TencentOS Server 3: .NET 8.0 (TSSA-2026:0390)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0390 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

CVE-2026-8786

A vulnerability has been found in Tencent WeKnora up to 0.3.6. Affected by this issue is the function getKnowledgeBaseForInitialization of the file internal/handler/initialization.go of the component Config API Endpoint. The manipulation of the argument kbId leads to authorization bypass. It is...

Tencent WeKnora 授权问题漏洞

Tencent WeKnora is an enterprise-level LLM knowledge base and RAG platform developed by Tencent, a Chinese technology company. Versions of Tencent WeKnora prior to 0.3.6 contained an authorization vulnerability. This vulnerability stemmed from the function getKnowledgeBaseForInitialization in the...

TencentOS Server 3: perl:5.32 (TSSA-2026:0325)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0325 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Secret Key Exposure

Pyroscope is vulnerable to Secret Key Exposure. The vulnerability is due to improper exposure of Tencent COS storage backend configuration values through the Pyroscope API, allowing attackers with API access to retrieve the secretkey used for cloud storage authentication...

TencentOS Server 4: firefox (TSSA-2026:0292)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0292 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

TencentOS Server 4: libsoup3 (TSSA-2026:0274)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0274 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

TencentOS Server 3: go-toolset:rhel8 (TSSA-2026:0265)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0265 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

TencentOS Server 3: nginx:1.24 (TSSA-2026:0244)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0244 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

BIT-GRAFANA-PYROSCOPE-2025-41118 Sensitive COS `SecretKey` exposed in plaintext via configuration API due to missing type protection

Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Tencent Cloud Object Storage COS. If the database is configured to use Tencent COS as the storage backend, an attacker could extract the secretkey configuration value from the...

CVE-2025-41118

A flaw was found in Pyroscope. When Tencent Cloud Object Storage COS is configured as the storage backend, an attacker with access to the Pyroscope API can extract the secretkey value in plaintext. This issue leads to sensitive information disclosure. Mitigation To mitigate this vulnerability,...

BIT-APISIX-2026-31924 Apache APISIX: Plugin tencent-cloud-cls log export uses plaintext HTTP

Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX. tencent-cloud-cls log export uses plaintext HTTP This issue affects Apache APISIX: from 2.99.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue...

GHSA-M9HQ-H476-H2G8 Pyroscope Exposes Storage Secret

Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Tencent Cloud Object Storage COS. If the database is configured to use Tencent COS as the storage backend, an attacker could extract the secretkey configuration value from the...

Pyroscope Exposes Storage Secret

Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Tencent Cloud Object Storage COS. If the database is configured to use Tencent COS as the storage backend, an attacker could extract the secretkey configuration value from the...

CVE-2025-41118

Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Tencent Cloud Object Storage COS. If the database is configured to use Tencent COS as the storage backend, an attacker could extract the secretkey configuration value from the...

CVE-2025-41118

Pyroscope (open-source continuous profiling DB) is affected when configured to use Tencent COS as the storage backend. The issue allows extraction of the secret_key configuration value from the Pyroscope API due to missing type protection, potentially exposing sensitive credentials to an attacker...

CVE-2025-41118 Sensitive COS `SecretKey` exposed in plaintext via configuration API due to missing type protection

Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Tencent Cloud Object Storage COS. If the database is configured to use Tencent COS as the storage backend, an attacker could extract the secretkey configuration value from the...

CVE-2026-31924

Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX. tencent-cloud-cls log export uses plaintext HTTP This issue affects Apache APISIX: from 2.99.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue...

EUVD-2026-22227

Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX. tencent-cloud-cls log export uses plaintext HTTP This issue affects Apache APISIX: from 2.99.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue...

CVE-2026-31924 Apache APISIX: Plugin tencent-cloud-cls log export uses plaintext HTTP

Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX. tencent-cloud-cls log export uses plaintext HTTP This issue affects Apache APISIX: from 2.99.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue...