CVE-2026-43271

In the Linux kernel, the following vulnerability has been resolved: md-cluster: fix NULL pointer dereference in processmetadataupdate The function processmetadataupdate blindly dereferences the 'thread' pointer acquired via rcudereferenceprotected within the waitevent macro. While the code commen...

Nginx-UI is Vulnerable to Unauthenticated Remote Code Execution via Backup Restore

nginx-ui exposes a backup restore endpoint POST /api/restore that is completely unauthenticated during the first 10 minutes after process startup on any fresh installation. An unauthenticated remote attacker can upload a crafted backup archive that overwrites the application's configuration file...

PT-2026-37611

In the Linux kernel, the following vulnerability has been resolved: md-cluster: fix NULL pointer dereference in process metadata update The function process metadata update blindly dereferences the 'thread' pointer acquired via rcu dereference protected within the wait event macro. While the code...

Arbitrary Code Injection

Overview github.com/0xJacky/Nginx-UI/api/system is a yet another Nginx Web UI Affected versions of this package are vulnerable to Arbitrary Code Injection via the restore process. An attacker can execute arbitrary OS commands by uploading a crafted backup archive that overwrites the application's...

CVE-2026-42238

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, nginx-ui exposes a backup restore endpoint POST /api/restore that is completely unauthenticated during the first 10 minutes after process startup on any fresh installation. An unauthenticated remote attacker can...

CVE-2026-42238 Unauthenticated Remote Code Execution via Backup Restore in nginx-ui

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, nginx-ui exposes a backup restore endpoint POST /api/restore that is completely unauthenticated during the first 10 minutes after process startup on any fresh installation. An unauthenticated remote attacker can...

Nginx UI 代码注入漏洞

Nginx UI is a web interface for Nginx developed by Jacky. Versions of Nginx UI prior to 2.3.8 had a code injection vulnerability. This vulnerability stemmed from the backup restoration endpoint POST /api/restore, which operates without authentication within the first 10 minutes after the process...

CVE-2026-34218 ClearanceKit: Managed and user-defined policy rules not enforced between opfilter start and first policy modification

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to version 4.2.14, two related startup defects created a window during which only the single compile-time baseline rule was enforced by opfilter. All managed MDM-delivered and user-defined...

CVE-2026-34218

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to version 4.2.14, two related startup defects created a window during which only the single compile-time baseline rule was enforced by opfilter. All managed MDM-delivered and user-defined...

CVE-2026-34218

ClearanceKit on macOS had a startup window where only the compile-time baseline policy was enforced by opfilter, delaying application of all managed and user-defined file-access rules until the GUI mutated policies via XPC. This allowed per-process access policies to be temporarily unenforced dur...

CVE-2026-34218 ClearanceKit: Managed and user-defined policy rules not enforced between opfilter start and first policy modification

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to version 4.2.14, two related startup defects created a window during which only the single compile-time baseline rule was enforced by opfilter. All managed MDM-delivered and user-defined...

CVE-2024-3913

An unauthenticated remote attacker can use this vulnerability to change the device configuration due to a file writeable for short time after system startup...

PT-2023-21235 · Cilium · Cilium

Name of the Vulnerable Software and Affected Versions: Cilium version 1.13.0 Description: Cilium is a networking, observability, and security solution with an eBPF-based dataplane. When Cilium is started, there is a short period when Cilium eBPF programs are not attached to the host. During this...

Cilium 安全漏洞

Cilium is an open source software. It is used to provide and transparently secure network connectivity and load balancing between application workloads such as application containers or processes. A security vulnerability exists in Cilium version 1.13.0 that stems from a short period of time when...

CVE-2022-42951

An issue was discovered in Couchbase Server 6.5.x and 6.6.x before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2. During the start-up of a Couchbase Server node, there is a small window of time before the cluster management authentication has started where an attacker can connect to the cluster...

Couchbase Server 竞争条件问题漏洞

Couchbase Server is a distributed open source NoSQL non-relational database from Couchbase Inc. in the U.S. It mainly supports data querying, full-text search and active global replication. A security vulnerability in Couchbase Server versions 6.5.x prior to 6.6.6 and 6.6.x, 7.x prior to 7.0.5, a...

GHSA-99HJ-PPG3-2XWC Cross-Site Request Forgery in Jenkins

A race condition during Jenkins 2.94 and earlier; 2.89.1 and earlier startup could result in the wrong order of execution of commands during initialization. There is a very short window of time after startup during which Jenkins may no longer show the 'Please wait while Jenkins is getting ready t...