47578 matches found
Important: amazon-efs-utils
Issue Overview: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used...
CVE-2026-31281
Totara LMS v19.1.5 and before is vulnerable to HTML Injection. An attacker can inject malicious HTML code in a message and send it to all the users in the application, resulting in executing the code and may lead to session hijacking and executing commands on the victim's browser. NOTE: The...
PT-2026-35846
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.138 Description An inappropriate implementation in Tint allows a remote attacker to perform out of bounds memory access, which occurs when a program reads or writes data outside the boundaries of the...
PT-2026-32579
Name of the Vulnerable Software and Affected Versions Prometheus versions 3.0 through 3.5.1 Prometheus versions 3.6.0 through 3.11.1 Description Stored cross-site scripting exists in multiple components of the Prometheus web UI, specifically within the Mantine UI and the old React UI. The issue...
📄 Pachno 1.0.6 Cross Site Request Forgery
Pachno version 1.0.6 suffers from a cross site request forgery vulnerability. Pachno 1.0.6 Cross-Site Request Forgery Vendor: Daniel André Eikeland Product web page: https://github.com/pachno/pachno Affected version: 1.0.6 Summary: Pachno is an open-source collaboration platform formerly known as...
PT-2026-32428
Helm is a package manager for Charts for Kubernetes. In Helm versions =3.20.1 and =4.1.3, a specially crafted Chart will cause helm pull --untar chart URL | repo/chartname to write the Chart's contents to the immediate output directory as defaulted to the current working directory; or as given by...
SUSE CVE-2026-35205
Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, Helm will install plugins missing provenance .prov file when signature verification is required. This vulnerability is fixed in 4.1.4...
MINI-275X-Q75G-9V8F
Bulletin has no description...
MINI-J3J2-7F3V-HX53
Bulletin has no description...
Pachno 1.0.6 Cross-Site Request Forgery
Summary Pachno is an open-source collaboration platform formerly known as The Bug Genie designed for team project management, issue tracking, and documentation. It offers a module-based, customizable environment for software development and team workflows, distributed under the Mozilla Public...
MINI-MRJG-WRPF-H57R
Bulletin has no description...
MINI-3X24-XMMV-2W5V
Bulletin has no description...
MINI-8XC4-C66F-3GMQ
Bulletin has no description...
MINI-74V2-MQC3-8RFX
Bulletin has no description...
MINI-Q889-Q9H6-RWJ5
Bulletin has no description...
MINI-453M-W45Q-X66X
Bulletin has no description...
OESA-2026-1845 qemu security update
QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: A flaw was found in QEMU. When reading input audio in the virtio-snd device input callback, the virtiosndpcmincb function did not check whether the iov could fit the data buffer,...
CVE-2026-32281 vulnerabilities
Vulnerabilities for packages: cilium-envoy, external-dns, kubernetes-csi-external-snapshotter, vault-k8s, calico, incert, redpanda, flux-image-automation-controller, stern, seaweedfs, nri-elasticsearch, aws-signer-notation-plugin, oras, timoni, metacontroller, hubble-ui, nerdctl, crane,...
CVE-2026-34020
Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings. The REST login endpoint uses HTTP GET method with username and password passed as query parameters. Please check references regarding possible impact This issue affects Apache OpenMeetings: from 3.1.3...
CVE-2026-34723
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, unauthenticated remote attackers were able to access the getting started endpoint to get access to sensitive internal entity data, even after the system setup was completed. This vulnerability is fixed i...