SUSE CVE-2026-7737

A vulnerability was identified in osrg GoBGP up to 4.3.0. Affected by this issue is the function BMPPeerUpNotification.ParseBody/BMPStatisticsReport.ParseBody of the file pkg/packet/bmp/bmp.go of the component BMP Parser. The manipulation leads to out-of-bounds read. The attack can be initiated...

DEBIAN-CVE-2026-8161

[email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a field name that collides with an inherited Object.prototype property such as proto, constructor, or toString, the parser invokes .push on the inherited...

CVE-2026-7737 osrg GoBGP BMP Parser bmp.go BMPStatisticsReport.ParseBody out-of-bounds

A vulnerability was identified in osrg GoBGP up to 4.3.0. Affected by this issue is the function BMPPeerUpNotification.ParseBody/BMPStatisticsReport.ParseBody of the file pkg/packet/bmp/bmp.go of the component BMP Parser. The manipulation leads to out-of-bounds read. The attack can be initiated...

CVE-2026-7736

A vulnerability was determined in osrg GoBGP up to 4.3.0. Affected by this vulnerability is the function parseRibEntry of the file pkg/packet/mrt/mrt.go. Executing a manipulation can lead to integer underflow. It is possible to launch the attack remotely. Upgrading to version 4.4.0 addresses this...

CVE-2026-35486 text-generation-webui has a SSRF in superbooga/superboogav2 extensions — no URL validation

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, he superbooga and superboogav2 RAG extensions fetch user-supplied URLs via requests.get with zero validation — no scheme check, no IP filtering, no hostname allowlist. An attacker can access clo...

CVE-2026-35485 text-generation-webui has a Path Traversal in load_grammar() — arbitrary file read without authentication

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in loadgrammar allows reading any file on the server filesystem with no extension restriction. Gradio does not server-side validate dropdown value...

EUVD-2026-19667

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in loadpreset allows reading any .yaml file on the server filesystem. The parsed YAML key-value pairs including passwords, API keys, connection...

CVE-2026-32448

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress allows Stored XSS.This issue affects Podlove Podcast Publisher: from n/a through = 4.3.3...

Power AnyBurn 缓冲区错误漏洞

Power AnyBurn is a disc burning and image file processing tool developed by Power company. Version 4.3 of Power AnyBurn contains a buffer overflow vulnerability; this vulnerability stems from a buffer overflow in the Image file name field, which may lead to a denial-of-service attack...

SUSE-SU-2026:1035-1 Maintenance update for Multi-Linux Manager 4.3 Release Notes Release Notes

Maintenance update for Multi-Linux Manager 4.3 Release Notes Release Notes: This is a codestream only update...

CVE-2026-25771 Wazuh Vulnerable to Denial of Service via Synchronous I/O Blocking in Asynchronous Authentication Middleware

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.3.0 and prior to version 4.14.3, a Denial of Service DoS vulnerability exists in the Wazuh API authentication middleware middlewares.py. The application uses an asynchronous event...

CVE-2026-3179 A path traversal vulnerability was found in the FTP Backup on the ADM.

The FTP Backup on the ADM does not properly sanitize filenames received from the FTP server when parsing directory listings. A malicious server or MITM attacker can craft filenames containing path traversal sequences, causing the client to write files outside the intended backup directory. A path...

CVE-2026-24815

Unrestricted Upload of File with Dangerous Type, Deserialization of Untrusted Data vulnerability in datavane tis tis-plugin/src/main/java/com/qlangtech/tis/extension/impl modules. This vulnerability is associated with program files XmlFile.Java. This issue affects tis: before v4.3.0...

CVE-2026-24356

Missing Authorization vulnerability in Roxnor GetGenie getgenie allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GetGenie: from n/a through = 4.3.0...

CVE-2021-41573

Hitachi Content Platform Anywhere HCP-AW 4.4.5 and later allows information disclosure. If authenticated user creates a link to a file or folder while the system was running version 4.3.x or earlier and then shares the link and then later deletes the file or folder without deleting the link and...

CVE-2025-13052 An improper certificates validation vulnerability was found in the Notification settings of ADM

When the user set the Notification's sender to send emails to the SMTP server via msmtp, an improper validated TLS/SSL certificates allows an attacker who can intercept network traffic between the SMTP client and server to execute a man-in-the-middle MITM attack, which may obtain the sensitive...

WordPress Order Delivery Date for WooCommerce plugin <= 4.3.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Order Delivery Date for WooCommerce versions = 4.3.1...

JLSEC-2025-263 A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3....

A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other...

SUSE多款产品 安全漏洞

SUSE Manager and SUSE Manager Server are both products of SUSE Germany.SUSE Manager is a Linux server management system. The system provides automated software management, system configuration, and monitoring.SUSE Manager Server is an infrastructure management solution designed to simplify and...

CVE-2025-56007

CRLF-injection in KeeneticOS before 4.3 at "/auth" API endpoint allows attackers to take over the device via adding additional users with full permissions by managing the victim to open page with exploit...