ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +62 more potentially affected by CVE-2026-41712 via org.springframework.ai:spring-ai-openai (>=1.1.0-M1 <=1.1.5)

org.springframework.ai:spring-ai-openai MAVEN version =1.1.0-M1, =0.1.0, =0.1.0, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =0.6.0, =1.21.2, =1.1.0.0, =1.1.0.0, =1.1.2.3 and more Source cves: CVE-2026-41712 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16624639...

PT-2026-35687

SQL injection vulnerability in Spring AI's CosmosDBVectorStore allows attackers to execute arbitrary SQL queries via crafted document IDs. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

CVE-2026-34581

CVE-2026-34581 affects goshs, a SimpleHTTPServer written in Go. From version 1.1.0 up to before 2.0.0-beta.2, using a Share Token can bypass the intended restricted file download and grant full access, including code execution. This is mitigated in version 2.0.0-beta.2. Remediation: upgrade to 2....

org.springframework.ai:spring-ai-starter-vector-store-redis (>=1.1.0 <=1.1.3) potentially affected by CVE-2026-22744 via org.springframework.ai:spring-ai-redis-store (>=1.1.0-M1 <=1.1.3)

org.springframework.ai:spring-ai-redis-store MAVEN version =1.1.0-M1, =1.1.0, =1.1.3 Source cves: CVE-2026-22744 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-15791529...

CVE-2026-25903 Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates

Apache NiFi 1.1.0 through 2.7.2 are missing authorization when updating configuration properties on extension components that have specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional privileges required to add the annotated component to...

WordPress RESTful Content Syndication plugin 1.1.0 - 1.5.0 - Authenticated (Author+) Arbitrary File Upload vulnerability

WordPress RESTful Content Syndication plugin 1.1.0 - 1.5.0 - Authenticated Author+ Arbitrary File Upload vulnerability discovered by kr0d in WordPress Plugin RESTful Content Syndication versions 1.1.0-1.5.0...

CVE-2025-62610 Hono Improperly Authorizes JWT Audience Validation

Hono is a Web application framework that provides support for any JavaScript runtime. In versions from 1.1.0 to before 4.10.2, Hono’s JWT Auth Middleware does not provide a built-in aud Audience verification option, which can cause confused-deputy / token-mix-up issues: an API may accept a valid...

CVE-2025-1761

IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory...

CVAT.ai CVAT 授权问题漏洞

CVAT.ai CVAT is an open source data processing tool from CVAT.ai. An authorization issue vulnerability exists in CVAT.ai CVAT versions 1.1.0 to 2.41.0, which stems from not enforcing email validation, and could lead to account creation and bot registration using a fake email address...

ViewVC 路径遍历漏洞

ViewVC is ViewVC open source a Web-based CVS, SVN code repository browsing tool. A path traversal vulnerability exists in ViewVC versions 1.1.0 to 1.1.31 and 1.2.0 to 1.2.3, which stems from a directory traversal in the standalone.py script, which could lead to the disclosure of the contents of t...

Symfony 安全漏洞

Symfony is a PHP framework for web and console applications and a set of reusable PHP components from Symfony, Inc. A security vulnerability exists in Symfony versions 1.1.0 through 1.5.19 and earlier. An attacker can exploit this vulnerability to remotely execute code...

@edropin/canvas (>=1.1.0 <=2.0.0), @launchtray/hatch-test-pdf (>=0.11.2 <=0.23.0-alpha.17) +15 more potentially affected by unknown CVE via pdf-image (>=1.1.0 <=2.0.0)

pdf-image NPM version =1.1.0, =1.1.0, =0.11.2, =0.2.0, =0.0.2, =0.13.0-beta.1, =0.0.2, =0.0.12, =0.19.5, =0.0.2, =0.1.1, =0.3.0, =0.1.1, =1.0.0, =1.0.0, =1.0.5 and more Source cves: unknown CVE Source advisory: SNYK:JS-PDFIMAGE-6424686...

svelecte-element (>=1.0.0 <=1.4.1) potentially affected by CVE-2023-38687 via svelecte (>=1.1.0 <=1.4.1)

svelecte NPM version =1.1.0, =1.0.0, =1.4.1 Source cves: CVE-2023-38687 Source advisory: OSV:GHSA-7H45-GRC5-89WQ...

Apache InLong 安全漏洞

Apache InLong is the United States Apache Apache Foundation's one-stop massive data integration framework. A security vulnerability exists in Apache InLong versions 1.1.0 through 1.6.0, which stems from an application that does not set a complexity requirement for user passwords, and can be...

OpenSSL Information Disclosure Vulnerability (CNVD-2019-38485)

OpenSSL is an open source capable general-purpose cryptographic library from the OpenSSL team that implements the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. The product supports a variety of cryptographic algorithms , including symmetric ciphers , hash algorithms ,...

IBM QRadar Advisor with Watson Information Disclosure Vulnerability

IBM QRadar Advisor with Watson is a suite of security threat analysis solutions from IBM USA. The product includes features such as security threat response and threat probing. A security vulnerability exists in IBM QRadar Advisor with Watson versions 1.1.0 through 1.14.0. An attacker could explo...