770 matches found
CVE-2026-5598
Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all core modules. This vulnerability is associated with program files FrodoEngine.Java. This issue affects BC-JAVA: from 1.71 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84...
Bouncy Castle Java 安全漏洞
Bouncy Castle Java is an open-source encryption algorithm developed by Legion of the Bouncy Castle Inc. Versions of Bouncy Castle Java from 1.49 to 1.84 contained security vulnerabilities. These vulnerabilities were due to the use of defective encryption algorithms, which could allow empty...
2026-04 Cumulative Update for Windows 10 Version 22H2 for x86-based Systems (KB5082200)
2026-04 Cumulative Update for Windows 10 Version 22H2 for x86-based Systems KB5082200...
📄 OpenSTAManager 2.9.8 SQL Injection
OpenSTAManager versions 2.9.8 and below suffer from a remote SQL injection vulnerability in the Scadenzario Print Template. CVE-2025-69216: OpenSTAManager has a SQL Injection in Scadenzario Print Template Overview | Field | Details | |---|---| | CVE ID | CVE-2025-69216 | | Severity | HIGH | |...
MINI-FCMV-88CV-9G62
Bulletin has no description...
CVE-2026-27806
Fleet is open source device management software. Prior to 4.81.1, the Orbit agent's FileVault disk encryption key rotation flow on collects a local user's password via a GUI dialog and interpolates it directly into a Tcl/expect script executed via exec.Command"expect", "-c", script. Because the...
SUSE CVE-2026-34385
Fleet is open source device management software. Prior to 4.81.0, a second-order SQL injection vulnerability in Fleet's Apple MDM profile delivery pipeline could allow an attacker with a valid MDM enrollment certificate to exfiltrate or modify the contents of the Fleet database, including user...
CVE-2026-5586
creationtimestamp| type| source ---|---|--- 2026-04-05 19:36:30+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miripfabr425...
HTTP Fetch, Windows x86 Pingback, Reverse TCP Inline
Fetch and execute an x86 payload from an HTTP server. Connect back to attacker and report UUID Windows x86 Module Options msf use payload/cmd/windows/http/x86/pingbackreversetcp msf payloadpingbackreversetcp show actions ...actions... msf payloadpingbackreversetcp set ACTION msf...
EUVD-2026-17459
Trino is a distributed SQL query engine for big data analytics. From version 439 to before version 480, Iceberg connector REST catalog static credentials access key or vended credentials temporary access key are accessible to users that have write privilege on SQL level. This issue has been patch...
CVE-2026-1877
The Auto Post Scheduler plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.84. This is due to missing nonce validation on the 'apsoptionspage' function. This makes it possible for unauthenticated attackers to update settings and inject malicio...
CVE-2026-30279
CVE-2026-30279 discloses an arbitrary file overwrite vulnerability in Squareapps LLC’s My Location Travel Timeline v11.80. The issue occurs during the file import process, allowing an attacker to overwrite critical internal files, with potential for arbitrary code execution or information exposur...
Claude SDK for Python 安全漏洞
Claude SDK for Python is an open-source Python software development toolkit developed by Anthropic for calling the Claude API. Versions of Claude SDK for Python prior to 0.87.0 contained a security vulnerability. This vulnerability stemmed from the asynchronous local file system’s memory tools...
CVE-2026-34388
Fleet is open source device management software. Prior to 4.81.0, a denial-of-service vulnerability in Fleet's gRPC Launcher endpoint allows an authenticated host to crash the entire Fleet server process by sending an unexpected log type value. The server terminates immediately, disrupting all...
CVE-2016-20046
CVE-2016-20046 concerns zFTP Client 20061220+dfsg3-4.1, which reportedly contains a local buffer overflow in the NAME parameter handling of FTP connections. An oversized NAME value can overflow an 80-byte buffer allocated in strcpy_chk, potentially overwriting the instruction pointer and enabling...
CVE-2026-26060
Fleet is open source device management software. Prior to 4.81.0, a vulnerability in Fleet’s password management logic could allow previously issued password reset tokens to remain valid after a user changes their password. As a result, a stale password reset token could be reused to reset the...
CVE-2026-34385 Fleet's Apple MDM profile delivery has second-order SQL injection that can compromise the database
Fleet is open source device management software. Prior to 4.81.0, a second-order SQL injection vulnerability in Fleet's Apple MDM profile delivery pipeline could allow an attacker with a valid MDM enrollment certificate to exfiltrate or modify the contents of the Fleet database, including user...
CVE-2026-26060
CVE-2026-26060 concerns Fleet, an open-source device-management platform. According to the provided sources, prior to version 4.81.0, the password-management logic allowed previously issued password-reset tokens to remain valid after a user changes their password, enabling a stale token to be use...
CVE-2026-33284
GlobaLeaks (free/open-source whistleblowing software) is affected prior to version 5.0.89. The /api/support endpoint performs minimal validation on user-submitted support requests, allowing arbitrary URLs to be included in support emails sent to administrators. Version 5.0.89 patches the issue. E...
Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS
Scrapy are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occur...