1078 matches found
CVE-2026-41879 Weak password hashing in R-SOFT DMS
R-SOFT DMS stores superadmin credentials using a non-salted nested MD5 hash. This allows an attacker who obtain password hash to decode superadmin credentials. Critically, this password cannot be changed except by modifying the configuration file. This issue was fixed in version v3.17-2000...
Malicious code in rs-biginteger (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 796cb1ee4c8398963dcc192d2fc9b425866f40f7a99b467cba1d160234508617 Package presents itself as a big-integer arithmetic library and ships the verbatim big.js v7.0.1 source plus its README. Injected between the P.minus...
MAL-2026-6675 Malicious code in rs-biginteger (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 796cb1ee4c8398963dcc192d2fc9b425866f40f7a99b467cba1d160234508617 Package presents itself as a big-integer arithmetic library and ships the verbatim big.js v7.0.1 source plus its README. Injected between the P.minus...
PT-2026-51658
Name of the Vulnerable Software and Affected Versions GeoVision GV-I/O Box 4E affected versions not specified Description The DVRSearch service, which runs by default on UDP port 10001, processes unauthenticated discovery and configuration messages. A stack-based buffer overflow occurs because th...
GO-2026-5042 Kata guest escape: runtime-rs guest-root to host-root escape via virtiofs in github.com/kata-containers/kata-containers
Kata guest escape: runtime-rs guest-root to host-root escape via virtiofs in github.com/kata-containers/kata-containers...
CVE-2026-34021
The Wertheim SafeController 5400, Controller 5400 - AssemblyVersion 6.11.8130.22320, uses RS-485 communication between the server and the microcontroller without cryptographic protection. An attacker with access to the communication path between the server and the microcontroller can sniff RS-485...
CVE-2026-34069
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. In versions 1.2.2 and below, an unauthenticated p2p peer can cause the RequestMacroChain message handler task to panic. Sending a RequestMacroChain message where the...
CVE-2025-15653
Dräger Zeus Infinity Empowered Zeus IE and Zeus RS C500 anesthesia workstations contain a local security vulnerability that allows unauthorized individuals with physical access to compromise software integrity via USB interface manipulation. Attackers can exploit the unprotected USB interfaces to...
CVE-2025-15653
The affected products are Dräger Zeus Infinity Empowered (Zeus IE) and Zeus RS C500 anesthesia workstations. The vulnerability is a local privilege escalation via unprotected USB interfaces that attackers with physical access can exploit to compromise software integrity. Reported impact includes ...
PT-2026-45864
Name of the Vulnerable Software and Affected Versions Dräger Zeus Infinity Empowered Zeus IE affected versions not specified Dräger Zeus RS C500 affected versions not specified Description A local security issue exists in anesthesia workstations that allows unauthorized individuals with physical...
PT-2026-42534
Name of the Vulnerable Software and Affected Versions Kata Containers runtime-rs versions prior to 3.31.0 Description A symlink escape exists when virtiofsd is run as root with the flags --sandbox none and --seccomp none. A raw FUSE SYMLINK request allows a guest root user to create symlinks owne...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: ath9khtc: fixed potential out-of-bounds access due to an invalid rxstatus-rskeyix parameter. The rxstatus-rskeyix parameter is eventually passed to testbit, so we need to ensure that it is within the allowed range of the bitmap...
hickory-proto: NSEC3 closest-encloser proof validation enters unbounded loop on cross-zone responses
The NSEC3 closest-encloser proof validation in hickory-proto's 0.25.0-alpha.3 ... 0.25.2 and hickory-net's 0.26.0-alpha.1 .. 0.26.0 DnssecDnsHandle walks from the QNAME up to the SOA owner name, building a list of candidate encloser names. The iterator used assumes the QNAME is a descendant of th...
annatar (>=0.4.3 <=0.5.8), ansi2png-rs (>=0.1.0 <=0.1.1) +62 more potentially affected by unknown CVE via imageproc (>=0.10.0 <=0.22.0)
imageproc CARGO version =0.10.0, =0.4.3, =0.1.0, =0.2.0, =0.1.5, =0.1.0, =0.1.0, =1.0.0, =0.3.0, =0.1.0, =0.1.0, =1.0.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0117...
CVE-2026-27843
A vulnerability exists in SenseLive X3050's web management interface that allows critical configuration parameters to be modified without sufficient authentication or server-side validation. By applying unsupported or disruptive values to recovery mechanisms and network settings, an attacker can...
CVE-2026-27843
A vulnerability exists in SenseLive X3050's web management interface that allows critical configuration parameters to be modified without sufficient authentication or server-side validation. By applying unsupported or disruptive values to recovery mechanisms and network settings, an attacker can...
RS Studio Lagom WHMCS Template 安全漏洞
RS Studio Lagom WHMCS Template is a website template and front-end theme developed by the Polish company RS Studio. Versions of the RS Studio Lagom WHMCS Template prior to version 2.4.2 contained security vulnerabilities, which were caused by incorrect handling of the Datatables component. These...
GHSA-XGP8-3HG3-C2MH vulnerabilities
Vulnerabilities for packages: linkerd2-proxy, wasmcloud, py3-xet-core, zizmor, wasm-pack, linkerd2, sccache, cargo-audit, pixi, samply, tealdeer, zellij, atuin, uv, zola, qdrant, xh, rustup, wasmtime, linkerd-network-validator, ntpd-rs, buck2, berg, sqlx, parseable, ztunnel, deno, rye,...
GHSA-XGP8-3HG3-C2MH vulnerabilities
Vulnerabilities for packages: mise, qdrant, ntpd-rs, wasm-pack, rustup, samply, kdash, lakekeeper, shadowsocks-rust, garage, rye, fnm, berg, zizmor, linkerd-network-validator, komodo, ztunnel, asciinema, tealdeer, py3-xet-core, buck2, zellij, lychee, cargo-audit, atuin, linkerd-extension-init,...
GHSA-965H-392X-2MH5 vulnerabilities
Vulnerabilities for packages: mise, qdrant, ntpd-rs, wasm-pack, rustup, samply, kdash, lakekeeper, shadowsocks-rust, garage, rye, fnm, berg, zizmor, linkerd-network-validator, komodo, ztunnel, asciinema, tealdeer, py3-xet-core, buck2, zellij, lychee, cargo-audit, atuin, linkerd-extension-init,...