EUVD-2026-36797

In Spring Cloud Sleuth, it is possible for a user to provide specially crafted calls that may cause a denial-of-service DoS condition. The application is vulnerable when it uses a vulnerable version of org.springframework.cloud:spring-cloud-sleuth-instrumentation and Spring TX instrumentation is...

CVE-2026-41708

In Spring Cloud Sleuth, it is possible for a user to provide specially crafted calls that may cause a denial-of-service DoS condition. The application is vulnerable when it uses a vulnerable version of org.springframework.cloud:spring-cloud-sleuth-instrumentation and Spring TX instrumentation is...

VMware Spring Cloud Config 路径遍历漏洞

VMware Spring Cloud Config is a configuration management solution for distributed systems developed by VMware, Inc. This product provides server and client support for external configurations in distributed systems. VMware Spring Cloud Config has a path traversal vulnerability, which stems from t...

n.eko 输入验证错误漏洞

n.eko is a self-hosted virtual browser developed by Miroslav Šedivý, using Docker and WebRTC. Versions 3.0.0 to 3.0.10, as well as 3.1.0 to 3.1.1, have vulnerabilities related to input validation. These vulnerabilities allow any authenticated user to instantly gain complete control over the entir...

@amitojsingh366/keepkey-hardware-controller (=0.0.10), @apsiocoin/protobuf-serialization (=0.0.1-alpha1) +178 more potentially affected by CVE-2026-5758 via protocol-buffers-schema (>=3.1.0 <=3.6.0)

protocol-buffers-schema NPM version =3.1.0, =2.0.9, =2.0.7, =2.1.2, =0.0.25, =0.0.19, =2.0.12, =2.0.11, =0.0.12, =6.1.2, =0.18.4, =0.18.4, =1.16.11, =1.4.2, =2.14.3 and more Source cves: CVE-2026-5758 Source advisory: SNYK:JS-PROTOCOLBUFFERSSCHEMA-16420259...

CVE-2025-36105

IBM Planning Analytics Advanced Certified Containers 3.1.0 through 3.1.4 could allow a local privileged user to obtain sensitive information from environment variables...

CVE-2025-13653

In Search Guard FLX versions from 3.1.0 up to 4.0.0 with enterprise modules being disabled, there exists an issue which allows authenticated users to use specially crafted requests to read documents from data streams without having the respective privileges...

PT-2025-48533

In Search Guard FLX versions from 3.1.0 up to 4.0.0 with enterprise modules being disabled, there exists an issue which allows authenticated users to use specially crafted requests to read documents from data streams without having the respective privileges...

CVE-2025-7665 Miniorange OTP Verification with Firebase 3.1.0 - 3.6.2 - Unauthenticated Privilege Escalation

The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'handlemofirebaseformoptions' function in versions 3.1.0 to 3.6.2. This makes it possible for unauthenticated attackers to update the default role to...