CVE-2026-28794

The CVE concerns oRPC and its @orpc/client package. Prior to v1.13.6, the RPC JSON deserializer in StandardRPCJsonSerializer can perform prototype pollution by injecting properties into Object.prototype via attacker-controlled paths in the data (notably through the maps and meta vectors). This vu...

Redoc 安全漏洞

Redoc is an open source tool from Redocly Open Source. It is used to generate documentation from OpenAPI definitions. A security vulnerability exists in Redoc version v2.0.9-rc.69. An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service denial of servic...

The vulnerability of the OpenAPI audit tool for detecting and tracking network activities, Nozomi Guardian, and the Nozomi Central Management Console (CMC), a centralized security management tool, allows attackers to gain access to protected information.

The vulnerability of the OpenAPI-based detection and monitoring tool for network activities, Nozomi Guardian, as well as the Nozomi Central Management Console CMC, relates to insufficient protection of registration data. Exploiting this vulnerability could allow a malicious actor to gain access t...