7280 matches found
CVE-2026-25628
Qdrant is a vector similarity search engine and vector database. From 1.9.3 to before 1.16.0, it is possible to append to arbitrary files via /logger endpoint using an attacker-controlled ondisk.logfile path. Minimal privileges are required read-only access. This vulnerability is fixed in 1.16.0...
SUSE CVE-2026-21696
Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Starting in version 1.7.0 and prior to version 1.12.0, Wings does not consider SQLite max parameter limit when processing activity log entries allowing for low privileged user to trigger a conditi...
SUSE CVE-2026-25579
Navidrome is an open source web-based music collection server and streamer. Prior to version 0.60.0, authenticated users can crash the Navidrome server by supplying an excessively large size parameter to /rest/getCoverArt or to a shared-image URL /share/img/. When processing such requests, the...
EUVD-2026-5567
Qdrant is a vector similarity search engine and vector database. From 1.9.3 to before 1.16.0, it is possible to append to arbitrary files via /logger endpoint using an attacker-controlled ondisk.logfile path. Minimal privileges are required read-only access. This vulnerability is fixed in 1.16.0...
CVE-2026-25628 Qdrant affected by arbitrary file write via `/logger` endpoint
Qdrant is a vector similarity search engine and vector database. From 1.9.3 to before 1.16.0, it is possible to append to arbitrary files via /logger endpoint using an attacker-controlled ondisk.logfile path. Minimal privileges are required read-only access. This vulnerability is fixed in 1.16.0...
CVE-2026-25628
Qdrant is a vector similarity search engine and vector database. From 1.9.3 to before 1.16.0, it is possible to append to arbitrary files via /logger endpoint using an attacker-controlled ondisk.logfile path. Minimal privileges are required read-only access. This vulnerability is fixed in 1.16.0...
CVE-2026-25579
Navidrome is an open source web-based music collection server and streamer. Prior to version 0.60.0, authenticated users can crash the Navidrome server by supplying an excessively large size parameter to /rest/getCoverArt or to a shared-image URL /share/img/. When processing such requests, the...
CVE-2026-0714
A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and...
CVE-2026-0714
A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and...
CVE-2026-0714
A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and...
CVE-2026-0714
A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and...
CVE-2026-0714
CVE-2026-0714 (CISA/Red Hat context included) describes a physical-attack vulnerability in certain Moxa industrial computers running Moxa Industrial Linux 3 with TPM-backed LUKS full-disk encryption. The discrete TPM is connected to the CPU over an SPI bus. Exploitation requires invasive physical...
Open the wrong “PDF” and attackers gain remote access to your PC
Cybercriminals behind a campaign dubbed DEADVAX are taking phishing one step further by delivering malware inside virtual hard disks that pretend to be ordinary PDF documents. Open the wrong “invoice” or “purchase order” and you won't see a document at all. Instead, Windows mounts a virtual drive...
GO-2026-4411 Navidrome affected by Denial of Service and disk exhaustion via oversized `size` parameter in `/rest/getCoverArt` and `/share/img/<token>` endpoints in github.com/navidrome/navidrome
Navidrome affected by Denial of Service and disk exhaustion via oversized size parameter in /rest/getCoverArt and /share/img/ endpoints in github.com/navidrome/navidrome...
PT-2026-6654
Name of the Vulnerable Software and Affected Versions Qdrant versions 1.9.3 through 1.15.5 Description Qdrant, a vector similarity search engine and vector database, contains a flaw where an attacker can append to arbitrary files via the /logger endpoint. This is possible due to an...
Moxa Industrial Linux 安全漏洞
Moxa Industrial Linux is an industrial-grade Linux system developed by Moxa Corporation in Taiwan, China. Moxa Industrial Linux has a security vulnerability, which stems from the physical attack vulnerability present in LUKS full-disk encryption supported by TPM. This vulnerability could lead to...
PT-2026-6598
Name of the Vulnerable Software and Affected Versions Moxa Industrial Linux 3 affected versions not specified Description A physical attack is possible on certain Moxa industrial computers utilizing TPM-backed LUKS full-disk encryption. The discrete TPM is connected to the CPU via an SPI bus...
CVE-2026-25579
Navidrome is an open source web-based music collection server and streamer. Prior to version 0.60.0, authenticated users can crash the Navidrome server by supplying an excessively large size parameter to /rest/getCoverArt or to a shared-image URL /share/img/. When processing such requests, the...
CVE-2026-25579 Navidrome affected by Denial of Service and disk exhaustion via oversized `size` parameter in `/rest/getCoverArt` and `/share/img/<token>` endpoints
Navidrome is an open source web-based music collection server and streamer. Prior to version 0.60.0, authenticated users can crash the Navidrome server by supplying an excessively large size parameter to /rest/getCoverArt or to a shared-image URL /share/img/. When processing such requests, the...
CVE-2026-25579
Navidrome is an open source web-based music collection server and streamer. Prior to version 0.60.0, authenticated users can crash the Navidrome server by supplying an excessively large size parameter to /rest/getCoverArt or to a shared-image URL /share/img/. When processing such requests, the...