CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2026/02/10 12:0 a.m.•5 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: pcs (UTSA-2026-005318)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005318 advisory. REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace...

7.5CVSS8.3AI score0.01283EPSS

Tenable Nessus•added 2026/02/10 12:0 a.m.•5 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: clickhouse (UTSA-2026-005307)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005307 advisory. An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user with the ability to load data could cause a heap buffer overflow and crash the server...

6.5CVSS5.9AI score0.00705EPSS

Tenable Nessus•added 2026/02/10 12:0 a.m.•4 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: pcs (UTSA-2026-005322)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005322 advisory. Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, Rack::RequestPOST reads the entire request body into memory for Content-Typ...

7.5CVSS5.6AI score0.00591EPSS

Tenable Nessus•added 2026/02/10 12:0 a.m.•3 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: pcs (UTSA-2026-005315)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005315 advisory. Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such...

7.5CVSS5.6AI score0.01612EPSS

Exploits1References4

Tenable Nessus•added 2026/02/10 12:0 a.m.•2 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: pcs (UTSA-2026-005316)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005316 advisory. Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser buffers the entire multipart preamble bytes befo...

7.5CVSS5.6AI score0.00848EPSS

Tenable Nessus•added 2026/02/10 12:0 a.m.•3 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: pcs (UTSA-2026-005324)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005324 advisory. Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser can accumulate unbounded data when a multipart...

7.5CVSS8.3AI score0.00848EPSS

Tenable Nessus•added 2026/02/10 12:0 a.m.•4 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: poppler (UTSA-2026-005304)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005304 advisory. Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk...

7.1CVSS5.5AI score0.00206EPSS

Exploits1References4

Tenable Nessus•added 2026/02/10 12:0 a.m.•4 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: pcs (UTSA-2026-005305)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005305 advisory. Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has...

7.5CVSS5.5AI score0.01051EPSS

NVD•added 2026/02/09 10:16 p.m.•5 views

CVE-2026-25918

unity-cli is a command line utility for the Unity Game Engine. Prior to 1.8.2 , the sign-package command in @rage-against-the-pixel/unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments including --email and --password are output via...

5.9CVSS0.00132EPSS

UbuntuCve•added 2026/02/09 10:16 p.m.•5 views

CVE-2026-25918

5.9CVSS5.9AI score0.00132EPSS

OSV•added 2026/02/09 10:16 p.m.•2 views

UBUNTU-CVE-2026-25918

5.9CVSS5.8AI score0.00132EPSS

Exploits0References5

ATTACKERKB•added 2026/02/09 9:29 p.m.•5 views

CVE-2026-25918

Exploits0References4Affected Software1

Cvelist•added 2026/02/09 9:29 p.m.•24 views

CVE-2026-25918 unity-cli Exposes Plaintext Credentials in Debug Logs (sign-package command)

5.9CVSS0.00132EPSS

OSV•added 2026/02/09 9:29 p.m.•5 views

CVE-2026-25918 unity-cli Exposes Plaintext Credentials in Debug Logs (sign-package command)

Vulnrichment•added 2026/02/09 9:29 p.m.•4 views

Exploits0References5

CVE-2026-25918 unity-cli Exposes Plaintext Credentials in Debug Logs (sign-package command)

CVE•added 2026/02/09 9:29 p.m.•11 views

CVE-2026-25918

The CVE concerns the unity-cli tool (specifically the sign-package command in the package @rage-against-the-pixel/unity-cli). Before version 1.8.2, when invoked with --verbose, the command logs sensitive credentials in plaintext by serializing CLI arguments (including --email and --password) with...

Exploits0References3Affected Software1

CNNVD•added 2026/02/09 12:0 a.m.•3 views

unity-cli 日志信息泄露漏洞

unity-cli is a command-line utility for the Unity game engine, open-sourced by RageAgainstThePixel. Versions of unity-cli prior to 1.8.2 had a vulnerability related to log information leakage. This vulnerability stemmed from the sign-package command, which recorded sensitive credentials in plain...

5.9CVSS5.8AI score0.00132EPSS