com.arcadedb:arcadedb-bolt (>=26.2.1 <=26.3.2), com.arcadedb:arcadedb-console (>=26.1.1 <=26.3.2) +16 more potentially affected by CVE-2026-44221 via com.arcadedb:arcadedb-engine (>=26.1.1 <=26.3.2)

com.arcadedb:arcadedb-engine MAVEN version =26.1.1, =26.2.1, =26.1.1, =26.1.1, =26.1.1, =26.1.1, =26.1.1, =26.1.1, =26.1.1, =26.1.1, =26.1.1, =26.1.1, =26.1.1, =26.1.1, =26.1.1, =26.1.1, =26.3.2 and more Source cves: CVE-2026-44221 Source advisory: SNYK:JAVA-COMARCADEDB-16638651...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization n the ServerSecurityUser.getDatabaseUser and ArcadeDBServer.createDatabase processes. An attacker can gain unauthorized access to read, write, and modify schema and data across databases by exploiting improper...

jdbi3-freemarker Vulnerable to Improper Neutralization of Special Elements Used in FreeMarker Template Engine

Summary Description An Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 vulnerability in Jdbi allows arbitrary command execution when an application using jdbi3-freemarker permits attacker-influenced text to reach FreemarkerEngine.parse as template source. This affec...

Improper Neutralization of Special Elements Used in a Template Engine

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the FreemarkerEngine.parse function. An attacker can execute arbitrary commands on the server by injecting malicious template code that leverages unrestricted cla...

GHSA-MGGX-P7JF-JGW4 jdbi3-freemarker Vulnerable to Improper Neutralization of Special Elements Used in FreeMarker Template Engine

Summary Description An Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 vulnerability in Jdbi allows arbitrary command execution when an application using jdbi3-freemarker permits attacker-influenced text to reach FreemarkerEngine.parse as template source. This affec...

CVE-2026-42076

Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a command injection vulnerability in the extractLLM function allows attackers to execute arbitrary shell commands on the server. The function constructs a curl command using string concatenation and passes it to...

EUVD-2026-27404

ERPNext v15.103.1 and before is vulnerable to Cross Site Scripting XSS in the Email Template engine. An attacker with permission to create or edit email templates can inject malicious JavaScript code that are executed on the victim's browser when the template is applied...

Important: Red Hat Security Advisory: multicluster engine for Kubernetes v2.11.0 General Availability

The multicluster engine for Kubernetes 2.11 General Availability release images, which add new features and enhancements, bug fixes, and updated container images. The multicluster engine for Kubernetes v2.11 images The multicluster engine for Kubernetes provides the foundational components that a...

CVE-2026-38432

ERPNext v15.103.1 and before is vulnerable to Cross Site Scripting XSS in the Email Template engine. An attacker with permission to create or edit email templates can inject malicious JavaScript code that are executed on the victim's browser when the template is applied...

CVE-2026-43064

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix not releasing workqueue on .release The workqueue associated with an DSA/IAA device is not released when the object is freed...

CVE-2026-43064

CVE-2026-43064 affects the Linux kernel’s dmaengine idxd, where the workqueue for a DSA/IAA device was not released on object release. The underlying cause is that the workqueue remained bound to the freed object, leading to resource leaks. The issue is now fixed: the workqueue is released after ...

CVE-2026-43064 dmaengine: idxd: Fix not releasing workqueue on .release()

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix not releasing workqueue on .release The workqueue associated with an DSA/IAA device is not released when the object is freed...

CVE-2026-43061

CVE-2026-43061 (Linux kernel): The serial8250 TX DMA deadlock was fixed. The root cause was that dmaengine_terminate_async did not guarantee the __dma_tx_complete callback would run, and that callback is the only place where dma-&gt;tx_running is cleared. If a TX DMA transaction is canceled and t...

CVE-2026-43061

In the Linux kernel, the following vulnerability has been resolved: serial: 8250: Fix TX deadlock when using DMA dmaengineterminateasync does not guarantee that the dmatxcomplete callback will run. The callback is currently the only place where dma-txrunning gets cleared. If the transaction is...

AlmaLinux 8 : thunderbird (ALSA-2026:13537)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:13537 advisory. firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS CVE-2026-6772 firefox: thunderbird: Use-after-free in the JavaScrip...

PT-2026-38095

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description Out of bounds memory access in V8 allows a remote attacker to execute arbitrary code inside a sandbox by using a crafted HTML page. Recommendations Update to version 148.0.7778.96 or...

CVE-2026-38432

ERPNext v15.103.1 and before is vulnerable to Cross Site Scripting XSS in the Email Template engine. An attacker with permission to create or edit email templates can inject malicious JavaScript code that are executed on the victim's browser when the template is applied...

PT-2026-38092

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description An out of bounds read and write issue in V8 allows a remote attacker to execute arbitrary code inside a sandbox by using a crafted HTML page. Recommendations Update to version...

PT-2026-38129

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description An object lifecycle issue in V8 allows a remote attacker to perform an out-of-bounds memory read by using a crafted HTML page. An out-of-bounds memory read occurs when a program reads...

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a buffer overflow vulnerability, which was caused by out-of-bound read and write operations in the V8 engine. This vulnerability could allow remote attackers to execute arbitrary cod...