CVE-2026-43967

Summary: CVE-2026-43967 affects Absinthe (Elixir/absinthe-graphql). The vulnerability arises in the fragment-name validation phase where UniqueFragmentNames:run/2 checks each fragment name by counting matches with a full linear scan, yielding O(N^2) comparisons per document. With attacker-control...

Fedora 43 : rust-rpm-sequoia (2026-a80c26d6f3)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-a80c26d6f3 advisory. Update to version 1.10.2. Addresses CVE-2026-2625. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note tha...

CVE-2026-28373

The Stackfield Desktop App before 1.10.2 for macOS and Windows contains a path traversal vulnerability in certain decryption functionality when processing the filePath property. A malicious export can write arbitrary content to any path on the victim's filesystem...

Stackfield Desktop App 安全漏洞

The Stackfield Desktop App is a project management tool developed by the German company Stackfield. Versions of the Stackfield Desktop App prior to 1.10.2 contained security vulnerabilities. These vulnerabilities stemmed from specific decryption functions that allowed path traversal when handling...

Graphiti 安全漏洞

Graphiti is a framework developed by Zep for building temporal context graphs for AI agents. Versions of Graphiti prior to 1.10.2 contained security vulnerabilities. These vulnerabilities stemmed from the JSONAPI writing feature not verifying the relationship names provided by users, which could...

CVE-2026-33022 Tekton Pipelines: Controller can panic when setting long resolver names in TaskRun/PipelineRun

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Versions 0.60.0 through 1.0.0, 1.1.0 through 1.3.2, 1.4.0 through 1.6.0, 1.7.0 through 1.9.0, 1.10.0, and 1.10.1 have a denial-of-service vulnerability in that allows any user who can create a TaskRun or...

Fedora: Security Advisory (FEDORA-2026-9ba46f22d5)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Exploit for CVE-2024-58290

CVE-2024-58290-Xhibiter-SQLi Proof of Concept PoC for SQL In...

CVE-2025-66518

Any client who can access to Apache Kyuubi Server via Kyuubi frontend protocols can bypass server-side config kyuubi.session.local.dir.allow.list and use local files which are not listed in the config. This issue affects Apache Kyuubi: from 1.6.0 through 1.10.2. Users are recommended to upgrade t...

PT-2026-1236

Name of the Vulnerable Software and Affected Versions Apache Kyuubi versions 1.6.0 through 1.10.2 Description A client with access to the Apache Kyuubi Server through Kyuubi frontend protocols can bypass the server-side configuration kyuubi.session.local.dir.allow.list and access local files not...

CVE-2024-58290

Xhibiter NFT Marketplace 1.10.2 contains a SQL injection vulnerability in the collections endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to potentially extract or...

DeoThemes Xhibiter NFT Marketplace SQL注入漏洞

DeoThemes Xhibiter NFT Marketplace is a website builder from DeoThemes, Inc. A SQL injection vulnerability exists in DeoThemes Xhibiter NFT Marketplace version 1.10.2, which originates from an SQL injection in the id parameter in the collections endpoint, which could lead to the disclosure or...

EUVD-2022-3515

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-4922

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nomad Community and Nomad Enterprise Nomad prefix-based ACL policy lookup can lead to incorrect rule application and shadowing. This vulnerability, identified a...

Linux Distros Unpatched Vulnerability : CVE-2016-9813

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The parsepat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service NULL pointer dereference and crash vi...

CVE-2025-4922

Nomad Community and Nomad Enterprise “Nomad” prefix-based ACL policy lookup can lead to incorrect rule application and shadowing. This vulnerability, identified as CVE-2025-4922, is fixed in Nomad Community Edition 1.10.2 and Nomad Enterprise 1.10.2, 1.9.10, and 1.8.14...

CVE-2024-33831

A stored cross-site scripting XSS vulnerability in the Advanced Expectation - Response module of yapi v1.10.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the body field...

PYSEC-2024-201

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain reflected XSS vulnerabilities in the login dialog and the standalone application key confirmation dialog. An attacker who successfully talked a victim into clicking on...

PT-2024-34657 · Octoprint · Octoprint

Name of the Vulnerable Software and Affected Versions: OctoPrint versions up to and including 1.10.2 Description: OctoPrint provides a web interface for controlling consumer 3D printers. The issue allows an attacker that has gained temporary control over an authenticated victim's OctoPrint browse...

PT-2024-33491 · Octoprint · Octoprint

Name of the Vulnerable Software and Affected Versions: OctoPrint versions up to and including 1.10.2 Description: OctoPrint provides a web interface for controlling consumer 3D printers. The software contains reflected XSS vulnerabilities in the login dialog and the standalone application key...