3599 matches found
Malicious code in fast-dotenv (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da3250a4b69ccce49128d2e75ffb9e577746de4fb3afe0e0d242fbe5d094d02d The package presents itself as a.env loader but on load/config spawns a background thread that, after a 72–96 hour activation delay jittered by...
CVE-2026-40452
Incorrect Authorization, Improper Access Control vulnerability in Apache IoTDB. Authorization bypass in /rest/v2/fastLastQuery exposes last-value data to unauthorized authenticated users. This issue affects Apache IoTDB: from 1.3.5 before 1.3.8, from 2.0.5 before 2.0.10. Users are recommended to...
fast-uri: fast-uri: Path traversal vulnerability allows bypass of security policies
A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by providing a specially crafted Uniform Resource Locator URL containing percent-encoded path separators and dot segments. Due to incorrect processing, fast-uri would decode these elements before proper normalization...
fast-uri: fast-uri: URI authority bypass due to improper delimiter handling
A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by crafting a malicious Uniform Resource Identifier URI that contains percent-encoded authority delimiters. The fast-uri library incorrectly decodes these delimiters during normalization and then re-emits them as raw...
[SECURITY] Fedora 43 Update: rust-jiter-0.16.0-1.fc43
Fast Iterable JSON parser...
[SECURITY] Fedora 44 Update: python-jiter-0.16.0-1.fc44
Fast iterable JSON parser...
kernel: wifi: mac80211: drop stray 'static' from fast-RX rx_result
A flaw was found in the Linux kernel's Wi-Fi mac80211 subsystem. The ieee80211invokefastrx function uses a static variable for rxresult, which is shared across concurrent calls. This can lead to incorrect processing of Wi-Fi packets, where a packet might be mishandled or its status incorrectly...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.21.23 security and extras update
Red Hat OpenShift Container Platform release 4.21.23 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.21. Red Hat Product Security has rated this update as having a security impact of...
CVE-2026-52830
fast-mcp-telegram is a Telegram MCP Server. Prior to 0.19.1, fast-mcp-telegram validates HTTP Bearer tokens by joining the raw token string into a session-file path. The verifier rejects the exact reserved token telegram, but it does not reject path separators or normalize the path before checkin...
CVE-2026-52830
fast-mcp-telegram is a Telegram MCP Server. Prior to 0.19.1, fast-mcp-telegram validates HTTP Bearer tokens by joining the raw token string into a session-file path. The verifier rejects the exact reserved token telegram, but it does not reject path separators or normalize the path before checkin...
EUVD-2026-41438
fast-mcp-telegram is a Telegram MCP Server. Prior to 0.19.1, fast-mcp-telegram validates HTTP Bearer tokens by joining the raw token string into a session-file path. The verifier rejects the exact reserved token telegram, but it does not reject path separators or normalize the path before checkin...
Improper Authentication
Overview fast-mcp-telegram is a Multi-tenant Telegram gateway for AI agents — HTTP+stdio transport, 8 agent-optimized tools, MTProto User API Affected versions of this package are vulnerable to Improper Authentication via the SessionFileTokenVerifier.verifytoken process. An attacker can gain...
CVE-2026-57683 WordPress WP Fast Total Search plugin <= 1.80.280 - SQL Injection vulnerability
Unauthenticated SQL Injection in WP Fast Total Search = 1.80.280 versions...
PT-2026-55313
Name of the Vulnerable Software and Affected Versions fast-mcp-telegram versions prior to 0.19.1 Description fast-mcp-telegram validates HTTP Bearer tokens by joining the raw token string into a session-file path. While the verifier rejects the exact reserved token telegram, it fails to reject pa...
fast-uri: fast-uri: URI authority bypass due to improper delimiter handling
A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by crafting a malicious Uniform Resource Identifier URI that contains percent-encoded authority delimiters. The fast-uri library incorrectly decodes these delimiters during normalization and then re-emits them as raw...
CVE-2026-38142
An unauthenticated command injection vulnerability in the /goform/fastsettinginternetset endpoint of Tenda AC18 v15.03.05.05 allows attackers to execute arbitrary commands via a crafted payload injected into the mac parameter...
CVE-2026-38142
CVE-2026-38142 describes an unauthenticated command-injection in the /goform/fast_setting_internet_set endpoint of Tenda AC18 v15.03.05.05, exploitable by injecting crafted payload into the mac parameter. The NVD/CVE listings confirm the vulnerability, with a CVSS 3.1 base score of 6.5 (Network, ...
Security Bulletin: IBM Maximo Application Suite uses ip-address-10.1.0.tgz and fast-xml-builder-1.1.5.tgz which are vulnerable to CVE-2026-44664, CVE-2026-44665 and CVE-2026-42338.
Summary IBM Maximo Application Suite uses ip-address-10.1.0.tgz and fast-xml-builder-1.1.5.tgz which are vulnerable to CVE-2026-44664, CVE-2026-44665 and CVE-2026-42338. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-42338...
ROOT-APP-NPM-CVE-2026-27942 CVE-2026-27942 in @rootio/fast-xml-parser - Patched by Root
Root has patched CVE-2026-27942 in the @rootio/fast-xml-parser package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-41650 CVE-2026-41650 in @rootio/fast-xml-parser - Patched by Root
Root has patched CVE-2026-41650 in the @rootio/fast-xml-parser package for Root:npm. Multiple fixed versions available...