CVE-2026-38360

CVE-2026-38360 affects fohrloop dash-uploader, with directory traversal in dash_uploader/httprequesthandler.py affecting versions 0.1.0 through 0.7.0a2. The vulnerability arises from unvalidated user-supplied values used in get_temp_root (upload_id), resumableFilename, and resumableIdentifier, wh...

Heimdall 安全漏洞

Heimdall is an open-source application panel and launcher developed by LinuxServer.io. Versions of Heimdall prior to 0.17.14 contained security vulnerabilities. These vulnerabilities stemmed from the use of the original request path for rule matching. Downstream components might normalize the que...

i18next-http-middleware 路径遍历漏洞

i18next-http-middleware is an open-source HTTP internationalization middleware for Node.js and Deno by i18next. Versions of i18next-http-middleware prior to version 3.9.3 contained a path traversal vulnerability. This vulnerability stemmed from the lack of cleaning user-controlled lng and ns...

n8n-MCP 安全漏洞

n8n-MCP is a model context protocol server developed by Romuald Członkowski, an individual developer. It serves as a connection between AI assistants and automated workflow platforms. Versions of n8n-MCP from 2.18.7 to 2.50.2 contained security vulnerabilities. These vulnerabilities were caused b...

Gitroom Postiz 代码注入漏洞

Gitroom Postiz is an open-source social media scheduling tool developed by Gitroom. Previous versions of Gitroom Postiz had a code injection vulnerability. This vulnerability stemmed from a Pwn Request vulnerability present in the workflow for building and publishing PR Docker images, which could...

CVE-2024-30167

/cgi-bin/time.cgi in Atlona AT-OME-MS42 Matrix Switcher 1.1.2 allow remote authenticated users to execute arbitrary commands as root via a POST request that carries a serverName parameter...

PT-2026-39033

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the net: dsa: microchip component where the ksz ptp irq setup function fails to dispose of a newly created IRQ mapping if the request threaded irq function fails durin...

Linux Distros Unpatched Vulnerability : CVE-2026-40214

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OpenStack Cyborg before 16.0.1, the Accelerator Request ARQ API does not enforce project ownership at any layer. The projectid column in the database is neve...

PT-2026-39242

Name of the Vulnerable Software and Affected Versions Volcano versions prior to 1.14.2 Volcano versions prior to 1.13.3 Volcano versions prior to 1.12.4 Description The Volcano webhook server fails to enforce a size limit on incoming HTTP request bodies. This allows any in-cluster pod capable of...

PT-2026-39216

Name of the Vulnerable Software and Affected Versions Postiz versions 2.21.6 through 2.21.6 Description Authenticated users with post creation privileges can store arbitrary HTML within post content by tampering with their save request. This content is then rendered on the main application origin...

PT-2026-39257

Name of the Vulnerable Software and Affected Versions free5GC versions prior to 4.2.2 Description The Network Exposure Function NEF mounts the 'nnef-oam' route group without requiring inbound OAuth2 or bearer-token authorization. A network attacker with access to the NEF on the Service Based...

Flarum 路径遍历漏洞

Flarum is an open-source forum software developed by Flarum for building communities. Versions of Flarum prior to 1.8.16 and 2.0.0-rc.1 contained a path traversal vulnerability. This vulnerability stemmed from the lack of restrictions on the values of LESS configuration variables, which could lea...

FastGPT 代码问题漏洞

FastGPT is an open-source knowledge base question-answering system based on large language models developed by Labring. Versions of FastGPT prior to 4.14.17 contained code vulnerabilities. These vulnerabilities stemmed from the fetchData function in the lafModule workflow node, which used axios t...

Heimdall 安全漏洞

Heimdall is an open-source identity recognition proxy and access control decision-making service developed by dadrus for cloud-native applications. Versions of Heimdall prior to 0.17.14 contained security vulnerabilities. These vulnerabilities stemmed from the use of hostname matching in a...

PT-2026-39150

Name of the Vulnerable Software and Affected Versions fohrloop dash-uploader versions 0.1.0 through 0.7.0a2 Description A directory traversal issue allows a remote attacker to execute arbitrary code. This is possible through the dash uploader/httprequesthandler.py component, specifically within t...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the usb image mdc800 driver failing to terminate downloadurb when it is in a hyper-threaded state...

PT-2026-39302

Name of the Vulnerable Software and Affected Versions view component versions 3.0.0 through 4.8.x Description The preview route derives an example name from the URL and invokes it using public send without verifying if the requested method is an explicitly defined preview example. This allows...

Node.js Module axios < 1.15.1 Multiple Vulnerabilities

The version of the axios Node.js module installed on the remote host is prior to 1.15.1. It is, therefore, affected by multiple vulnerabilities: - Prototype pollution gadgets in axios allow response tampering, data exfiltration, and request hijacking. CVE-2026-42033 - Axios' HTTP adapter-streamed...

Linux Distros Unpatched Vulnerability : CVE-2026-43425

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: image: mdc800: kill download URB on timeout mdc800deviceread submits downloadurb and waits for completion. If the timeout fires and the device has not...

Fedora 43 : perl-Starman (2026-b94aad33a5)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-b94aad33a5 advisory. Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes Content-Length over...