2055 matches found
GHSA-V4C4-Q9W7-M653 vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-P337-8MM9-6P6X vulnerabilities
Vulnerabilities for packages: chromium...
CVE-2026-31843
The goodoneuz/pay-uz Laravel package = 2.2.24 contains a critical vulnerability in the /payment/api/editable/update endpoint that allows unauthenticated attackers to overwrite existing PHP payment hook files. The endpoint is exposed via Route::any without authentication middleware, enabling remot...
Linux Distros Unpatched Vulnerability : CVE-2026-11043
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds write in ANGLE in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially...
Security Bulletin: IBM Maximo Application Suite uses once-2.0.0.tgz which is vulnerable to CVE-2026-3449
Summary IBM Maximo Application Suite uses once-2.0.0.tgz which is vulnerable to CVE-2026-3449. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-3449 DESCRIPTION: Versions of the package @tootallnate/once before 3.0.1 are vulnerab...
CVE-2026-35371 vulnerabilities
Vulnerabilities for packages: uutils...
GHSA-5699-PPR6-8H44 vulnerabilities
Vulnerabilities for packages: grafana...
Linux Distros Unpatched Vulnerability : CVE-2026-9984
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in UI in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium...
EUVD-2026-33053
typescript-utcp is a typescript implementation of UTCP. Prior to 1.1.2, the @utcp/http package is vulnerable to a blind Server-Side Request Forgery SSRF caused by a trust-boundary inconsistency between manual discovery and tool invocation. registerManual validates the discovery URL against an HTT...
GHSA-5WFC-HJRC-GQ87 vulnerabilities
Vulnerabilities for packages: jitsucom-bulker...
GHSA-5WFC-HJRC-GQ87 vulnerabilities
Vulnerabilities for packages: jitsucom-bulker...
GHSA-RQ48-56F4-2WW7 vulnerabilities
Vulnerabilities for packages: chromium...
SUSE SLED15 / SLES15 Security Update : libsndfile (SUSE-SU-2026:1968-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1968-1 advisory. This update for libsndfile fixes the following issues - CVE-2025-52194: buffer overflow in the ircamreadheader...
Server-side Request Forgery (SSRF)
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the isSSRFSafeURL process. An attacker can access internal network resources or sensitive information by exploiting DNS rebindi...
CVE-2026-44294 vulnerabilities
Vulnerabilities for packages: gemini-cli, pulumi, kibana, renovate, kubeflow-centraldashboard, librechat, vitess, homepage, opentelemetry-auto-instrumentations-node, cadence-web...
CVE-2026-44578 vulnerabilities
Vulnerabilities for packages: keep...
GHSA-V87V-83H2-53W7 vulnerabilities
Vulnerabilities for packages: datahub-ingestion-fips, kubeflow-pipelines-visualization-server...
GHSA-4C54-JJ6J-3J34 vulnerabilities
Vulnerabilities for packages: linux-aws, linux-qemu, linux-vmware, linux-gcp, linux-azure...
CVE-2025-63706
NPM package next-npm-version1.0.1 is vulnerable to Command injection...
GHSA-2XX6-QF7X-GRQH next-npm-version is vulnerable to Command injection
NPM package next-npm-version1.0.1 is vulnerable to Command injection...