276114 matches found
parse-ini is vulnerable to Prototype Pollution in index.js()
npm package parse-ini v1.0.6 is vulnerable to Prototype Pollution in index.js...
Security Bulletin: Vulnerabilities have been identified in IBM® SDK, Java™ Technology Edition shipped with IBM Buinses Automation Workflow due to the April 2026 Java CPU
Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about security vulnerabilities in IBM® SDK, Java™ Technology Edition affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability...
CVE-2026-41689
Wallos is an open-source, self-hostable personal subscription tracker. In versions 4.8.4 and prior, the webhook notification feature reuses an administrator-configured local-target allowlist for every logged-in user. Any normal user can fully control a webhook URL, headers, and body, then use...
CVE-2026-6002
CVE-2026-6002 describes an HTML/Script injection (XSS) vulnerability in DivvyDrive Information Technologies’ DivvyDrive. The issue affects DivvyDrive versions 4.8.2.9 up to, but not including, 4.8.3.2. The CVSS 3.1 base metrics indicate HIGH impact on confidentiality, integrity, and availability ...
CVE-2026-8092
Memory safety bugs present in Thunderbird ESR 140.10.1 and Thunderbird 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.2, Firefox ES...
DEBIAN-CVE-2026-42285
GoBGP is an open source Border Gateway Protocol BGP implementation in the Go Programming Language. In version 4.4.0, an unauthenticated remote BGP peer can trigger a fatal panic in GoBGP by sending a specially crafted BGP UPDATE message. When the server receives a message with inconsistent...
Why Outdated Maintenance Software Is a Growing Ransomware Risk
Outdated maintenance software increases ransomware risk by exposing weak access controls, unpatched systems, and critical operational data to attackers...
RHSA-2026:13978 Red Hat Security Advisory: libsoup security update
Bulletin has no description...
BIT-KEYDB-2026-25588 RedisTimeSeries RESTORE invalid memory access may allow remote code execution
RedisTimeSeries is a time-series module for Redis. In all versions before 1.12.14 of RedisTimeSeries, the module does not properly validate serialized values processed through the Redis RESTORE command. An authenticated attacker with permission to execute RESTORE on a server with the...
BELL-CVE-2026-6502
Bulletin has no description...
BELL-CVE-2026-43280 CVE-2026-43280 does not affect BellSoft software
Bulletin has no description...
BELL-CVE-2026-43192 CVE-2026-43192 does not affect BellSoft software
Bulletin has no description...
BELL-CVE-2026-43208 CVE-2026-43208 does not affect BellSoft software
Bulletin has no description...
BELL-CVE-2026-43144 CVE-2026-43144 does not affect BellSoft software
Bulletin has no description...
BELL-CVE-2026-43164 CVE-2026-43164 does not affect BellSoft software
Bulletin has no description...
BELL-CVE-2026-43100 CVE-2026-43100 does not affect BellSoft software
Bulletin has no description...
BELL-CVE-2026-43106 CVE-2026-43106 does not affect BellSoft software
Bulletin has no description...
BELL-CVE-2026-43095 CVE-2026-43095 does not affect BellSoft software
Bulletin has no description...
BELL-CVE-2026-43087 CVE-2026-43087 does not affect BellSoft software
Bulletin has no description...
BELL-CVE-2025-71271 CVE-2025-71271 does not affect BellSoft software
Bulletin has no description...