ALPINE-CVE-2026-27623

Valkey is a distributed key-value database. Starting in version 9.0.0 and prior to version 9.0.3, a malicious actor with network access to Valkey can cause the system to abort by triggering an assertion. When processing incoming requests, the Valkey system does not properly reset the networking...

PT-2026-7176

Name of the Vulnerable Software and Affected Versions ZAI Shell versions prior to 9.0.3 Description ZAI Shell, an autonomous SysOps agent, has an issue in its P2P terminal sharing feature share start. Before version 9.0.3, this feature opens a TCP socket on port 5757 without authentication. A...

CVE-2026-25597

Summary (CVE-2026-25597): PrestaShop prior to 8.2.4 and 9.0.3 exposes a time-based user enumeration vulnerability in the login/authentication flow, allowing an attacker to deduce whether a customer account exists by measuring response times. The issue is fixed in versions 8.2.4 and 9.0.3. Impact ...

CVE-2026-25597 PrestaShop has a time based enumeration in FO login form

PrestaShop is an open source e-commerce web application. Prior to 8.2.4 and 9.0.3, there is a time-based user enumeration vulnerability in the user authentication functionality of PrestaShop. This vulnerability allows an attacker to determine whether a customer account exists in the system by...

CVE-2026-25597

PrestaShop is an open source e-commerce web application. Prior to 8.2.4 and 9.0.3, there is a time-based user enumeration vulnerability in the user authentication functionality of PrestaShop. This vulnerability allows an attacker to determine whether a customer account exists in the system by...

CVE-2026-25597 PrestaShop has a time based enumeration in FO login form

PrestaShop is an open source e-commerce web application. Prior to 8.2.4 and 9.0.3, there is a time-based user enumeration vulnerability in the user authentication functionality of PrestaShop. This vulnerability allows an attacker to determine whether a customer account exists in the system by...

CVE-2026-24740

CVE-2026-24740 summary (Dozzle) : Dozzle’s agent-backed shell endpoints permit a user restricted by a per-user label filter (for example, label=env=dev) to obtain an interactive root shell in containers outside the user’s label scope (for example, env=prod) on the same agent host. The root cause ...

CVE-2026-24740

Dozzle is a realtime log viewer for docker containers. Prior to version 9.0.3, a flaw in Dozzle’s agent-backed shell endpoints allows a user restricted by label filters for example, label=env=dev to obtain an interactive root shell in out‑of‑scope containers for example, env=prod on the same agen...

EUVD-2026-4741

Dozzle is a realtime log viewer for docker containers. Prior to version 9.0.3, a flaw in Dozzle’s agent-backed shell endpoints allows a user restricted by label filters for example, label=env=dev to obtain an interactive root shell in out‑of‑scope containers for example, env=prod on the same agen...

CVE-2025-15128

ZKTeco BioTime Endpoint (affected: up to 9.0.3/9.0.4/9.5.2) contains a vulnerability in the file /base/safe_setting/ within the Endpoint component. Manipulating the arguments backup_encryption_password_decrypt/export_encryption_password_decrypt can lead to unprotected storage of credentials. Remo...

EUVD-2012-4476

Malware in sbrugna...

O2OA 安全漏洞

O2OA is an enterprise application development platform from O2OA open source. A security vulnerability exists in O2OA version 9.0.3, which stems from mishandling of the mainOutput function and could lead to remote code execution...

PT-2025-34929 · O2Oa · O2Oa

Name of the Vulnerable Software and Affected Versions: O2OA version 9.0.3 Description: O2OA version 9.0.3 contains a remote code execution RCE issue via the mainOutput function. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerabilit...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses starlette-0.38.6-py3-none-any.whl which is vulnerable to this CVE-2024-47874

Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses starlette-0.38.6-py3-none-any.whl which is vulnerable to this CVE-2024-47874 Vulnerability Details CVEID:CVE-2024-47874 DESCRIPTION: Starlette is an Asynchronous Server Gateway Interface ASGI...

CVE-2024-0317

Cross-Site Scripting in FireEye EX, affecting version 9.0.3.936727. Exploitation of this vulnerability allows an attacker to send a specially crafted JavaScript payload via the 'type' and 'sfname' parameters to an authenticated user to retrieve their session details...

Grafana Labs Stored XSS (CVE-2022-31097)

According to its self-reported version number, the version of Grafana Labs running on the remote host is affected by a stored cross-site scripting vulnerability: - XSS vulnerability in the Unified Alerting feature of Grafana. After analysis, this stored XSS could be used to elevate privileges fro...

MAL-2023-1125 Malicious code in bjss-atp-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7046ba13fe73d317a4a8d1b70db5fcb53d3b4e6c05b9682fa438e6dc855834ea The OpenSSF Package Analysis project identified 'bjss-atp-web' @ 9.0.3 npm as malicious. It is considered malicious because: - The package...

GHSA-C429-5P7V-VGJP hoek subject to prototype pollution via the clone function.

hoek versions prior to 8.5.1, and 9.x prior to 9.0.3 are vulnerable to prototype pollution in the clone function. If an object with the proto key is passed to clone the key is converted to a prototype. This issue has been patched in version 9.0.3, and backported to 8.5.1...

DEBIAN-CVE-2020-36604

hoek before 8.5.1 and 9.x before 9.0.3 allows prototype poisoning in the clone function...

CVE-2020-36604

hoek before 8.5.1 and 9.x before 9.0.3 allows prototype poisoning in the clone function...