ch.sbb:spring-cloud-stream-binder-solace (>=8.0.0 <=9.0.2), cn.herodotus.dante:dante-authentication-autoconfigure (>=4.0.0.0-M2 <=4.0.0.0-M3) +157 more potentially affected by CVE-2026-40990 via org.springframework.cloud:spring-cloud-function-context (>=5.0.0-M1 <=5.0.1)

org.springframework.cloud:spring-cloud-function-context MAVEN version =5.0.0-M1, =8.0.0, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =6.0.0-beta.2, =6.0.0-beta.2, =6.0.0-beta.2, =6.0.0-beta.2, =6.0.0-beta.2, =6.0.0-beta.2, =1.0.0, =1.0.0, =2.0.0-RC1, =8.0.4 and more S...

ch.admin.bit.jeap:jeap-spring-boot-config-starter (>=17.16.0 <=18.5.0), ch.sbb:spring-cloud-stream-binder-solace (>=4.0.0 <=7.4.5) +901 more potentially affected by CVE-2026-40989 via org.springframework.cloud:spring-cloud-function-context (>=4.0.0 <=4.3.2)

org.springframework.cloud:spring-cloud-function-context MAVEN version =4.0.0, =17.16.0, =4.0.0, =1.0.0, =1.0.1, =0.14.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0-RC2 and more Source cves: CVE-2026-40989 Source advisory:...

Crypt::PasswdMD5 安全特征问题漏洞

Crypt::PasswdMD5 is a Perl module developed by RSAVAGE’s individual developers, which implements MD5-based password hashing calculations. Versions of Crypt::PasswdMD5 prior to 1.42 contained security vulnerabilities due to the use of a predictable built-in rand function to generate insecure rando...

Electerm 命令注入漏洞

Electerm is a SSH/SFTP client developed by ZXDong262 from China, based on Electron. Versions of Electerm prior to 3.3.8 contained a command injection vulnerability. This vulnerability stemmed from the runMac function, which directly appends the attacker-controlled releaseInfo.name to the exec...

pupnp 安全漏洞

Pupnp is an open-source application developed by the Portable SDK for UPnP Devices. It’s a portable SDK for UPnP devices. Versions of Pupnp prior to 1.18.5 contained security vulnerabilities. These vulnerabilities were caused by the atoi function used in parseuri, which led to port truncation and...

PT-2026-38971

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the drm/amd/display component related to dsc eDP, which requires the implementation of a function hook check before use to ensure proper operation. Recommendations At...

PT-2026-38940

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the drm/amdgpu component where Virtual Functions VF do not enable the VCN poison interrupt request irq in VCNv2.5. Attempting to release this irq during deinitializati...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the pipapo Drop function in the netfilter nftsetpipapo component. During each iteration, the rulemapi+1...

CVE-2026-38361

Multiple unauthenticated denial-of-service DoS issues in fohrloop dash-uploader v0.1.0 through v0.7.0a2. The chunked-upload handler dashuploader/httprequesthandler.py, dashuploader/upload.py trusts unsanitized, attacker-controlled upload parameters e.g. flowTotalChunks and does not enforce the...

CVE-2024-45257

A Command Injection issue in the payload build page in BYOB Build Your Own Botnet 2.0 allows attackers to execute arbitrary commands on the server via a crafted build parameter. This occurs in freeze in core/generators.py...

PT-2026-39250

Name of the Vulnerable Software and Affected Versions free5GC versions prior to 4.2.2 Description The Network Exposure Function NEF in free5GC mounts the 'nnef-callback' route group without inbound OAuth2 or bearer-token authorization. This allows an attacker to reach the SMF-callback handler usi...

PT-2026-39009

Name of the Vulnerable Software and Affected Versions fohrloop dash-uploader versions 0.1.0 through 0.7.0a2 Description A remote attacker can execute arbitrary code through the Upload function and the max file size parameter within the dash uploader/httprequesthandler.py, dash uploader/upload.py,...

CVE-2024-46507

A SSTI server side template injection vulnerability in the custom template export function in yeti-platform yeti before 2.1.12 allows attackers to execute code on the application server...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the gethfree function in the USB gadget subset not decrementing the reference count. As a result,...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the GDfieldinfo function. An attacker can cause a denial of service by triggering an out-of-bounds read by supplying a crafted HDF4-EOS grid file with an empty or single-character DimList value. Remediatio...

EUVD-2026-28427

The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL 0...

EUVD-2026-28435

A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is the function GDnentries of the file frmts/hdf4/hdf-eos/GDapi.c. Performing a manipulation of the argument DataFieldName results in heap-based buffer overflow. The attack must be initiated from a local position. The...

EUVD-2026-28425

ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery...

CVE-2026-8113 8421bit MiniClaw executeSkillScript kernel.ts isPathInside path traversal

A vulnerability was determined in 8421bit MiniClaw up to 43905b934cf76489ab28e4d17da28ee97970f91f. Affected by this vulnerability is the function isPathInside of the file src/kernel.ts of the component executeSkillScript. Executing a manipulation can lead to path traversal. It is possible to laun...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the SWfinfo function of the HDF-EOS Grid File Handler componet. An attacker can cause a denial of service by supplying a specially crafted HDF-EOS swath file with an empty or single-character DimList value...