CVE-2026-10771

CVE-2026-10771 affects crmeb_crmeb_java 1.4. The vulnerability targets the function RestTemplate.getForEntity in the file crmeb-common/src/main/java/com/zbkj/common/utils/RestTemplateUtil.java of the component base64 Qrcode Endpoint . Manipulating the argument url results in a server-side request...

ROOT-OS-UBUNTU-2204-CVE-2026-27456 CVE-2026-27456 in rootio-util-linux - Patched by Root

Root has patched CVE-2026-27456 in the rootio-util-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

Malicious Package

Overview buffer-util-extend is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

symfony/ux-autocomplete Information exposure via unescaped LIKE wildcards in EntitySearchUtil

More info at https://github.com/symfony/ux/security/advisories/GHSA-946h-jp5c-8fvh...

CVE-2026-38808

SQL Injection vulnerability in uzy-ssm-mall v1.1.0 allows a remote attacker to obtain sensitive information via the ProductMapper.xml and /OrderUtil.java components...

CVE-2026-9828 Logback deserialization whitelist bypass for java.lang and java.util

Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core HardenedObjectInputStream logback-core modules allows Object Injection albeit heavily restricted. More precisely, an attacker able to influence serialized data sent to SimpleSocketServer or SimpleSSLSocketServer c...

EUVD-2026-32895

Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core HardenedObjectInputStream logback-core modules allows Object Injection albeit heavily restricted. More precisely, an attacker able to influence serialized data sent to SimpleSocketServer or SimpleSSLSocketServer c...

CVE-2026-9828

Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core HardenedObjectInputStream logback-core modules allows Object Injection albeit heavily restricted. More precisely, an attacker able to influence serialized data sent to SimpleSocketServer or SimpleSSLSocketServer c...

ROOT-OS-DEBIAN-13-CVE-2026-3184 CVE-2026-3184 in rootio-util-linux - Patched by Root

Root has patched CVE-2026-3184 in the rootio-util-linux package for Root:Debian:13. Multiple fixed versions available...

ROOT-OS-DEBIAN-13-CVE-2025-14104 CVE-2025-14104 in rootio-util-linux - Patched by Root

Root has patched CVE-2025-14104 in the rootio-util-linux package for Root:Debian:13. Multiple fixed versions available...

ROOT-OS-DEBIAN-13-CVE-2026-27456 CVE-2026-27456 in rootio-util-linux - Patched by Root

Root has patched CVE-2026-27456 in the rootio-util-linux package for Root:Debian:13. Multiple fixed versions available...

ROOT-OS-DEBIAN-12-CVE-2025-14104 CVE-2025-14104 in rootio-util-linux - Patched by Root

Root has patched CVE-2025-14104 in the rootio-util-linux package for Root:Debian:12. Multiple fixed versions available...

ROOT-OS-DEBIAN-12-CVE-2022-0563 CVE-2022-0563 in rootio-util-linux - Patched by Root

Root has patched CVE-2022-0563 in the rootio-util-linux package for Root:Debian:12. Multiple fixed versions available...

ROOT-OS-DEBIAN-12-CVE-2026-27456 CVE-2026-27456 in rootio-util-linux - Patched by Root

Root has patched CVE-2026-27456 in the rootio-util-linux package for Root:Debian:12. Multiple fixed versions available...

ROOT-OS-DEBIAN-12-CVE-2026-3184 CVE-2026-3184 in rootio-util-linux - Patched by Root

Root has patched CVE-2026-3184 in the rootio-util-linux package for Root:Debian:12. Multiple fixed versions available...

CVE-2026-38808

CVE-2026-38808 is a SQL Injection vulnerability affecting uzy-ssm-mall v1.1.0. The issue is reachable via the ProductMapper.xml and OrderUtil.java components, enabling a remote attacker to obtain sensitive information. The CVSS 3.1 vector indicates network access, low attack complexity, no privil...

uzy-ssm-mall 安全漏洞

uzy-ssm-mall Yuzu Cloud E-commerce Mall is an SSM framework developed by the developer ghostxbh. It is used to create e-commerce stores, bookstore stores, and customer management systems. Version 1.1.0 of uzy-ssm-mall contains security vulnerabilities. These vulnerabilities stem from SQL injectio...

Malicious code in datapipe-util (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 74a9da1afe75ec2379c4bade6ac5145c920900e1a1e1173d59b9003061e3fb0f The package intentionally uses the malicious binproto package deploying the malware. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow in the PathSwitchRequest process. An attacker can cause memory corruption by sending specially crafted requests remotely to the affected component. Remediation Upgrade github.com/omec-project/amf/util to version 2.2.0 or...

SUSE-SU-2026:21727-1 Security update for util-linux

This update for util-linux fixes the following issue - CVE-2026-27456: TOCTOU in the mount program when setting up loop devices bsc1261606...