6005 matches found
CVE-2024-55045
Firmament-Autopilot FMT-Firmware commit de5aec was discovered to contain a buffer overflow via the taskmavobcentry function at /comm/taskcomm.c...
CVE-2024-55045
Firmament-Autopilot FMT-Firmware commit de5aec was discovered to contain a buffer overflow via the taskmavobcentry function at /comm/taskcomm.c...
CVE-2024-55045
CVE-2024-55045 concerns Firmament-Autopilot’s FMT-Firmware. A buffer overflow is triggered by the function task_mavobc_entry in /comm/task_comm.c due to commit de5aec . This CVE entry, documented across multiple sources, identifies a potential network-accessible issue with low to moderate impact ...
CVE-2024-55045
Firmament-Autopilot FMT-Firmware commit de5aec was discovered to contain a buffer overflow via the taskmavobcentry function at /comm/taskcomm.c...
Linux Distros Unpatched Vulnerability : CVE-2026-43418
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: sched/mmcid: Prevent CID stalls due to concurrent forks A newly forked task is accounted as...
Symlink Attack
Overview github.com/hashicorp/nomad is a workload orchestrator that can deploy a mix of microservice, batch, containerized, and non-containerized applications. Affected versions of this package are vulnerable to Symlink Attack via shared task log directory. An attacker can read and write arbitrar...
@n8n/ai-workflow-builder (>=1.10.0 <=1.20.1), @n8n/backend-common (>=1.19.0 <=1.20.1) +8 more potentially affected by CVE-2026-44792 via @n8n/api-types (>=1.0.0-rc.0 <=1.20.0)
@n8n/api-types NPM version =1.0.0-rc.0, =1.10.0, =1.19.0, =1.0.0, =1.3.0, =1.0.0, =1.19.0, =1.0.0, =2.0.0, =2.19.0, =2.19.0, =2.20.2 Source cves: CVE-2026-44792 Source advisory: SNYK:JS-N8NAPITYPES-16726403...
CVE-2026-30635
Command injection vulnerability in automagik-genie 2.5.27 MCP Server allows attackers to execute arbitrary commands via the viewtask aka view in the readTranscriptFromCommit function in dist/mcp/server.js when a user reads from an external FORGEBASEURL...
KB5089900 - Description of the security update for SQL Server 2022 CU24: May 12, 2026
KB5089900 - Description of the security update for SQL Server 2022 CU24: May 12, 2026 Summary Known issues in this update Improvements and fixes included in this update How to obtain and install the update How to obtain or download the latest cumulative update package for Linux More information...
KB5090408 - Description of the security update for SQL Server 2019 GDR: May 12, 2026
KB5090408 - Description of the security update for SQL Server 2019 GDR: May 12, 2026 Summary Known issues in this update Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary...
KB5091223 - Description of the security update for SQL Server 2025 GDR: May 12, 2026
KB5091223 - Description of the security update for SQL Server 2025 GDR: May 12, 2026 Applies To SQL Server 2025 on Windows all editions, SQL Server 2025 on Linux all editions Summary Known issues in this update Improvements and fixes included in this update How to obtain and install the update Mo...
KB5090354 - Description of the security update for SQL Server 2017 CU31: May 12, 2026
KB5090354 - Description of the security update for SQL Server 2017 CU31: May 12, 2026 Summary Known issues in this update Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary This...
KB5091158 - Description of the security update for SQL Server 2022 GDR: May 12, 2026
KB5091158 - Description of the security update for SQL Server 2022 GDR: May 12, 2026 Summary Known issues in this update Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary...
EUVD-2026-29159
Command injection vulnerability in automagik-genie 2.5.27 MCP Server allows attackers to execute arbitrary commands via the viewtask aka view in the readTranscriptFromCommit function in dist/mcp/server.js when a user reads from an external FORGEBASEURL...
automagik-genie has a command injection vulnerability
Command injection vulnerability in automagik-genie 2.5.27 MCP Server allows attackers to execute arbitrary commands via the viewtask aka view in the readTranscriptFromCommit function in dist/mcp/server.js when a user reads from an external FORGEBASEURL...
CVE-2026-30635
Command injection vulnerability in automagik-genie 2.5.27 MCP Server allows attackers to execute arbitrary commands via the viewtask aka view in the readTranscriptFromCommit function in dist/mcp/server.js when a user reads from an external FORGEBASEURL...
SUSE CVE-2026-43418
In the Linux kernel, the following vulnerability has been resolved: sched/mmcid: Prevent CID stalls due to concurrent forks A newly forked task is accounted as MMCID user before the task is visible in the process' thread list and the global task list. This creates the following problem: CPU1 CPU2...
Insertion of Sensitive Information into Log File
Overview apache-airflow-providers-elasticsearch is a Provider package apache-airflow-providers-elasticsearch for Apache Airflow Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File due to the grouplogsbyhost function in estaskhandler.py. An attacker...
EUVD-2026-29040
The Elasticsearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...
EUVD-2026-29042
The OpenSearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...