Linux Distros Unpatched Vulnerability : CVE-2026-40682

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - XML External Entity XXE via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: before 2.5.9, before 3.0.0-M3...

GHSA-CX4M-2P55-RW7J Apache OpenNLP ExtensionLoader Vulnerable to Arbitrary Class Instantiation via Model Manifest

Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The ExtensionLoader.instantiateExtensionClass, String method loads a class by its fully-qualified name via Class.forName and invokes its no-arg...

Apache OpenNLP ExtensionLoader Vulnerable to Arbitrary Class Instantiation via Model Manifest

Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The ExtensionLoader.instantiateExtensionClass, String method loads a class by its fully-qualified name via Class.forName and invokes its no-arg...

DEBIAN-CVE-2026-42440

OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP AbstractModelReader Versions Affected: before 2.5.9 before 3.0.0-M3 Description: The AbstractModelReader methods getOutcomes, getOutcomePatterns, and getPredicates each read a 32-bit signed integer count field from a binary...

DEBIAN-CVE-2026-40682

XML External Entity XXE via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The DictionaryEntryPersistor class initializes a static SAXParserFactory at class-load time without enabling FEATURESECUREPROCESSING ...

CVE-2026-40682

XML External Entity XXE via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The DictionaryEntryPersistor class initializes a static SAXParserFactory at class-load time without enabling FEATURESECUREPROCESSING ...

CVE-2026-42027

The CVE-2026-42027 issue affects Apache OpenNLP ExtensionLoader: ExtensionLoader.instantiateExtension(Class, String) uses Class.forName() to load a class name from a model archive manifest and invokes its no-arg constructor. Although the isAssignableFrom check filters types after loading, Class.f...

Apache OpenNLP 安全漏洞

Apache OpenNLP is a natural language processing toolkit developed by the Apache Foundation. There is a security vulnerability in Apache OpenNLP, which stems from AbstractModelReader not verifying whether the counts in array assignments are non-negative or within a reasonable range. This could lea...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: - bus: mhi: core: Fixed an invalid error that was returned in mhiqueue. - mhiqueue returns an error when the doorbell is not accessible in the current state. This can occur when the device is in a non-M0 state, such as M3, and...

CVE-2026-5567

A flaw has been found in Tenda M3 1.0.0.10. This vulnerability affects the function setAdvPolicyData of the file /goform/setAdvPolicyData of the component Destination Handler. Executing a manipulation of the argument policyType can lead to buffer overflow. The attack can be executed remotely. The...

CVE-2026-5567

A flaw has been found in Tenda M3 1.0.0.10. This vulnerability affects the function setAdvPolicyData of the file /goform/setAdvPolicyData of the component Destination Handler. Executing a manipulation of the argument policyType can lead to buffer overflow. The attack can be executed remotely. The...

CVE-2026-5567 Tenda M3 Destination setAdvPolicyData buffer overflow

A flaw has been found in Tenda M3 1.0.0.10. This vulnerability affects the function setAdvPolicyData of the file /goform/setAdvPolicyData of the component Destination Handler. Executing a manipulation of the argument policyType can lead to buffer overflow. The attack can be executed remotely. The...

CVE-2026-5567

CVE-2026-5567 applies to Tenda M3 firmware 1.0.0.10, specifically the Destination Handler function setAdvPolicyData. The vulnerability stems from a manipulation of the policyType argument that can cause a buffer overflow, enabling remote execution. Multiple sources in the connected documents conf...

CVE-2026-5567 Tenda M3 Destination setAdvPolicyData buffer overflow

A flaw has been found in Tenda M3 1.0.0.10. This vulnerability affects the function setAdvPolicyData of the file /goform/setAdvPolicyData of the component Destination Handler. Executing a manipulation of the argument policyType can lead to buffer overflow. The attack can be executed remotely. The...

Tenda M3 安全漏洞

Tenda M3 is an access control device produced by the Chinese company Tenda. Version 1.0.0.10 of Tenda M3 contains a security vulnerability. This vulnerability stems from incorrect handling of the parameter “policyType” in files located at “goform/setAdvPolicyData”, which may lead to a buffer...

PT-2026-30384

Name of the Vulnerable Software and Affected Versions Tenda M3 version 1.0.0.10 Description A flaw exists in the Destination Handler component of Tenda M3 version 1.0.0.10. Manipulation of the policyType argument in the setAdvPolicyData function, accessible via the '/goform/setAdvPolicyData'...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection due to the AbstractFilterExpressionConverter's handling of operator characters, such as || and &&. This allows authenticated users to bypass metadata-based access controls by supplying arbitrary JSONPath queries to access...

CVE-2026-22613

The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. This security issue has been fixed in the latest firmware version of Eaton Network M3 which is available on the...

CVE-2026-22613

The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. This security issue has been fixed in the latest firmware version of Eaton Network M3 which is available on the...

CVE-2026-22613

The CVE-2026-22613 entry pertains to Eaton Network M3 firmware upgrades via command shell, where the server identity check during upgrade is insecure, enabling potential MITM. Affected component: firmware upgrade mechanism; root cause: insecure server identity verification in upgrade flow. Impact...