Linux Distros Unpatched Vulnerability : CVE-2026-42784

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - rust-sequoia-openpgp - None Ubuntu Linux - openpgp: Don't imply missing key flags from key type CVE-2026-42784 Note that Nessus relies on the...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the getHostByName function in the v2 template engine. An attacker can cause sensitive data to be disclosed by crafting or updating templated resources that trigger DNS queries containing secret-derived values fr...

PT-2026-30816

Name of the Vulnerable Software and Affected Versions Checkmk versions 2.2.0 EOL, 2.3.0 through 2.3.0p45, 2.4.0 through 2.4.0p24, and 2.5.0 beta through 2.5.0b2 Description Insufficient sanitization of dashboard dashlet title links allows an attacker with dashboard creation privileges to perform...

Unauthorized npm publish of [email protected] with modified postinstall script

Description On February 17, 2026 at 3:26 AM PT, an unauthorized party used a compromised npm publish token to publish an update to Cline CLI on the NPM registry: [email protected]. The published package contains a modified package.json with an added postinstall script: "postinstall": "npm install -g...

CVE-2025-64097 NervesHub has Insufficient Token Entropy that Allows Authentication Bypass via Brute Force

NervesHub is a web service that allows users to manage over-the-air OTA firmware updates of devices in the field. A vulnerability present starting in version 1.0.0 and prior to version 2.3.0 allowed attackers to brute-force user API tokens due to the predictable format of previously issued tokens...

CVE-2023-23729

Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0...

WordPress plugin Tracking Code Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

CVE-2025-1756 MongoDB Shell may be susceptible to local privilege escalation in Windows

mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\nodemodules. This issue affects mongosh prior to 2.3.0...

djoser 安全漏洞

djoser is a REST implementation of the Django authentication system open-sourced by Sunscrapers. A security vulnerability exists in djoser versions prior to 2.3.0, which stems from the system directly querying the database to grant access to users with valid credentials, making it susceptible to ...

HoDoKu 安全漏洞

HoDoKu is HoDoKu open source a Sudoku generator/solver/analyzer written in Java. A security vulnerability exists in HoDoKu versions v2.3.0 through v2.3.2, which stems from the presence of insecure deserialization that allows an attacker to execute arbitrary code...

SFTPGo 加密问题漏洞

SFTPGo is a full-featured and highly configurable SFTP server from the individual developer Nicola Murino in Italy. An encryption issue vulnerability exists in SFTPGo versions 2.3.0 through prior to 2.6.4, which stems from a vulnerability that allows an authenticated user to brute-force break a...

WordPress plugin Tutor LMS cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A cross-site scripting vulnerability exists...

EIPStackGroup OpENer 缓冲区错误漏洞

EIPStackGroup OpENer is a software from the EIPStackGroup organization for providing EtherNet/IP stacking functionality to IO adapter devices . A buffer error vulnerability exists in EIPStackGroup OpENer version v2.3.0, which stems from the discovery of a stack overflow contained via...

deep-floorplan (=0.0.0) potentially affected by CVE-2020-15210 via tensorflow-gpu (=2.3.0)

tensorflow-gpu PYPI version =2.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - deep-floorplan =0.0.0 Source cves: CVE-2020-15210 Source advisory: OSV:PYSEC-2020-325...

Zephyr Code Execution Vulnerability (CNVD-2020-35962)

Zephyr is an open source, small, scalable real-time operating system from the Linux Foundation. A security vulnerability exists in the MQTT packet length decoder in Zephyr 2.2.0 and later versions fixed in version 2.3.0. An attacker could exploit this vulnerability to cause memory corruption and...

CVE-2019-4130

IBM Cloud Pak System 2.3 and 2.3.0.1 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 158280...

RANGER Studio Directus Information Disclosure Vulnerability

RANGER Studio Directus is a set of open source headless CMS and API for managing custom databases from RANGER Studio, U.S.A. The Directus API is one of the components that can add a RESTful API layer to new or existing SQL databases. An information disclosure vulnerability exists in RANGER Studio...