GHSA-5XRQ-8626-4RWP When Vitest UI server is listening, arbitrary file can be read and executed

Summary Arbitrary file can be read on Windows when Vitest UI server is listening, especially when exposed to the network. Impact Only users that match either of the following conditions are affected: - explicitly exposes the Vitest UI server to the network using --api.host or api.host config opti...

CLEANSTART-2026-FO93349 Security fixes for CVE-2025-61732, CVE-2025-68121, CVE-2026-33186, CVE-2026-40890, ghsa-77fj-vx54-gvh7, ghsa-p77j-4mvh-x3m3 applied in versions: 2.44.0-r0, 2.48.2-r0

Multiple security vulnerabilities affect the temporal-ui-server-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2026-40890 vulnerabilities

Vulnerabilities for packages: temporal, fq, kube-metrics-adapter, temporal-ui-server, snyk-cli...

GHSA-77FJ-VX54-GVH7 vulnerabilities

Vulnerabilities for packages: temporal, fq, kube-metrics-adapter, temporal-ui-server, snyk-cli...

GHSA-77FJ-VX54-GVH7 vulnerabilities

Vulnerabilities for packages: temporal-ui-server-fips, gotenberg, temporal, fq, kube-metrics-adapter-fips, snyk-cli, temporal-ui-server, kube-metrics-adapter, temporal-fips...

CVE-2026-40890 vulnerabilities

Vulnerabilities for packages: temporal-ui-server-fips, gotenberg, temporal, fq, kube-metrics-adapter-fips, snyk-cli, temporal-ui-server, kube-metrics-adapter, temporal-fips...

GHSA-5W89-2C2X-6X66 vulnerabilities

Vulnerabilities for packages: kubevirt-cdi-apiserver, rabbitmq-messaging-topology-operator-fips, cilium-certgen, kubebuilder, libnvidia-container-fips, nri-memcached, contour-fips, vendir, terraform-provider-sendgrid-fips, dataplaneapi-fips, terraform-provider-kubernetes, flagger-fips,...

CVE-2026-32283 vulnerabilities

Vulnerabilities for packages: kubevirt-cdi-apiserver, mc-fips, cilium-certgen, db-operator, rabbitmq-messaging-topology-operator-fips, timoni, kubebuilder, runc, tekton-pipelines-fips, sonobuoy-fips, longhorn-share-manager, traefik, prometheus-elasticsearch-exporter-fips, logstash-exporter-fips,...

The vulnerability of the GetConfPath() function in the Nginx UI server’s user interface allows a hacker to write arbitrary files.

The vulnerability of the GetConfPath function in the Nginx UI server’s user interface is related to the improper handling of JSON fields, resulting in incorrect values being retrieved without proper validation. This issue arises due to a faulty restriction on the path to the restricted directory...

ui-server 安全漏洞

ui-server is an open source library from temporal.io. A security vulnerability exists in ui-server versions prior to 2.25.0, which stems from a cross-site scripting XSS vulnerability in the timeline page...

The vulnerability of the app.ini configuration file of the Nginx UI server allows a hacker to execute arbitrary code.

The vulnerability of the app.ini configuration file of the Nginx UI server involves a lack of measures to eliminate special elements during the processing of parameters testconfigcmd and startcmd. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

The vulnerability of the Nginx UI server’s user interface allows attackers to cause service failures, increase their privileges, and expose sensitive information.

The vulnerability of the Nginx UI server’s user interface is related to the lack of measures taken at the management level to clean data. Exploiting this vulnerability can allow a remote attacker to cause service failures, increase their privileges, and expose sensitive information through a...

The vulnerability of the Nginx UI server’s user interface allows a hacker to execute arbitrary commands.

The vulnerability of the Nginx UI server’s user interface is related to the lack of measures taken at the management level to clean data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by modifying the startcmd parameter...

SUSE CVE-2017-14807

An Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in susestudio-ui-server of SUSE Studio onsite allows remote attackers with admin privileges in Studio to alter SQL statements, allowing for extraction and modification of data. This issue affects:...

PT-2023-10202 · Unknown · Fumon Trello-Octometric

Name of the Vulnerable Software and Affected Versions: Fumon trello-octometric affected versions not specified Description: A critical issue has been found in Fumon trello-octometric, affecting the main function of the file metrics-ui/server/srv.go. The manipulation of the num argument leads to s...

CVE-2017-14807

An Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in susestudio-ui-server of SUSE Studio onsite allows remote attackers with admin privileges in Studio to alter SQL statements, allowing for extraction and modification of data. This issue affects:...

The vulnerability of the UploadFileOnUIServerServlet component in the HPE UCMDB database configuration units allows a attacker to execute arbitrary code.

The vulnerability of the UploadFileOnUIServerServlet component in the HPE UCMDB Universal Configuration Management Database is related to deficiencies in path name validation for restricted access directories. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code i...