47722 matches found
CVE-2025-15573 Missing Certificate Validation for Solax Power Pocket WiFi models MQTT Cloud Connection
The affected devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in the Alibaba Cloud mqtt001.solaxcloud.com, TCP 8883. This allows attackers in a man-in-the-middle position to act as the legitimate MQTT server and issue arbitrary commands to...
DRAMatic Speedup: Accelerating HE Operations on a Processing-In-Memory System
Homomorphic encryption HE is a promising technology for confidential cloud computing, as it allows computations on encrypted data. However, HE is computationally expensive and often memory-bound on conventional computer architectures. Processing-in-Memory PIM is an alternative hardware architectu...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : xrdp (SUSE-SU-2026:0433-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0433-1 advisory. - CVE-2025-68670: Fix a potential overflow when processing user domain information. bsc1257362 Tenable ha...
PT-2026-7913
Name of the Vulnerable Software and Affected Versions emp3r0r versions prior to 3.21.1 Description emp3r0r is a command and control C2 tool designed for Linux environments. Versions prior to 3.21.1 accept untrusted agent metadata, specifically Transport and Hostname, during the check-in process...
PT-2026-7924
RICOH Web Image Monitor 1.09 contains an HTML injection vulnerability in the address configuration CGI script that allows attackers to inject malicious HTML code. Attackers can exploit the entryNameIn and entryDisplayNameIn parameters to insert arbitrary HTML content, potentially enabling...
galaxy-fds-sdk-android 安全漏洞
Galaxy-FDS-SDK-Android is an open-source developer toolkit developed by Xiaomi for storing file data on Xiaomi devices. Versions of Galaxy-FDS-SDK-Android 3.0.8 and earlier contain security vulnerabilities. These vulnerabilities stem from the disabling of TLS hostname verification when HTTPS is...
PT-2026-7834
Name of the Vulnerable Software and Affected Versions SolaX devices affected versions not specified Description Devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in Alibaba Cloud mqtt001.solaxcloud.com, TCP 8883. This allows attackers in a...
SolaX Power Pocket 安全漏洞
SolaX Power Pocket is a monitoring data collection tool developed by SolaX Energy in China. There is a security vulnerability in SolaX Power Pocket, which stems from the lack of server certificate verification when connecting to the SolaX Cloud MQTTS server. This vulnerability could allow a...
Prototype Pollution
Overview set-in is a set value of nested associative structure given array of keys Affected versions of this package are vulnerable to Prototype Pollution via the set-in function. An attacker can modify the prototype of built-in objects by supplying crafted input that leverages Array.prototype,...
CVE-2026-26021
set-in provides the set value of nested associative structure given array of keys. A prototype pollution vulnerability exists in the the npm package set-in =2.0.1, 2.0.5. Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input contained a forbidden key...
CVE-2026-26021 Prototype pollution in set-in
set-in provides the set value of nested associative structure given array of keys. A prototype pollution vulnerability exists in the the npm package set-in =2.0.1, 2.0.5. Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input contained a forbidden key...
CVE-2026-26021
CVE-2026-26021 affects the npm package set-in (versions >=2.0.1,
CVE-2026-26021
set-in provides the set value of nested associative structure given array of keys. A prototype pollution vulnerability exists in the the npm package set-in =2.0.1, 2.0.5. Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input contained a forbidden key...
CVE-2026-26021 Prototype pollution in set-in
set-in provides the set value of nested associative structure given array of keys. A prototype pollution vulnerability exists in the the npm package set-in =2.0.1, 2.0.5. Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input contained a forbidden key...
CVE-2026-26021 Prototype pollution in set-in
set-in provides the set value of nested associative structure given array of keys. A prototype pollution vulnerability exists in the the npm package set-in =2.0.1, 2.0.5. Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input contained a forbidden key...
CVE-2026-25062
Outline is a service that allows for collaborative documentation. Prior to 1.4.0, during the JSON import process, the value of attachments.key from the imported JSON is passed directly to path.joinrootPath, node.key and then read using fs.readFile without validation. By embedding path traversal...
CVE-2026-25633
Statamic is a, Laravel + Git powered CMS designed for building websites. Prior to 5.73.6 and 6.2.5, users without permission to view assets are able are able to download them and view their metadata. Logged-out users and users without permission to access the control panel are unable to take...
CVE-2026-26012 vaultwarden has Full Cipher Enumeration Ignoring Organization Collection Permissions
vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Prior to 1.35.3, a regular organization member can retrieve all ciphers within an organization, regardless of collection permissions. The endpoint /ciphers/organization-details is accessible t...
CVE-2026-25990
Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, an out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1...
CVE-2026-25935 Vikunja Affected by XSS Via Task Preview
Vikunja is a todo-app to organize your life. Prior to 1.1.0, TaskGlanceTooltip.vue temporarily creates a div and sets the innerHtml to the description. Since there is no escaping on either the server or client side, a malicious user can share a project, create a malicious task, and cause an XSS o...