73679 matches found
PT-2026-41970
Summary When Algernon is invoked with a single file path instead of a directory — the documented "quick demo" workflow algernon foo.lua, algernon page.po2, algernon index.html, algernon mywebsite.alg — singleFileMode is set to true and debugMode is forcibly enabled with no opt-out: go //...
Joplin 信息泄露漏洞
Joplin is an open-source note-taking and to-do application developed by Laurent Cozic. Joplin versions 3.5.2 and earlier contained a vulnerability that led to information leakage. This vulnerability originated from a logical error in the delta API, allowing recipients of shared notes to download...
OpenHarmony 缓冲区错误漏洞
OpenHarmony is an open-source project for a Harmony operating system developed by the OpenAtom Foundation in China. Versions of OpenHarmony 6.0 and earlier contained a buffer error vulnerability. Attackers could exploit this vulnerability to cause denial-of-service attacks that were irreversible...
libheif 缓冲区错误漏洞
LibHEIF is a open-source decoder and encoder for the ISO/IEC 23008-12:2017 HEIF file format developed by Struktur. Versions of LibHEIF prior to 1.21.2 contain a buffer error vulnerability. This vulnerability stems from excessive heap buffer reading in the HeifPixelImage::overlay function, where a...
RHEL 9 : firefox (RHSA-2026:19201)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19201 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...
PT-2026-42031
Summary Unauthenticated semi-blind Server-Side Request Forgery SSRF via the Azure instance identity endpoint POST /api/v2/workspaceagents/azure-instance-identity. An external attacker can force the Coder server to issue HTTP GET requests to arbitrary internal or external hosts by submitting a...
Mozilla Thunderbird 缓冲区错误漏洞
Mozilla Thunderbird is an email client software developed by the Mozilla Foundation in the United States, and it is a standalone version of the Mozilla Application Suite. This software supports IMAP and POP email protocols, as well as HTML email formats. Version 150 of Mozilla Thunderbird contain...
OAuth interaction_required Error in Veeam Backup & Replication Console After Veeam Software Appliance Update
Challenge The Veeam Backup & Replication Console displays the following error when attempting to connect to a Veeam Software Appliance that was recently updated: Unable to perform OAuth authorization: interactionrequired. The Veeam Backup & Replication Console will report that it successfully...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : cups-filters (SUSE-SU-2026:1948-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1948-1 advisory. This update for cups-filters fixes the following issues - error about PPD file during 'driverless' printe...
GHSA-PQ7C-X8G4-RVP6 NiceGUI: Unauthenticated log-volume denial of service in dynamic resource routes
Summary Two FastAPI routes that serve per-component static assets in NiceGUI accept a sub-path parameter that may resolve to a directory rather than a file. Requests that resolve to a directory raise an unhandled RuntimeError inside Starlette's FileResponse, which Uvicorn writes to the server log...
OpenTelemetry eBPF Instrumentation: Redis error text is exported in span status messages
Summary OBI exports raw Redis error text as the span status message. Because Redis error replies can contain attacker-controlled or sensitive values, this behavior can exfiltrate tokens, PII, or other confidential input into telemetry backends and inject untrusted text into downstream analysis...
GHSA-8RRQ-WCG8-CV5Q OpenTelemetry eBPF Instrumentation: Redis error text is exported in span status messages
Summary OBI exports raw Redis error text as the span status message. Because Redis error replies can contain attacker-controlled or sensitive values, this behavior can exfiltrate tokens, PII, or other confidential input into telemetry backends and inject untrusted text into downstream analysis...
Off-by-one Error
Overview Magick.NET-Q16-HDRI-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...
Off-by-one Error
Overview Magick.NET-Q16-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Off-by-one Error
Overview Magick.NET-Q8-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Off-by-one Error
Overview Magick.NET-Q8-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package ar...
Off-by-one Error
Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Off-by-one Error
Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...
Off-by-one Error
Overview Magick.NET-Q8-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Off-by-one Error
Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...