected API endpoint is called. An attacker could...
CVE-2026-20195 Cisco Identity Services Engine Observable Response Discrepancy Vulnerability
A vulnerability in an identity management API endpoint of Cisco ISE could allow an unauthenticated, remote attacker to enumerate valid user accounts on an affected device. This vulnerability exists because error messages are observed when the affected API endpoint is called. An attacker could...
PT-2026-38305
Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 1.6.32 Description A logical flaw in the URL checking logic allows attackers to bypass security filters, leading to Server-Side Request Forgery SSRF. The system uses the validate url function to perform security...
RUSTSEC-2026-0112 PAX Header Desynchronization in astral-tokio-tar
Versions of astral-tokio-tar prior to 0.6.1 contain a PAX header interpretation bug that allows manipulated entries to be made selectively visible or invisible during extraction with astral-tokio-tar versus other tar implementations. An attacker could use this differential to smuggle unexpected...
Debian dla-4551 : libmbedcrypto3 - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4551 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4551-1 [email protected]...
EUVD-2026-23539
HomeBox is a home inventory and organization system. Versions prior to 0.25.0 contain a vulnerability where the defaultGroup ID remained permanently assigned to a user after being invited to a group, even after their access to that group was revoked. While the web interface correctly enforced the...
CVE-2026-4113
An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials...
EUVD-2026-20904
An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials...
CVE-2026-4113
An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials...
CVE-2026-4113
Summary : CVE-2026-4113 affects SonicWall SMA1000 series appliances. An observable response discrepancy allows a remote attacker to enumerate SSL VPN user credentials. Affected products (from connected docs) : SonicWall SMA1000 series appliances (SMA 1000). Impact : Credential enumeration via rem...
Hono: Non-breaking space prefix bypass in cookie name handling in getCookie()
Summary A discrepancy between browser cookie parsing and parse handling allows cookie prefix protections to be bypassed. Cookie names that are treated as distinct by the browser may be normalized to the same key by parse, allowing attacker-controlled cookies to override legitimate ones. Details...
CVE-2026-34760 vLLM: Downmix Implementation Differences as Attack Vectors Against Audio AI Models
vLLM is an inference and serving engine for large language models LLMs. From version 0.5.5 to before version 0.18.0, Librosa defaults to using numpy.mean for mono downmixing tomono, while the international standard ITU-R BS.775-4 specifies a weighted downmixing algorithm. This discrepancy results...
CVE-2026-34760
Summary: CVE-2026-34760 concerns vLLM’s audio processing path via Librosa. From version 0.5.5 up to before 0.18.0, Librosa used numpy.mean for mono downmix (to_mono), while ITU-R BS.775-4 specifies a weighted downmix. This mismatch creates inconsistency between audio perceived by humans and audio...