Giskard 安全漏洞

Giskard is an open-source evaluation and testing framework for artificial intelligence systems. Versions of Giskard prior to 1.0.2b1 contained security vulnerabilities. These vulnerabilities stemmed from the ConformityCheck class using the Jinja2 template engine to render rule parameters, which...

PT-2026-33495

Name of the Vulnerable Software and Affected Versions Firebird versions prior to 5.0.4 Firebird versions prior to 4.0.7 Firebird versions prior to 3.0.14 Description The external engine plugin loader concatenates a user-supplied engine name into a filesystem path without filtering path separators...

ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (>=0.2.0 <=0.28.0), ai.ancf.lmos:lmos-operator (>=0.0.4 <=0.6.0) +10169 more potentially affected by CVE-2026-22741 via org.springframework:spring-webmvc (>=6.0.0 <=6.2.17)

org.springframework:spring-webmvc MAVEN version =6.0.0, =0.2.0, =0.0.4, =0.5.0, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.7.5, =0.8.3, =0.7.0, =0.5.0, =0.5.0, =0.8.7 and more Source cves: CVE-2026-22741 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORK-16109603...

thymeleaf 安全漏洞

Thymeleaf is an open-source Java template engine developed by Thymeleaf projects. Versions of Thymeleaf 3.1.3.RELEASE and earlier contain security vulnerabilities. These vulnerabilities stem from a security bypass in the expression execution mechanism; certain syntax patterns are not properly...

MiracleLinux 8 : thunderbird-140.9.0-1.el8_10.ML.1 (AXSA:2026-444:07)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2026-444:07 advisory. firefox: thunderbird: Use-after-free in the JavaScript Engine component CVE-2026-4701 firefox: thunderbird: Memory safety bugs fixed in Firefox ESR...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the MappingEngine.TryMapCollectionOntoExisting object through Mapsrc call. An attacker can exhaust system resources and cause application downtime by submitting large collection...

10minions-engine (>=0.0.1 <=0.0.4), @0xr404/lol404 (>=1.1.0 <=1.1.6) +3322 more potentially affected by CVE-2026-41242 via protobufjs (>=7.0.0 <=7.5.4)

protobufjs NPM version =7.0.0, =0.0.1, =1.1.0, =1.0.1-beta.0, =0.0.2-beta.0, =1.0.0, =1.5.10, =0.10.1, =1.1.0, =6.0.0, =2.0.2, =3.3.2 and more Source cves: CVE-2026-41242 Source advisory: SNYK:JS-PROTOBUFJS-16094665...

GHSA-4FXQ-2X3X-6XQX zrok: Reflected XSS in GitHub OAuth callback via unsanitized refreshInterval error rendering

Summary The proxyUi template engine uses Go's text/template which performs no HTML escaping instead of html/template. The GitHub OAuth callback handlers in both publicProxy and dynamicProxy embed the attacker-controlled refreshInterval query parameter verbatim into an error message when...

CVE-2026-33122

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource update process. When a new table definition is added during a datasource update via /de2api/datasource/update, the deTableName field from th...

CVE-2026-39842

OpenRemote is an open-source IoT platform. Versions 1.21.0 and below contain two interrelated expression injection vulnerabilities in the rules engine that allow arbitrary code execution on the server. The JavaScript rules engine executes user-supplied scripts via Nashorn's ScriptEngine.eval...

USN-8180-1 linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gke, linux-gkeop, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Drivers core; - Bluetooth drivers; - DMA engine subsystem; - GPU...

CVE-2026-5785

Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module...

Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution

Cisco has announced patches to address four critical security flaws impacting Identity Services and Webex Services that could result in arbitrary code execution and allow an attacker to impersonate any user within the service. The details of the vulnerabilities are below - CVE-2026-20184 CVSS...

firefox: thunderbird: Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component...

firefox: thunderbird: JIT miscompilation in the JavaScript Engine component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: JIT miscompilation in the JavaScript Engine component...

firefox: thunderbird: Use-after-free in the JavaScript Engine component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the JavaScript Engine component...

firefox: thunderbird: JIT miscompilation in the JavaScript Engine: JIT component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: JIT miscompilation in the JavaScript Engine: JIT component...

Malicious code in icims-express-dot-engine (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6cc7ed2f685a8199818c3090faeaf9536fa49cced26ffde16ff9061c729e3143 The package icims-express-dot-engine was found to contain malicious code...

MAL-2026-2771 Malicious code in icims-express-dot-engine (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6cc7ed2f685a8199818c3090faeaf9536fa49cced26ffde16ff9061c729e3143 The package icims-express-dot-engine was found to contain malicious code...

[SECURITY] Fedora 42 Update: moby-engine-29.4.0-1.fc42

Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance a nd everything in between =E2=80=94 and...