1878 matches found
MAL-2026-5235 Malicious code in awaitly-analyze (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b77cddba130960f19c0c0b71b952811cc8dabd41e848d5305497cd16757ba2e3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
PT-2026-47086
Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.05.1 Description A low-privilege MCP token holder with knowledge of an attachment path can read any file in shared storage, including attachments from other bases and workspaces. This occurs because the MCP...
Ansible 参数注入漏洞
Ansible is an easy-to-use IT automation system developed under the open source license of Ansible. Ansible has a parameter injection vulnerability, which stems from improper use of the parameter separator in the ansible-galaxy role install command, allowing arbitrary code to execute...
CVE-2026-5066
A potential out-of-bounds write/read exists in the TLS socket connect path of the network sockets subsystem subsys/net/lib/sockets/socketstls.c. When the TLS session cache is enabled, tlssessionstore and tlssessionrestore memcpy the caller-supplied address into a fixed-size buffer using the...
CVE-2026-49187
The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse...
CVE-2026-49187 Hard-coded APK Resource Credentials & Scepters
The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse...
CVE-2026-49187 Hard-coded APK Resource Credentials & Scepters
The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse...
EUVD-2026-34204
The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse...
CVE-2026-49187
The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse...
CVE-2026-49187
CVE-2026-49187 concerns hard-coded APK resource files that never expire and a shared scepter that can lead to information leaks and potential misuse. According to the entry, exploitation is network-based with low attack complexity and no privileges required, causing high confidentiality impact (t...
Acer M6E 安全漏洞
The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability. This vulnerability stems from the hardcoded nature of the APK resource files, which are never expired and share credentials, potentially leading to informati...
PT-2026-46144
The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse...
CVE-2026-6873
CVE-2026-6873 affects Django 6.0 before 6.0.6 and 5.2 before 5.2.15. The issue is a non-injective salt derivation in django.http.HttpRequest.get_signed_cookie that concatenates the cookie name and salt argument, enabling a remote attacker to use a signed cookie in a context different from where i...
Oracle Linux 8 : gnutls (ELSA-2026-20611)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-20611 advisory. - Fix CVE-2026-33846 DTLS fragment reassembly, High, heap overwrite - Fix CVE-2026-42009 DTLS fragment reassembly, High, undefined behaviour - Fix...
BIT-KIBANA-2026-33463 Operation on a Resource after Expiration or Termination in Kibana Leading to Unauthorized File Access
Operation on a Resource after Expiration or Termination CWE-672 in Kibana can lead to unauthorized information disclosure. A logic error in how expiration timestamps were validated allowed a time-bounded access token to remain usable beyond its intended validity window, enabling an unauthenticate...
UTT HiPER 1200GW 安全漏洞
UTT HiPER 1200GW is a wireless gateway device developed by UTT Corporation. Versions of UTT HiPER 1200GW prior to 2.5.3-170306 contained security vulnerabilities. These vulnerabilities were caused by incorrect parameter handling in the strcpy function within the file/goform/formFireWall, which...
UTT HiPER 1200GW 安全漏洞
UTT HiPER 1200GW is a wireless gateway device developed by UTT Corporation. Versions of UTT HiPER 1200GW prior to 2.5.3-170306 contained security vulnerabilities. These vulnerabilities were caused by incorrect operations with the strcpy function in the file/goform/formTaskEdit, which could lead t...
CVE-2026-37224
Summary: FlexRIC v2.0.0 crashes when it receives two identical E2_SETUP_REQUEST messages from the same or spoofed E2 Nodes. The iApp registry enforces node ID uniqueness via an assert(), not a graceful rejection, leading to a remote unauthenticated crash of the iApp process (port 36421) and a SIG...
EUVD-2026-33265
The Contact Form 7 – PayPal & Stripe Add-on plugin for WordPress is vulnerable to Payment Bypass via Insufficient Verification of Data Authenticity in all versions up to, and including, 2.4.9. Although cf7pppaypalipnhandler correctly validates IPN authenticity by posting back to PayPal with...
WWBN AVideo 操作系统命令注入漏洞
WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 29.0 contained an operating system command injection vulnerability. This vulnerability stemmed from the execAsync command in the YPTSocket notification branch, which constructed...