12237 matches found
EUVD-2026-40025
A vulnerability was found in YunaiV/zhijiantianya ruoyi-vue-pro up to 2026.04-jdk8-SNAPSHOT. The impacted element is the function generateUploadPath of the file yudao-module-infra/src/main/java/cn/iocoder/yudao/module/infra/service/file/FileServiceImpl.java of the component AppFileController File...
CVE-2026-13528
CVE-2026-13528 affects YunaiV/zhijiantianya ruoyi-vue-pro up to 2026.04-jdk8-SNAPSHOT. The vulnerable element is the function generateUploadPath in FileServiceImpl.java under the AppFileController File Upload Endpoint. A manipulation can cause path traversal, enabling remote exploitation. The exp...
EUVD-2026-40007
A vulnerability was found in SimStudioAI sim up to 0.6.92. Affected by this vulnerability is an unknown functionality in the library apps/sim/lib/core/security/deployment.ts of the component Password Protection Handler. Performing a manipulation results in use of weak hash. The attack is possible...
CVE-2026-13510
A vulnerability was found in SimStudioAI sim up to 0.6.92. Affected by this vulnerability is an unknown functionality in the library apps/sim/lib/core/security/deployment.ts of the component Password Protection Handler. Performing a manipulation results in use of weak hash. The attack is possible...
CVE-2026-13510 SimStudioAI sim Password Protection deployment.ts weak hash
A vulnerability was found in SimStudioAI sim up to 0.6.92. Affected by this vulnerability is an unknown functionality in the library apps/sim/lib/core/security/deployment.ts of the component Password Protection Handler. Performing a manipulation results in use of weak hash. The attack is possible...
CVE-2026-13510
CVE-2026-13510 affects SimStudioAI sim up to 0.6.92. The vulnerability lies in the Password Protection Handler, specifically the file: apps/sim/lib/core/security/deployment.ts, where a manipulation leads to use of a weak hash. This can be exploited remotely with high attack complexity, and the ex...
CVE-2026-13482
A vulnerability was detected in skypilot-org skypilot up to 0.12.0. Impacted is the function username.encode of the file sky/users/server.py of the component User ID Handler. The manipulation results in use of weak hash. The attack may be performed from remote. This attack is characterized by hig...
CVE-2026-13482
CVE-2026-13482 affects skypilot-org/skypilot
EUVD-2026-39982
A vulnerability was detected in skypilot-org skypilot up to 0.12.0. Impacted is the function username.encode of the file sky/users/server.py of the component User ID Handler. The manipulation results in use of weak hash. The attack may be performed from remote. This attack is characterized by hig...
CVE-2026-13482 skypilot-org skypilot User ID server.py username.encode weak hash
A vulnerability was detected in skypilot-org skypilot up to 0.12.0. Impacted is the function username.encode of the file sky/users/server.py of the component User ID Handler. The manipulation results in use of weak hash. The attack may be performed from remote. This attack is characterized by hig...
PT-2026-53166
Name of the Vulnerable Software and Affected Versions SimStudioAI sim versions prior to 0.6.93 Description An issue exists in the Password Protection Handler component within the apps/sim/lib/core/security/deployment.ts library. A remote attacker can perform a manipulation that results in the use...
Linux Distros Unpatched Vulnerability : CVE-2026-52973
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - futex: Drop CLONETHREAD requirement for private default hash alloc Currently needfutexhashallocatedefault depends on strict pthread semantics, abusing...
Linux Distros Unpatched Vulnerability : CVE-2026-53038
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - imafs: Correctly create securityfs files for unsupported hash algos imatpmchip-allocatedbanksi.cryptoid is initialized to HASHALGOLAST if the TPM algorithm is n...
Linux Distros Unpatched Vulnerability : CVE-2026-53265
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dm cache policy smq: check allocation under invalidate lock commit 2d1f7b65f5de dm cache policy smq: fix missing locks in invalidating cache blocks added mq-loc...
Linux Distros Unpatched Vulnerability : CVE-2026-53221
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ip6vti: fix incorrect tunnel matching in vti6tnllookup In vti6tnllookup, when an exact match for a tunnel fails, the code falls back to searching for wildcard...
netfilter: ipset: stop hash:* range iteration at end
...
CVE-2026-9242
The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Verification of Data Authenticity in all versions up to and including 6.0.8.6. This is due to the PayPal IPN callback handler...
EUVD-2026-39490
pnpm: Git Fetch Argument Injection via Lockfile resolution.commit...
pnpm: Tarball hash of GitHub git dependencies is not stored in lockfile
Summary A malicious codeload.github.com server can serve whatever tarball it wants and pnpm will install it regardless of the lockfile. Details The lockfile does not store the hash of the dependencies from https://codeload.github.com This means that if this server was compromised or a person's...
CVE-2026-39031
Lansweeper lsrunase 2.0 and lsencrypt 2.0 use RC4 encryption with a hardcoded 142-byte static key array to encrypt credentials. An 8-character prefix is stored in cleartext alongside the ciphertext. This allows an attacker with local access to recover any encrypted password to plaintext using a...