682 matches found
MyBB Recent threads 跨站脚本漏洞
MyBB Recent threads is a plugin provided by MyBB Corporation that displays the latest topic lists on forums. Version 17.0 of MyBB Recent threads contains a cross-site scripting vulnerability. This vulnerability stems from persistent cross-site scripting, allowing attackers to inject malicious...
CVE-2026-35343
The cut utility in uutils coreutils incorrectly handles the -s only-delimited option when a newline character is specified as the delimiter. The implementation fails to verify the onlydelimited flag in the cutfieldsnewlinechardelim function, causing the utility to print non-delimited lines that...
CVE-2026-35343 uutils coreutils cut Inconsistent Output Suppression with Newline Delimiters
The cut utility in uutils coreutils incorrectly handles the -s only-delimited option when a newline character is specified as the delimiter. The implementation fails to verify the onlydelimited flag in the cutfieldsnewlinechardelim function, causing the utility to print non-delimited lines that...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013579)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013579 advisory. In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: setup GPIO controller later in probe The GPIO controller component of the...
Defense in Depth, Medieval Style
This article on the walls of Constantinople is fascinating. The system comprised four defensive lines arranged in formidable layers: The brick-lined ditch, divided by bulkheads and often flooded, 15-20 meters wide and up to 7 meters deep. A low breastwork, about 2 meters high, enabling defenders...
Malicious Package
Overview tailwind-lines-clamp is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in tailwind-lines-clamp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d3d215fb943fe734ea49a73d1d0f503c465c829b5f5b5327ca3d83eaa0e377a The package tailwind-lines-clamp was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2655 Malicious code in tailwind-lines-clamp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d3d215fb943fe734ea49a73d1d0f503c465c829b5f5b5327ca3d83eaa0e377a The package tailwind-lines-clamp was found to contain malicious code. Source: ghsa-malware...
CVE-2026-39414
CVE-2026-39414 affects MinIO’s S3 Select CSV parsing. The CSV reader’s nextSplit() calls ReadBytes('\n') without a size limit, causing unbounded buffering and memory exhaustion (OOM) when processing long lines; a file with no newline can trigger a single large allocation. This can be exploited by...
PT-2026-31016
Name of the Vulnerable Software and Affected Versions OpenTelemetry-Go versions 1.36.0 through 1.40.0 Description The OpenTelemetry-Go implementation is susceptible to a remote request amplification issue due to the way it handles multi-value baggage headers. Specifically, the extractMultiBaggage...
SEPPmail Secure Email Gateway 安全漏洞
SEPPmail Secure Email Gateway is an email security gateway developed by the German company SEPPmail. Versions of SEPPmail Secure Email Gateway prior to version 15.0.3 contained security vulnerabilities. These vulnerabilities stemmed from a flaw that allowed attackers to hide security labels for...
PT-2026-28496
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.17 Description OpenClaw creates session transcript JSONL files with overly broad default permissions, allowing local users to read transcript contents. An attacker with local access can read these transcript...
CVE-2026-33268
Nanoleaf Lines 12.3.2 does not authenticate firmware file uploads. A remote, unauthenticated attacker can upload firmware files on the device and consume storage resources. Fixed in 12.3.6...
GHSA-V3RJ-XJV7-4JMQ smol-toml: Denial of Service via TOML documents containing thousands of consecutive commented lines
Summary An attacker can send a maliciously crafted TOML to cause the parser to crash, because of a stack overflow caused by thousands of consecutive commented lines. The library uses recursion internally while parsing to skip over commented lines, which can be exploited to crash an application th...
smol-toml: Denial of Service via TOML documents containing thousands of consecutive commented lines
Summary An attacker can send a maliciously crafted TOML to cause the parser to crash, because of a stack overflow caused by thousands of consecutive commented lines. The library uses recursion internally while parsing to skip over commented lines, which can be exploited to crash an application th...
CVE-2026-33268
Nanoleaf Lines 12.3.2 does not authenticate firmware file uploads. A remote, unauthenticated attacker can upload firmware files on the device and consume storage resources. Fixed in 12.3.6...
CVE-2026-33268
Nanoleaf Lines 12.3.2 does not authenticate firmware file uploads. A remote, unauthenticated attacker can upload firmware files on the device and consume storage resources. Fixed in 12.3.6...
CVE-2026-33268 Nanoleaf Lines unauthenticated firmware file store
Nanoleaf Lines 12.3.2 does not authenticate firmware file uploads. A remote, unauthenticated attacker can upload firmware files on the device and consume storage resources. Fixed in 12.3.6...
CVE-2026-33268 Nanoleaf Lines unauthenticated firmware file store
Nanoleaf Lines 12.3.2 does not authenticate firmware file uploads. A remote, unauthenticated attacker can upload firmware files on the device and consume storage resources. Fixed in 12.3.6...
CVE-2026-33268
Nanoleaf Lines (firmware 12.3.2) is affected by CVE-2026-33268 due to unauthenticated firmware uploads, allowing a remote attacker to upload firmware and consume storage resources. The issue is network-accessible with no required privileges and could impact availability and, to a lesser extent, i...