JLSEC-2026-327

A vulnerability has been found in HDF5 1.14.6 and classified as critical. This vulnerability affects the function H5Tbitcopy of the component Type Conversion Logic. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclos...

EUVD-2026-26065

UNSUPPORTED WHEN ASSIGNED Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Pony Mail leading to admin account takeover. This issue affects all versions of the Lua implementation of Pony Mail. There is a Python implementation under development under t...

CVE-2026-41873 Pony Mail: Admin account takeover via request smuggling

UNSUPPORTED WHEN ASSIGNED Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Pony Mail leading to admin account takeover. This issue affects all versions of the Lua implementation of Pony Mail. There is a Python implementation under development under t...

PT-2026-35747

Name of the Vulnerable Software and Affected Versions Pony Mail Lua implementation affected versions not specified Description Inconsistent interpretation of HTTP requests, known as HTTP Request/Response Smuggling, allows for admin account takeover. This occurs when a front-end server and a...

Allocation of Resources Without Limits or Throttling

Overview OpenTelemetry.Exporter.Jaeger is a Jaeger exporter for OpenTelemetry .NET Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the span and tag conversion. An attacker can drive sustained memory pressure and denial of service by...

K000160663: Moby vulnerability CVE-2025-54410

Security Advisory Description Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. A firewalld vulnerability affects Moby releases before 28.0.0. When firewalld reloads...

EUVD-2026-18653

UNSUPPORTED WHEN ASSIGNED Focalboard version 8.0 fails to validate file ownership when serving uploaded files. This allows an authenticated attacker who knows a victim's fileID to read the content of the file. NOTE: Focalboard as a standalone product is not maintained and no fix will be issued...

CVE-2026-3040

A vulnerability was identified in DrayTek Vigor 300B up to 1.5.1.6. This affects the function cgiGetFile of the file /cgi-bin/mainfunction.cgi/uploadlangs of the component Web Management Interface. The manipulation of the argument File leads to os command injection. The attack may be initiated...

CVE-2026-3040 DrayTek Vigor 300B Web Management uploadlangs cgiGetFile os command injection

A vulnerability was identified in DrayTek Vigor 300B up to 1.5.1.6. This affects the function cgiGetFile of the file /cgi-bin/mainfunction.cgi/uploadlangs of the component Web Management Interface. The manipulation of the argument File leads to os command injection. The attack may be initiated...

CVE-2016-15057

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Continuum. This issue affects Apache Continuum: all versions. Attackers with access to the installations REST API can use this to invoke arbitrary commands on the...

EUVD-2016-10802

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Continuum. This issue affects Apache Continuum: all versions. Attackers with access to the installations REST API can use this to invoke arbitrary commands on the...

CVE-2024-34365

UNSUPPORTED WHEN ASSIGNED Improper Input Validation vulnerability in Apache Karaf Cave.This issue affects all versions of Apache Karaf Cave. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to th...

CVE-2025-14108

A weakness has been identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this issue is the function zfilev2api.OpenSafe of the file /v2/file/safe/open of the component HTTP POST Request Handler. This manipulation of the argument safedir causes command injection. It is possible to initiate...

CVE-2025-14106

A vulnerability was identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected is the function zfilev2api.CloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. The manipulation of the argument safedir leads to command injection. The attack is possible to be carried o...

SUSE CVE-2025-61581

UNSUPPORTED WHEN ASSIGNED Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control. This issue affects Apache Traffic Control: all versions. People with access to the management interface of the Traffic Router component could specify malicious patterns and cause...

Apache Traffic Control has an Inefficient Regular Expression Complexity vulnerability

UNSUPPORTED WHEN ASSIGNED Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control. This issue affects Apache Traffic Control: all versions. People with access to the management interface of the Traffic Router component could specify malicious patterns and cause...

CVE-2025-61581

UNSUPPORTED WHEN ASSIGNED Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control. This issue affects Apache Traffic Control: all versions. People with access to the management interface of the Traffic Router component could specify malicious patterns and cause...

CVE-2025-61581

CVE-2025-61581 describes an Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control affecting all versions. The description states that users with access to the Traffic Router management interface could supply malicious patterns, potentially causing unavailability. The p...

EUVD-2025-26224

Malicious code in bioql PyPI...

EUVD-2025-26285

Malicious code in bioql PyPI...