Amazon Linux 2 : openssh, --advisory ALAS2-2026-3320 (ALAS-2026-3320)

The version of openssh installed on the remote host is prior to 7.4p1-22. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3320 advisory. OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions. CVE-2026-35388 OpenS...

Important: php8.3

Issue Overview: In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global map without incrementing their reference counts. When an apache:Map node contains...

Discourse 安全漏洞

Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email, and chat rooms. Versions of Discourse before 2026.1.4, 2026.3.1, 2026.4.1, and 2026.5.0-latest.1 contain security vulnerabilities. These vulnerabilities st...

n8n 安全漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 1.123.33, 2.17.5, and 2.18.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of verification by dynamic node parameters endpoints regarding whether the authenticated...

Apache MINA 代码问题漏洞

Apache MINA is a web application framework developed by the Apache Foundation in the United States. This product is primarily used for developing high-performance and highly scalable web applications. There were code vulnerabilities in versions 2.0.0 to 2.0.27, 2.1.0 to 2.1.10, and 2.2.0 to 2.2.5...

October 安全漏洞

October is an open-source content management system CMS and network platform developed by October. Versions prior to October 3.7.14 and 4.1.10 contained security vulnerabilities. These vulnerabilities were due to issues with Twig’s sandbox security policies, which could allow backend users with...

pac4j 安全漏洞

pac4j is a simple yet powerful Java security engine developed by pac4j OpenSource. It is used to authenticate users, retrieve their configuration files, and manage authorization, thereby protecting web applications and web services. There were security vulnerabilities in versions of pac4j before...

CVE-2021-27410

The affected product is vulnerable to an out-of-bounds write, which may result in corruption of data or code execution on the Welch Allyn medical device management tools Welch Allyn Service Tool: versions prior to v1.10, Welch Allyn Connex Device Integration Suite – Network Connectivity Engine NC...

salvo 安全漏洞

Salvo is a web framework developed by Salvo OpenSource. Versions of Salvo from 0.39.0 to 0.89.2 have security vulnerabilities. These vulnerabilities stem from the encodeurlpath function in the salvo-proxy component, which fails to normalize the "../sequence", potentially allowing for path travers...

HashiCorp Consul和HashiCorp Consul Enterprise 安全漏洞

HashiCorp Consul and HashiCorp Consul Enterprise are both products of the American company HashiCorp. HashiCorp Consul is a distributed, highly available data center awareness solution. It is used for connecting and configuring applications across dynamic distributed infrastructures. HashiCorp...

SVGO 安全漏洞

SVGO is an open-source SVG file optimization tool. Versions of SVGO prior to 2.1.0, 2.8.1, 3.0.0, 3.3.3, and 4.0.1 have security vulnerabilities due to insufficient protection against entity expansion when processing XML custom entities, which may lead to denial-of-service attacks...

Discourse 安全漏洞

Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. Versions of Discourse before 2025.12.2, 2026.1.1, and 2026.2.0 contain security vulnerabilities. These vulnerabilities stem...

CVE-2025-13942

A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through 5.17ABUP.15.1C0 could allow a remote attacker to execute operating system OS commands on an affected device by sending specially crafted UPnP SOAP requests...

Craft CMS 安全漏洞

Craft CMS is an open-source content management system developed by Craft CMS. Versions 4.5.0-RC1 to 4.16.18 and 5.0.0-RC1 to 5.8.22 of Craft CMS have security vulnerabilities. These vulnerabilities stem from TOCTOU race conditions in the token verification service, which may allow a single-use...

kargo 安全漏洞

Kargo is an open-source continuous delivery tool developed by Akuity. Versions of Kargo from 1.7.0 to 1.7.8, as well as versions before 1.8.11 and 1.9.3, contain security vulnerabilities. These vulnerabilities stem from the batch resource creation endpoints accepting specially crafted YAML...

IBM Security QRadar EDR 代码问题漏洞

IBM Security QRadar EDR is a terminal detection and response software developed by the American multinational company IBM. There are code-related vulnerabilities in versions 3.12 to 3.12.23 of IBM Security QRadar EDR. These vulnerabilities stem from the failure to invalidate sessions after they...

GitLab Enterprise Edition（EE）和GitLab Community Edition（CE） 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. There were security vulnerabilities in versions prior to 18.6.6,...

OpenVPN security vulnerabilities

OpenVPN is a software package developed by OpenVPN Inc. in the United States, used to create encrypted VPN tunnels. It utilizes the OpenSSL library to encrypt data and control information, and allows the created VPNs to use public keys, electronic certificates, or username/password for...

Docmost security vulnerabilities

Docmost is an open-source collaborative wiki and documentation software developed by Docmost. Versions of Docmost prior to 0.24.0 contained security vulnerabilities. These vulnerabilities stemmed from the ZIP import function’s lack of filename validation, which could lead to arbitrary file writin...

CVE-2018-18631

mailboxd component in Synacor Zimbra Collaboration Suite 8.6, 8.7 before 8.7.11 Patch 7, and 8.8 before 8.8.10 Patch 2 has Persistent XSS...