CVE-2026-9387

CVE-2026-9387 affects Totolink A8000RU Web Management, specifically the /cgi-bin/cstecgi.cgi function setUpgradeFW. The vulnerability arises from manipulation of the resetFlags argument, leading to OS command injection. Impact is described as remote, with high confidentiality, integrity, and avai...

Axios supply chain attack - dependency in @lightdash/cli may resolve to compromised axios versions

Impact A supply chain attack on the axios npm package versions 1.14.1 and 0.30.4 introduced a malicious transitive dependency [email protected] that deploys a cross-platform remote access trojan RAT on macOS, Windows, and Linux. The attacker compromised the primary axios maintainer's npm...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Actions V2 webhook. An attacker can access internal network resources and gather information about internal services by specifying target URLs that resolve to local hosts or internal IP addresses...

Exploit for CVE-2025-1242

ICSA-26-055-03 — Gardyn Home Kit IoT Vulnerabilities CISA ICS...

Command Injection

Overview rxiv-maker is a Write scientific preprints in Markdown. Generate publication-ready PDFs efficiently. Affected versions of this package are vulnerable to Command Injection due to improper handling of shell commands. The upgrade command uses shell=True, which allows shell injection...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.16.4 bug fix and security update

Red Hat OpenShift Container Platform release 4.16.4 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a...

[slackware-security] qt (SSA:2015-111-13)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security qt SSA:2015-111-13 New qt packages are available for Slackware 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+...

Debian: Security Advisory (DSA-3143-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2014-5247

The UpgradeBeforeConfigurationChange function in lib/client/gntcluster.py in Ganeti 2.10.0 before 2.10.7 and 2.11.0 before 2.11.5 uses world-readable permissions for the configuration backup file, which allows local users to obtain SSL keys, remote API credentials, and other sensitive information...

CVE-2014-5247

The UpgradeBeforeConfigurationChange function in lib/client/gntcluster.py in Ganeti 2.10.0 before 2.10.7 and 2.11.0 before 2.11.5 uses world-readable permissions for the configuration backup file, which allows local users to obtain SSL keys, remote API credentials, and other sensitive information...

CVE-2014-5247

The UpgradeBeforeConfigurationChange function in lib/client/gntcluster.py in Ganeti 2.10.0 before 2.10.7 and 2.11.0 before 2.11.5 uses world-readable permissions for the configuration backup file, which allows local users to obtain SSL keys, remote API credentials, and other sensitive information...

UBUNTU-CVE-2014-5247

The UpgradeBeforeConfigurationChange function in lib/client/gntcluster.py in Ganeti 2.10.0 before 2.10.7 and 2.11.0 before 2.11.5 uses world-readable permissions for the configuration backup file, which allows local users to obtain SSL keys, remote API credentials, and other sensitive information...

MGASA-2014-0108 Updated mariadb packages provide the latest release in the 5.5 series

Updated mariadb packages fix security vulnerabilities: MariaDB has been updated to the latest release in the 5.5 series, 5.5.36, which fixes several security vulnerabilities and other bugs. See the Release Notes for more details. Note: if upgrading the main mariadb package, you should run the...