CVE-2026-39054

Oinone Pamirs 7.0.0 contains a command injection vulnerability in CommandHelper.executeCommands. The method starts a shell process and writes attacker-controlled command strings directly to the process standard input without sanitization. In affected deployments, this can result in arbitrary...

oinone-pamirs 代码注入漏洞

Oinone-Pamirs is an open-source AI-driven low-code development framework developed by Oinone. Version 7.0.0 of Oinone-Pamirs contains a code injection vulnerability. This vulnerability stems from the ScriptRunner.run method in the ScriptRunner component evaluating scripts controlled by the attack...

SUSE CVE-2026-40197

Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage volume feature to cause the Incus daemon to crash. The custom volume backup import subsystem...

CVE-2026-41685

Incus is a system container and virtual machine manager. Prior to version 7.0.0, uploads of large amount of data by authenticated users can run the Incus server out of disk space, potentially taking down the host system. The impact here is limited for anyone using storage.imagesvolume and...

CVE-2026-41685

CVE-2026-41685 affects Incus prior to 7.0.0 where authenticated users can trigger unbounded disk usage during binary import paths. The issue occurs because HTTP upload bodies are streamed into temporary host storage via io.Copy in multiple handlers (instance import, bucket backup import, volume b...

CVE-2026-40243 Incus OVN TLS verification accepts peer-supplied roots and permits endpoint impersonation

Incus is a system container and virtual machine manager. In versions before 7.0.0, broken TLS validation logic in the OVN database connection logic can allow connections to an attacker's OVN database. The OVN client implementations disable Go standard TLS server verification and replace it with...

CVE-2023-22021

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics component: Analytics Server. Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromis...

WSO2 Identity Server（IS） 安全漏洞

WSO2 Identity Server IS is an identity server from the US-based WSO2 Inc. A security vulnerability exists in WSO2 Identity Server IS version 7.0.0 that stems from insufficient input validation and could lead to a reflective cross-site scripting attack...

MSA Safety FieldServer 安全漏洞

MSA Safety FieldServer is a building automation solution from MSA Safety USA. A security vulnerability exists in MSA Safety FieldServer versions prior to 7.0.0, which stems from the fact that access to users inside the FieldServer gateway should be restricted to logging in locally on the device,...

softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path leading to an io_readx or io_writex crash. NOTE: a third party states that the Non-virtualization Use Case in the qemu.org reference applies here i.e. "Bugs affecting the non-virtualization use case are not considered security bugs at this time.

...

DEBIAN-CVE-2022-35414

softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translatefail path, leading to an ioreadx or iowritex crash. NOTE: a third party states that the Non-virtualization Use Case in the qemu.org reference applies here, i.e., "Bugs affecting the non-virtualization use ca...

Redis Labs Redis 代码注入漏洞

Redis Labs Redis is the United States Redis Labs, Inc. of a set of open-source use of ANSI C written to support the network , can be based on the memory can also be a persistent log-type , key-value Key-Value storage database , and provides a variety of languages API. An injection vulnerability...

NetSarang Xmanager 代码问题漏洞

NetSarang Xmanager is a powerful and convenient PC X server software package from NetSarang USA. It is used to bring UNIX/Linux desktops to Windows PCs. A security vulnerability exists in NetSarang Xmanager v7.0.0096 and below that allows attackers to execute arbitrary code via a crafted .exe fil...

多款Cisco产品处理逻辑错误漏洞

Cisco Firepower Threat Defense FTD and Cisco Adaptive Security Appliances Software ASA Software are both products of Cisco, Inc.Cisco Firepower Threat Defense is a set of unified software that provides next-generation firewall services. Defense is a set of unified software to provide...

CVE-2020-1723

A flaw was found in Keycloak Gatekeeper Louketo. The logout endpoint can be abused to redirect logged-in users to arbitrary web pages. Affected versions of Keycloak Gatekeeper Louketo: 6.0.1, 7.0.0...