2053 matches found
GHSA-V4C4-Q9W7-M653 vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-P337-8MM9-6P6X vulnerabilities
Vulnerabilities for packages: chromium...
Security Bulletin: IBM Maximo Application Suite uses once-2.0.0.tgz which is vulnerable to CVE-2026-3449
Summary IBM Maximo Application Suite uses once-2.0.0.tgz which is vulnerable to CVE-2026-3449. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-3449 DESCRIPTION: Versions of the package @tootallnate/once before 3.0.1 are vulnerab...
CVE-2026-35371 vulnerabilities
Vulnerabilities for packages: uutils...
GHSA-5699-PPR6-8H44 vulnerabilities
Vulnerabilities for packages: grafana...
Linux Distros Unpatched Vulnerability : CVE-2026-9984
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in UI in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium...
EUVD-2026-33053
typescript-utcp is a typescript implementation of UTCP. Prior to 1.1.2, the @utcp/http package is vulnerable to a blind Server-Side Request Forgery SSRF caused by a trust-boundary inconsistency between manual discovery and tool invocation. registerManual validates the discovery URL against an HTT...
GHSA-5WFC-HJRC-GQ87 vulnerabilities
Vulnerabilities for packages: jitsucom-bulker...
GHSA-5WFC-HJRC-GQ87 vulnerabilities
Vulnerabilities for packages: jitsucom-bulker...
GHSA-RQ48-56F4-2WW7 vulnerabilities
Vulnerabilities for packages: chromium...
SUSE SLED15 / SLES15 Security Update : libsndfile (SUSE-SU-2026:1968-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1968-1 advisory. This update for libsndfile fixes the following issues - CVE-2025-52194: buffer overflow in the ircamreadheader...
Server-side Request Forgery (SSRF)
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the isSSRFSafeURL process. An attacker can access internal network resources or sensitive information by exploiting DNS rebindi...
CVE-2026-44294 vulnerabilities
Vulnerabilities for packages: cadence-web, kubeflow-centraldashboard, homepage, pulumi, librechat, renovate, opentelemetry-auto-instrumentations-node, vitess, gemini-cli, kibana...
CVE-2026-44578 vulnerabilities
Vulnerabilities for packages: keep...
GHSA-V87V-83H2-53W7 vulnerabilities
Vulnerabilities for packages: datahub-ingestion-fips, kubeflow-pipelines-visualization-server...
GHSA-4C54-JJ6J-3J34 vulnerabilities
Vulnerabilities for packages: linux-vmware, linux-qemu, linux-azure, linux-gcp, linux-aws...
CVE-2025-63706
NPM package next-npm-version1.0.1 is vulnerable to Command injection...
GHSA-2XX6-QF7X-GRQH next-npm-version is vulnerable to Command injection
NPM package next-npm-version1.0.1 is vulnerable to Command injection...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the downloadFrom and webhook processes. An attacker can access internal network resources and potentially exfiltrate sensitive information or interact with internal-only services by supplying special...
CVE-2025-63706
The CVE-2025-63706 entry concerns the NPM package next-npm-version1.0.1 , reported as vulnerable to command injection . Multiple connected records corroborate the issue across NVD/CVE and related feeds. The vulnerability is described as critical with a CVSS 3.1 base score of 9.8 (vectors: AV:N/AC...