20 matches found
Important: Red Hat Security Advisory: RHACS 4.11.1 security and bug fix update
Updated images are now available for Red Hat Advanced Cluster Security RHACS, which typically include new features, bug fixes, and/or security patches. See the release notes link in the references section for a description of the fixes and enhancements in this particular release...
CVE-2025-27769
A vulnerability has been identified in Heliox Flex 180 kW EV Charging Station All versions F4.11.1, Heliox Mobile DC 40 kW EV Charging Station All versions L4.10.1. Affected devices contain improper access control that could allow an attacker to reach unauthorized services via the charging cable...
CVE-2026-29191
Technical details about CVE-2026-29191 are not publicly available in the provided documents. Based on the initial description, no affected products, versions, root cause, or remediation are specified beyond the patch version 4.12.0. Monitor for updates.
ZITADEL has potential SSRF via Actions
Summary ZITADEL Action V2 introduced as early preview in 2.59.0, beta in 3.0.0 and GA in 4.0.0 is a webhook based approach to allow developers act on API request to Zitadel and customize flows such the issue of a token. ZITADEL's Action target URLs can point to local hosts, potentially allowing...
EUVD-2026-8794
ZITADEL Users Can Self-Verify Email/Phone via UpdateHumanUser API...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Actions V2 webhook. An attacker can access internal network resources and gather information about internal services by specifying target URLs that resolve to local hosts or internal IP addresses...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Actions V2 webhook. An attacker can access internal network resources and gather information about internal services by specifying target URLs that resolve to local hosts or internal IP addresses...
CVE-2026-27946
ZITADEL exposes a vulnerability in its self-management capability prior to versions 4.11.1 and 3.4.7 that allowed a user to mark their email and/or phone as verified without going through actual verification. The fix, in versions 4.11.1 and 3.4.7, enforces the correct permission when the verifica...
ZITADEL 安全漏洞
ZITADEL is a modern open-source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak, developed by ZITADEL in Switzerland for the era of containers and serverless architectures. Versions of ZITADEL prior to 4.11.1 and 3.4.7 contain security vulnerabilities. These vulnerabilities stem fr...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003417)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003417 advisory. The docheck function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allowptrleaks value available for restricting the output of the...
GHSA-WCGJ-F865-C7J7 Improper Request Caching Lookup in the Auth0 Next.js SDK
Description When using affected versions of the Next.js SDK, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. Am I Affected? You are affected if you meet the following preconditions: - Applications using the auth0/nextjs-aut...
CVE-2025-43515
The issue was addressed by refusing external connections by default. This issue is fixed in Compressor 4.11.1. An unauthenticated user on the same network as a Compressor server may be able to execute arbitrary code...
CVE-2025-43515
CVE-2025-43515 affects Apple Compressor. Concrete details across connected sources confirm that an unauthenticated user on the same network as a Compressor server may execute arbitrary code. The root fix is to refuse external connections by default, implemented in Compressor 4.11.1. References fr...
PT-2025-46891
Name of the Vulnerable Software and Affected Versions Compressor versions prior to 4.11.1 Description An unauthenticated user on the same network as a Compressor server may be able to execute arbitrary code. The issue was addressed by refusing external connections by default. Recommendations Upda...
CVE-2025-62612
The CVE-2025-62612 advisory concerns FastGPT prior to version 4.11.1, where the workflow file reading node does not verify the security of the network link, enabling potential SSRF attacks. Multiple connected sources corroborate the issue as a FastGPT SSRF in the workflow file reading node with u...
CVE-2025-62612 FastGPT File Reading Node SSRF Vulnerability
FastGPT is an AI Agent building platform. Prior to version 4.11.1, in the workflow file reading node, the network link is not security-verified, posing a risk of SSRF attacks. This issue has been patched in version 4.11.1...
Adtran 411 ONT 安全漏洞
The Adtran 411 ONT is an optical network terminal ONT from Adtran, Inc. It is used to provide fiber-to-the-home FTTH services and support high-speed Internet access. A security vulnerability exists in the Adtran 411 ONT version L80.00.0011.M2, which originates from a command injection in the teln...
CS-Cart 跨站脚本漏洞
CS-Cart is an e-commerce platform developed from the former open source PHP. A cross-site scripting vulnerability exists in CS-Cart version 4.11.1, which stems from the lack of effective validation and escaping of user input in the post description on the blog post creation page in the software,...
PT-2017-2222 · Linux +5 · Linux Kernel +5
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.11.1 Description: The issue is related to the dccp v6 request recv sock function in the net/dccp/ipv6.c file of the Linux kernel, which mishandles inheritance. This allows local users to cause a denial of...
PT-2017-2770 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.11.1 Description: The issue is related to the sanity check raw super function in the Linux kernel, which does not properly validate the segment count. This allows local users to gain privileges via unspecified...