674 matches found
PT-2026-45215
Name of the Vulnerable Software and Affected Versions Assimp versions prior to 6.0.5 Description A null pointer dereference occurs in the glTFImporter component within the Assimp::glTFImporter::ImportMeshes function of the glTFImporter.cpp file. This issue allows for local execution attacks...
GL.iNET SSID Key Disclosure
An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the SSID and key. id: CVE-2023-31478 info: name: GL.iNET SSID Key Disclosure author: DhiyaneshDK severity: high description: | An issue was discovered on GL.iNet...
GHSA-Q8MJ-M7CP-5Q26 vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines, prism, code-server, argo-workflows, sqlpad, kubeflow-centraldashboard, json-server, saf, renovate, opensearch-dashboards, tileserver-gl, thingsboard, langfuse...
CVE-2026-8723 vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines, prism, code-server, argo-workflows, sqlpad, kubeflow-centraldashboard, json-server, saf, renovate, opensearch-dashboards, tileserver-gl, thingsboard, langfuse...
CVE-2026-8723 vulnerabilities
Vulnerabilities for packages: kibana, saf, kubeflow-pipelines, tileserver-gl-fips, opensearch-dashboards, tileserver-gl, redisinsight, thingsboard, prism, argo-workflows, sqlpad, thingsboard-fips, unleash, kubeflow-centraldashboard, json-server, opensearch-dashboards-fips, pelias-api, code-server...
GHSA-Q8MJ-M7CP-5Q26 vulnerabilities
Vulnerabilities for packages: kibana, saf, kubeflow-pipelines, tileserver-gl-fips, opensearch-dashboards, tileserver-gl, redisinsight, thingsboard, prism, argo-workflows, sqlpad, thingsboard-fips, unleash, kubeflow-centraldashboard, json-server, opensearch-dashboards-fips, pelias-api, code-server...
Malicious code in @antv/gl-matrix (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
MAL-2026-4019 Malicious code in @antv/gl-matrix (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
1g6table (=0.1.0), @actonate/mirkwood-rx (=0.10.9) +1552 more potentially affected by unknown CVE via @antv/gl-matrix (=2.7.1)
@antv/gl-matrix NPM version =2.7.1 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/gl-matrix and may be impacted: - 1g6table =0.1.0 - @actonate/mirkwood-rx =0.10.9 - @aegis.inc/flow =0.0.1-beta, =0.1.0, =0.5.0-alpha.0, =0.1.0, =0.5.0-alpha.0,...
EUVD-2023-50669
Certain GL.iNet devices with 4.x firmware allow authentication bypass resulting in administrative control of the device via a username that is both a valid SQL statement and a valid regular expression. For example, this affects version 4.3.7 on GL-MT3000 GL-AR300M GL-B1300 GL-AX1800 GL-AR750S...
CVE-2023-46453
Certain GL.iNet devices with 4.x firmware allow authentication bypass resulting in administrative control of the device via a username that is both a valid SQL statement and a valid regular expression. For example, this affects version 4.3.7 on GL-MT3000 GL-AR300M GL-B1300 GL-AX1800 GL-AR750S...
CVE-2023-46453
Certain GL.iNet devices with 4.x firmware allow authentication bypass resulting in administrative control of the device via a username that is both a valid SQL statement and a valid regular expression. For example, this affects version 4.3.7 on GL-MT3000 GL-AR300M GL-B1300 GL-AX1800 GL-AR750S...
CVE-2023-46453
Certain GL.iNet devices with 4.x firmware allow authentication bypass resulting in administrative control of the device via a username that is both a valid SQL statement and a valid regular expression. For example, this affects version 4.3.7 on GL-MT3000 GL-AR300M GL-B1300 GL-AX1800 GL-AR750S...
CVE-2023-46453
Certain GL.iNet devices with 4.x firmware allow authentication bypass resulting in administrative control of the device via a username that is both a valid SQL statement and a valid regular expression. For example, this affects version 4.3.7 on GL-MT3000 GL-AR300M GL-B1300 GL-AX1800 GL-AR750S...
GHSA-J452-XHG8-QG39 vulnerabilities
Vulnerabilities for packages: tileserver-gl-fips, wazuh-dashboard-fips, opensearch-dashboards-fips, wazuh-dashboard, opensearch-dashboards, tileserver-gl...
CVE-2026-5758 vulnerabilities
Vulnerabilities for packages: tileserver-gl-fips, wazuh-dashboard-fips, opensearch-dashboards-fips, wazuh-dashboard, opensearch-dashboards, tileserver-gl...
GHSA-J452-XHG8-QG39 vulnerabilities
Vulnerabilities for packages: tileserver-gl, opensearch-dashboards...
CVE-2026-5758 vulnerabilities
Vulnerabilities for packages: tileserver-gl, opensearch-dashboards...
CVE-2026-22166 GPU DDK - Write UAF in KEGLGetPoolBuffers, WebGL reachable
A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger write UAF crash in the GPU GLES user-space shared library. On certain platforms, when the process executing graphics workload has system privileges this could enable subsequent exploit on the...
JLSEC-2026-365
A potential memory leak issue was discovered in SDL2 in GLESCreateTexture function in SDLrendergles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability affects SDL2 v2.0.4 and above. SDL-1.x are not affected...