PT-2026-40071

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.21 Apache Tomcat versions 10.1.0-M1 through 10.1.54 Apache Tomcat versions 9.0.0.M1 through 9.0.117 Apache Tomcat versions 8.5.0 through 8.5.100 Apache Tomcat versions prior to 7.0.0 Description An...

EUVD-2026-19631

A race condition in the Apache Kafka Java producer client’s buffer pool management can cause messages to be silently delivered to incorrect topics. When a produce batch expires due to delivery.timeout.ms while a network request containing that batch is still in flight, the batch’s ByteBuffer is...

CVE-2026-3189

Feiyuchuixue sz-boot-parent up to 1.3.2-beta contains a server-side request forgery (SSRF) via the url parameter in the /api/admin/common/files/download endpoint. The issue can be exploited remotely and stems from inadequate validation; upgrade to 1.3.3-beta. The patch aefaabfd7527188bfba3c8c9eee...

CVE-2025-66169 Apache Camel Neo4j: Cypher injection vulnerability in Camel-Neo4j component

Cypher Injection vulnerability in Apache Camel camel-neo4j component. This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0 Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0...

CVE-2025-61672

Synapse is an open source Matrix homeserver implementation. Lack of validation for device keys in Synapse before 1.138.3 and in Synapse 1.139.0 allow an attacker registered on the victim homeserver to degrade federation functionality, unpredictably breaking outbound federation to other homeserver...

PT-2025-39691

Name of the Vulnerable Software and Affected Versions Tencent WeKnora version 0.1.0 Description A security flaw exists in Tencent WeKnora version 0.1.0. The testEmbeddingModel function within the /api/v1/initialization/embedding/test file is susceptible to server-side request forgery. Manipulatio...

CVE-2022-31027 Authorization Bypass Through User-Controlled Key when using CILogonOAuthenticator in oauthenticator

OAuthenticator is an OAuth token library for the JupyerHub login handler. CILogonOAuthenticator is provided by the OAuthenticator package, and lets users log in to a JupyterHub via CILogon. This is primarily used to restrict a JupyterHub only to users of a given institute. The allowedidps...

GHSA-9MQP-7V2H-2382 Denial of Service in Tensorflow

Impact The SparseFillEmptyRowsGrad implementation has incomplete validation of the shapes of its arguments: https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/core/kernels/sparsefillemptyrowsop.ccL235-L241 Although reverseindexmapt and gradvaluest ar...

PT-2013-1298 · Juniper Networks · Junos

Name of the Vulnerable Software and Affected Versions: Junos versions prior to 10.4R13 Junos versions 11.4 before 11.4R7 Junos versions 12.1 before 12.1R5 Junos versions 12.2 before 12.2R3 Junos versions 12.3 before 12.3R1 Description: The issue allows remote authenticated users to execute...