CVE-2026-47381

CVE-2026-47381 affects NocoDB prior to 2026.05.1, where a user in one workspace could abuse the testConnection endpoint to access another workspace’s integration due to the integration being fetched in a bypass scope and permission checks being evaluated against any base in any workspace. The iss...

ai.ancf.lmos:lmos-operator (>=0.5.0 <=0.6.0), ai.telosforge:kimaira-starter-dms (>=1.2.4 <=1.2.6) +5089 more potentially affected by CVE-2026-22741 via org.springframework:spring-webmvc (>=6.2.0 <=6.2.17)

org.springframework:spring-webmvc MAVEN version =6.2.0, =0.5.0, =1.2.4, =1.2.4, =1.17.0, =0.3.0, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =8.6.0, =8.6.0, =8.6.0, =8.6.0, =8.6.0, =8.8.1 and more Source cves: CVE-2026-22741 Source advisory: OSV:GHSA-WG35-8JPF-2XV3...

ai.platon.pulsar:pulsar-agentic (>=4.5.0 <=4.6.0), ai.platon.pulsar:pulsar-boot (>=4.5.0 <=4.6.0) +4976 more potentially affected by CVE-2026-40971 via org.springframework.boot:spring-boot-autoconfigure (>=4.0.0-M1 <=4.0.5)

org.springframework.boot:spring-boot-autoconfigure MAVEN version =4.0.0-M1, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.7.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0-beta-2 and more Source cves: CVE-2026-40971 Source advisory:...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the plugin installation process on CI test instances with default admin credentials. An attacker can execute arbitrary code and access sensitive configuration data by uploading a malicious plugin after changin...

CVE-2026-2462

Mattermost versions 11.3.x &lt;= 11.3.0, 11.2.x &lt;= 11.2.2, and 10.11.x

org.apache.livy:livy-assembly (>=0.4.0-incubating <=0.8.0-incubating), org.apache.livy:livy-coverage-report (>=0.4.0-incubating <=0.8.0-incubating) +3 more potentially affected by CVE-2025-66249 via org.apache.livy:livy-server (>=0.4.0-incubating <=0.8.0-incubating)

org.apache.livy:livy-server MAVEN version =0.4.0-incubating, =0.4.0-incubating, =0.4.0-incubating, =0.4.0-incubating, =0.6.0-incubating, =2.0.0, =2.8.2 Source cves: CVE-2025-66249 Source advisory: OSV:GHSA-H84F-4FF9-8HC3...

org.apache.livy:livy-assembly (>=0.7.0-incubating <=0.8.0-incubating), org.apache.livy:livy-coverage-report (>=0.7.0-incubating <=0.8.0-incubating) +3 more potentially affected by CVE-2025-60012 via org.apache.livy:livy-server (>=0.7.0-incubating <=0.8.0-incubating)

org.apache.livy:livy-server MAVEN version =0.7.0-incubating, =0.7.0-incubating, =0.7.0-incubating, =0.7.0-incubating, =0.7.0-incubating, =2.0.0, =2.8.2 Source cves: CVE-2025-60012 Source advisory: SNYK:JAVA-ORGAPACHELIVY-15674462...

org.apache.livy:livy-assembly (>=0.4.0-incubating <=0.8.0-incubating), org.apache.livy:livy-coverage-report (>=0.4.0-incubating <=0.8.0-incubating) +3 more potentially affected by CVE-2025-66249 via org.apache.livy:livy-server (>=0.4.0-incubating <=0.8.0-incubating)

org.apache.livy:livy-server MAVEN version =0.4.0-incubating, =0.4.0-incubating, =0.4.0-incubating, =0.4.0-incubating, =0.6.0-incubating, =2.0.0, =2.8.2 Source cves: CVE-2025-66249 Source advisory: SNYK:JAVA-ORGAPACHELIVY-15520260...

org.apache.iotdb:integration-test (>=1.3.3 <=2.0.1-beta), org.apache.iotdb:iotdb-distribution (>=1.3.3 <=2.0.1-beta) potentially affected by CVE-2025-48459 via org.apache.iotdb:iotdb-confignode (>=1.3.3 <=2.0.1-beta)

org.apache.iotdb:iotdb-confignode MAVEN version =1.3.3, =1.3.3, =1.3.3, =2.0.1-beta Source cves: CVE-2025-48459 Source advisory: OSV:GHSA-776Q-JW43-FHJX...

org.apache.iotdb:integration-test (>=1.3.3 <=2.0.1-beta), org.apache.iotdb:iotdb-distribution (>=1.3.3 <=2.0.1-beta) potentially affected by CVE-2025-48459 via org.apache.iotdb:iotdb-confignode (>=1.3.3 <=2.0.1-beta)

org.apache.iotdb:iotdb-confignode MAVEN version =1.3.3, =1.3.3, =1.3.3, =2.0.1-beta Source cves: CVE-2025-48459 Source advisory: SNYK:JAVA-ORGAPACHEIOTDB-13053298...

Malicious code in petstore-integration-test (npm)

The package petstore-integration-test was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 96991c4e15df35927756d154bf8d985ad4d42eb85514c35adb2a0cc2bdc7218e This package installs a dependency hosted on a custom domain th...

MAL-2025-42055 Malicious code in petstore-integration-test (npm)

The package petstore-integration-test was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 96991c4e15df35927756d154bf8d985ad4d42eb85514c35adb2a0cc2bdc7218e This package installs a dependency hosted on a custom domain th...

Malicious code in launchpad-integration-test (npm)

The package launchpad-integration-test was found to contain malicious code...

MAL-2025-24970 Malicious code in launchpad-integration-test (npm)

The package launchpad-integration-test was found to contain malicious code...

org.apache.iotdb:client-example (>=2.0.1-beta <=2.0.2-1), org.apache.iotdb:customize-mqtt-example (=2.0.1-beta) +8 more potentially affected by CVE-2025-26864 via org.apache.iotdb:node-commons (>=2.0.1-beta <=2.0.2-1)

org.apache.iotdb:node-commons MAVEN version =2.0.1-beta, =2.0.1-beta, =2.0.1-beta, =2.0.2-1 - org.apache.iotdb:iotdb-distribution =2.0.1-beta - org.apache.iotdb:iotdb-server =2.0.1-beta - org.apache.iotdb:pipe-count-point-processor-example =2.0.1-beta - org.apache.iotdb:trigger-example =2.0.1-bet...

MAL-2024-8867 Malicious code in node-integration-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 23d6de79c4bf861e69bfe8d180b460e32004ab2e37565da361ba8874d29c6a71 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in node-integration-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 23d6de79c4bf861e69bfe8d180b460e32004ab2e37565da361ba8874d29c6a71 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SUSE-SU-2024:3151-1 Security update for buildah

This update for buildah fixes the following issues: Update to version 1.35.4: Bump to Buildah v1.35.4 CVE-2024-3727 updates bsc1224117 integration test: handle new labels in 'bud and test --unsetlabel' Bump go-jose CVE-2024-28180 Bump ocicrypt and go-jose CVE-2024-28180 Update to version 1.35.3:...

Malicious code in apollo-federation-integration-testsuite (npm)

--- -= Per source details. Do not edit below this line.=-...

SUSE CVE-2023-52773

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix a NULL pointer dereference in amdgpudmi2cxfer When ddcserviceconstruct is called, it explicitly checks both the link type and whether there is something on the link which will dictate whether the pin is marke...