3765 matches found
CVE-2026-44830
Nocturne Memory is a lightweight, rollbackable, and visual Long-Term Memory Server for MCP Agents. Prior to 2.4.1, when APITOKEN is unset or empty, the BearerTokenAuthMiddleware bypasses authentication for all HTTP requests. Combined with the default 0.0.0.0 host binding and CORS alloworigins="",...
CVE-2026-4795
A missing authorization vulnerability in Zyxel GS1200-5v3 firmware versions through 1.00ACPS.2C0, GS1200-8v3 firmware versions through 1.00ACPT.2C0, GS1200-5HPv3 firmware versions through 1.00ACPU.2C0, GS1200-8HPv3 firmware versions through 1.00ACPV.2C0, and GS1200-10v3 firmware versions through...
EUVD-2026-31779
A missing authorization vulnerability in Zyxel GS1200-5v3 firmware versions through 1.00ACPS.2C0, GS1200-8v3 firmware versions through 1.00ACPT.2C0, GS1200-5HPv3 firmware versions through 1.00ACPU.2C0, GS1200-8HPv3 firmware versions through 1.00ACPV.2C0, and GS1200-10v3 firmware versions through...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: In the net: dsa section, there is a fix for dereferencing a NULL pointer in dsaportresetvlanfiltering. The “ds” iterator variable used in dsaportresetvlanfiltering overwrites the “dp” parameter received as an argument, which is...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: bridge: Fixed a null pointer dereference in the vlan tunnel destination. This patch addresses a issue where a null pointer dereference occurred due to lockless access in the tunnel egress path. When deleting a vlan tunnel, t...
Astra Linux – Vulnerability in docker.io
Moby is an open-source container framework developed by Docker Inc. It is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component dockerd, which is developed as moby/moby, is commonly referred to as Docker. Swarm Mode, which is...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ip6mr: Fixed skbunderpanic in ip6mrcachereport. skbuff: skbunderpanic: Text: fffffffff88771f69; Len: 56; Put: -4; Head: ffffff88c5f86a800; Data: fffff887f5f86a850; Tail: 0x88; End: 0x2c0; Device: pim6reg. ----------- Cut here...
Astra Linux – Vulnerability in freerdp2
FreeRDP is a free implementation of the Remote Desktop Protocol RDP. In versions prior to 2.7.0, NT LAN Manager NTLM authentication does not properly abort when someone provides an empty password value. This issue affects FreeRDP-based RDP Server implementations. RDP clients are not affected. The...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: idpf: fixed a memory leak in idpfvccoredeinit Make sure to free hw-lan regs. Reported by kmemleak during reset: Unreferenced object 0xff1b913d02a936c0 size 96: comm "kworker/u258:14", pid 2174, jiffies 4294958305 Hex dump first 3...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: brnetfilter: fix a kernel panic when sending untagged traffic via a VxLAN device. This issue occurs during the check for fragmentation in brnfdevqueuexmit. It depends on the following conditions: 1 The brnetfilter modu...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed the metadatadst leak in bpfredirectneigh for arguments bpfredirectneighv4,6 Cilium includes a BPF egress gateway feature that forces outgoing Kubernetes Pods’ traffic to pass through dedicated egress gateways. This...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: bcmasp – fixed the double-free of WoL irq. We no longer need to free wolirq, as it was instantiated using devmrequestirq. Therefore, devres will handle the freeing of resources on our behalf...
CVE-2026-9003
E-LAN Hybrid Recording System developed by TONNET has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...
CVE-2026-9003 TONNET|E-LAN Hybrid Recording System - SQL Injection
E-LAN Hybrid Recording System developed by TONNET has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...
EUVD-2026-31046
E-LAN Hybrid Recording System developed by TONNET has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...
CVE-2026-9003
E-LAN Hybrid Recording System developed by TONNET has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...
CVE-2026-9003
CVE-2026-9003 concerns TONNET’s E-LAN Hybrid Recording System, which is reported to have an unauthenticated SQL Injection vulnerability that lets an attacker inject arbitrary SQL commands to read database contents. The connected documents do not specify affected product versions, exact vulnerable...
PT-2026-42101
E-LAN Hybrid Recording System developed by TONNET has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...
Nuxt: Dev server exposes built source over LAN to malicious sites (incomplete fix for GHSA-4gf7-ff8x-hq99)
Summary This is an incomplete fix for GHSA-4gf7-ff8x-hq99. Source code may be stolen during dev when using the webpack / rspack builder if the dev server is bound to a non-loopback address e.g. nuxt dev --host and the developer opens a malicious site on the same network. Details The fix for...
CVE-2026-42948
Stored cross-site scripting vulnerability exists in ELECOM wireless LAN access point devices. If one of the administrators input malicious data, an arbitrary script may be executed in another administrative user's web browser...