162637 matches found
RockyLinux 10 : postgresql16 (RLSA-2026:19010)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19010 advisory. postgresql: PostgreSQL oidvector discloses a few bytes of memory CVE-2026-2003 postgresql: PostgreSQL missing validation of multibyte character length...
PT-2026-46127
Name of the Vulnerable Software and Affected Versions Docling versions prior to 2.94.0 Description The HTML backend fails to perform sufficient validation during resource handling. This allows local file system access via file:// URIs when enable local fetch is set to True, and enables path...
MBS多款产品 安全漏洞
MBS Single-A and other products are a series of industrial communication gateways developed by the German company MBS. Several MBS products have security vulnerabilities. These vulnerabilities stem from insufficient validation of user-controlled inputs using the ugw-logstop method, which could...
AlmaLinux 10 : flatpak (ALSA-2026:21757)
The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:21757 advisory. flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options CVE-2026-34078 flatpak: Flatpak: Arbitrary file deletion on ho...
MiracleLinux 8 : flatpak-1.12.9-4.el8_10 (AXSA:2026-753:02)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-753:02 advisory. flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options CVE-2026-34078 flatpak: Flatpak: Arbitrary file deletion on...
PT-2026-45961
A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin validation when the allow origin pat configuration is used. The issue arises from the use of re.match for validating the Origin header, which only anchors at the start of the string. This...
Cisco Webex Meetings 跨站脚本漏洞
Cisco Webex Meetings is a video conferencing solution provided by the American company Cisco. Cisco Webex Meetings has a cross-site scripting vulnerability, which stems from insufficient user input validation. This vulnerability could allow unauthenticated remote attackers to carry out cross-site...
PT-2026-45988
Name of the Vulnerable Software and Affected Versions Cisco Webex Meetings affected versions not specified Description Insufficient validation of user input in the web-based user interface allows an unauthenticated remote attacker to conduct a cross-site scripting XSS attack. An attacker could...
CVE-2026-37460
CVE-2026-37460 affects FRRouting (FRR) stable/10.0–10.6. The issue is in the rfapiRibBi2Ri() function (rfapi_rib.c) where missing input validation can be triggered by a crafted BGP UPDATE message, leading to Denial of Service. Connected sources consistently describe the same flaw and affected ran...
CVE-2026-9732 EmergencyWP <= 1.4.2 - Cross-Site Request Forgery to Plugin Settings Update
The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the formsettingsui settings save handler, procedural include scope functio...
CVE-2026-9732 EmergencyWP <= 1.4.2 - Cross-Site Request Forgery to Plugin Settings Update
The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the formsettingsui settings save handler, procedural include scope functio...
CVE-2026-32625
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, the Model Context Protocol MCP server integration resolves $VAR placeholders against the server's process.env during Zod schema validation of user-supplied MCP server URLs. Any...
CVE-2026-2614
A flaw was found in mlflow. An unauthenticated remote attacker can exploit a vulnerability in the createmodelversion handler by including a specific tag, mlflow.prompt.isprompt, in a CreateModelVersion request. This bypasses source path validation, allowing the attacker to specify an arbitrary...
EUVD-2026-34046
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, the Model Context Protocol MCP server integration resolves $VAR placeholders against the server's process.env during Zod schema validation of user-supplied MCP server URLs. Any...
CVE-2026-32625
LibreChat vulnerability CVE-2026-32625 affects versions up to 0.8.3 where MCP server URL validation expands ${VAR} against process.env during Zod schema checks. An authenticated user can configure a malicious MCP URL to exfiltrate secrets (CREDS_KEY, CREDS_IV, JWT_SECRET, MONGO_URI) to an attacke...
CVE-2026-9096
Casdoor versions 2.362.0 and earlier do not enforce SAML assertion time bounds. The gosaml2 library reports all time-validation results, including NotOnOrAfter and NotBefore, in the assertionInfo.WarningInfo field. However, ParseSamlResponse never reads this field, meaning that time bounds are...
CVE-2026-27145 Inefficient candidate hostname parsing in crypto/x509
x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, "." to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number...
EUVD-2026-34032
CloudburstMC Protocol is a protocol library for Minecraft Bedrock Edition. Prior to version 3.0.0.Beta12-20260420.182526-15, CloudburstMC Protocol is partially missing validation for FULL type authentication tokens Cloudburst/Protocol. This vulnerability impacts publicly accessible software...
CVE-2026-45289 CloudburstMC Protocol: Partially missing validation for FULL type authentication tokens
CloudburstMC Protocol is a protocol library for Minecraft Bedrock Edition. Prior to version 3.0.0.Beta12-20260420.182526-15, CloudburstMC Protocol is partially missing validation for FULL type authentication tokens Cloudburst/Protocol. This vulnerability impacts publicly accessible software...
CVE-2026-45289 CloudburstMC Protocol: Partially missing validation for FULL type authentication tokens
CloudburstMC Protocol is a protocol library for Minecraft Bedrock Edition. Prior to version 3.0.0.Beta12-20260420.182526-15, CloudburstMC Protocol is partially missing validation for FULL type authentication tokens Cloudburst/Protocol. This vulnerability impacts publicly accessible software...