534 matches found
CVE-2026-30616
Jaaz 1.0.30 contains a remote code execution vulnerability in its MCP STDIO command execution handling. A remote attacker can send crafted network requests to the network-accessible Jaaz application, causing attacker-controlled commands to be executed on the server. Successful exploitation result...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the DownloadFile and DownloadFileWithHeaders functions. An attacker can cause the server to make arbitrary HTTP requests to internal network resources by supplying crafted URLs during the migration...
CVE-2026-26102
Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request...
CVE-2026-26095
Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request...
CVE-2026-26101
Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request...
CVE-2026-26102 Incorrect Permission Assignment for Critical Resource in Owl opds
Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request...
CVE-2026-26100
CVE-2026-26100 concerns Owl opds, version 2.2.0.4, where incorrect permission assignment of a critical resource enables file manipulation via a crafted network request. The CVE entry documents a MEDIUM-severity issue with CVSS 4.0, scoped as local access, low attack complexity, and no user intera...
CVE-2026-26098
The CVE-2026-26098 entry concerns Owl opds version 2.2.0.4 and is caused by an Uncontrolled Search Path Element. The issue permits manipulation of configuration file search paths via a crafted network request, indicating local attack vector with high impact on confidentiality and integrity, and h...
CVE-2026-26096 Incorrect Permission Assignment for Critical Resource in Owl opds
Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request...
CVE-2026-26095
Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request...
CVE-2026-2333 Improper Neutralization of Special Elements used in a Command ('Command Injection') in Owl opds
Improper Neutralization of Special Elements used in a Command 'Command Injection' in Owl opds 2.2.0.4 allows Command Injection via a crafted network request...
CVE-2026-2333
The CVE is for Owl opds 2.2.0.4, where the vulnerability arises from Improper Neutralization of Special Elements used in a Command (Command Injection). The affected component is Owl opds 2.2.0.4, and the issue is exploitable via a crafted network request. Metrics indicate a CRITICAL base score of...
CVE-2026-2333 Improper Neutralization of Special Elements used in a Command ('Command Injection') in Owl opds
Improper Neutralization of Special Elements used in a Command 'Command Injection' in Owl opds 2.2.0.4 allows Command Injection via a crafted network request...
Owl Cyber Defense OPDS 命令注入漏洞
Owl Cyber Defense OPDS is a network isolation device developed by Owl Cyber Defense Corporation. Version 2.2.0.4 of Owl Cyber Defense OPDS contains a command injection vulnerability, which stems from improper neutralization of special elements. This vulnerability may allow command injection attac...
PT-2026-21267
Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request...
SAP BusinessObjects BI Platform 安全漏洞
SAP BusinessObjects BI Platform is a centralized suite provided by German company SAP for data reporting, visualization, and sharing. There is a security vulnerability in the SAP BusinessObjects BI Platform, which can exploit a specially crafted network request to compromise authentication...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the HttpUriPlugin component when HTTP redirects are followed without re-validating the allowed URIs. An attacker can cause unauthorized network requests to internal services and inclusion of untruste...
USN-7985-1: TeX Live vulnerabilities
Shin Ando discovered that the Xpdf toolkit embedded in TeX Live incorrectly handled memory when decoding certain data streams. An attacker could possibly use this issue to cause TeX Live to crash, resulting in a denial of service, or execute arbitrary code. This issue only affected Ubuntu 20.04 L...
USN-7985-1 texlive-bin vulnerabilities
Shin Ando discovered that the Xpdf toolkit embedded in TeX Live incorrectly handled memory when decoding certain data streams. An attacker could possibly use this issue to cause TeX Live to crash, resulting in a denial of service, or execute arbitrary code. This issue only affected Ubuntu 20.04 L...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Thread Pooling component. An attacker can cause the application to hang or crash repeatedly by sending specially crafted requests over the network with high privileges...