@amqp-contract/asyncapi (>=0.2.0 <=0.21.0), @bgd-labs/indexer-client (>=1.23.1 <=1.42.1) +38 more potentially affected by CVE-2026-28794 via @orpc/client (>=1.0.0-beta.1 <=1.13.5)

@orpc/client NPM version =1.0.0-beta.1, =0.2.0, =1.23.1, =1.8.6, =0.1.0-beta.20, =0.1.1, =0.1.0, =0.0.0, =1.0.0-beta.2, =1.0.0-beta.1, =1.10.0, =1.13.14 and more Source cves: CVE-2026-28794 Source advisory: SNYK:JS-ORPCCLIENT-15426550...

CVE-2024-47886 Chamilo: Post-Auth Remote Code Execution

Chamilo is a learning management system. Chamillo is affected by a post-authentication phar unserialize which leads to a remote code execution RCE within versions 1.11.12 to 1.11.26. By abusing multiple supported features from the virtualization plugin vchamilo, the vulnerability allows an...

IBM Concert has a weak cryptographic algorithm vulnerability

IBM Concert is a generative artificial intelligence-driven automated application management and monitoring tool based on the watsonx platform, announced by International Business Machines IBM Corporation at the IBM Think conference in Boston, USA. A weak cryptographic algorithm vulnerability exis...

kaniko has tar archive path traversal in its build context extraction, allowing file writes outside destination directories

kaniko unpacks build context archives using filepath.Joindest, cleanedName without enforcing that the final path stays within dest. A tar entry like ../outside.txt escapes the extraction root and writes files outside the destination directory. In environments with registry authentication, this ca...

02url-querystring-http (>=1.0.1 <=1.0.4), 1-0-5-hai-aage-dekhte-hein-kya-aat-hai (>=1.0.5 <=1.0.6) +12780 more potentially affected by CVE-2026-3304 via multer (>=0.0.5 <=2.0.2)

multer NPM version =0.0.5, =1.0.1, =1.0.5, =2.0.0, =1.0.0, =1.0.0, =1.0.0, =0.0.1, =1.0.0, =1.0.3 - 6e-alpha-backend-admin =1.0.0 and more Source cves: CVE-2026-3304 Source advisory: OSV:GHSA-XF7R-HGR6-V32P...

3d-rcnet (>=0.2.2 <=0.2.3), aa-prepflow (>=0.1.0 <=0.1.1) +1035 more potentially affected by CVE-2026-27167 via gradio (>=4.16.0 <=6.4.0)

gradio PYPI version =4.16.0, =0.2.2, =0.1.0, =0.2.5, =0.0.3, =0.1.5, =0.8.2.4, =0.2.1, =0.1.0, =0.1.0, =0.1.0, =2.0.0, =0.1.4, =0.1.11 and more Source cves: CVE-2026-27167 Source advisory: OSV:GHSA-H3H8-3V2V-RG7M...

CVE-2026-24497

Stack-based Buffer Overflow vulnerability in SimTech Systems, Inc. ThinkWise allows Remote Code Inclusion.This issue affects ThinkWise: from 7 through 23...

3d-rcnet (>=0.2.2 <=0.2.3), aa-prepflow (>=0.1.0 <=0.1.1) +1117 more potentially affected by CVE-2026-28415 via gradio (>=1.7.7 <=6.4.0)

gradio PYPI version =1.7.7, =0.2.2, =0.1.0, =0.2.5, =0.3.0, =0.0.3, =0.1.5, =0.8.2.4, =0.2.1, =0.1.0, =0.1.0, =0.1.0, =2.0.0, =3.3.9 and more Source cves: CVE-2026-28415 Source advisory: OSV:PYSEC-2026-65...

CVE-2026-1693

The OAuth grant type Resource Owner Password Credentials ROPC flow is still used by the werbservices used by the WebVue, WebScheduler, TouchVue and Snapvue features of PcVue in version 12.0.0 through 16.3.3 included despite being deprecated. It might allow a remote attacker to steal user...

CVE-2026-1698

A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior. This vulnerability only affects the endpoints...

Canon IJ Scan Utility 安全漏洞

Canon IJ Scan Utility is a scanner management software developed by the Japanese company Canon. Versions 1.1.2 to 1.5.0 of Canon IJ Scan Utility contain security vulnerabilities. These vulnerabilities stem from the unquoted Windows service executable path, which may allow local attackers to execu...

@regis-samurai/n8n (>=0.216.1 <=0.219.1), n8n-nodes-accelo (>=0.1.0 <=0.1.9) +11 more potentially affected by unknown CVE via n8n (>=0.138.0 <=0.93.0)

n8n NPM version =0.138.0, =0.216.1, =0.1.0, =0.18.0, =0.1.0, =0.1.0, =0.2.14, =0.1.0, =0.1.0, =0.0.2, =0.0.2, =1.1.3 Source cves: unknown CVE Source advisory: OSV:GHSA-38C7-23HJ-2WGQ...

@akash-aw/aw-wizard-forms (=4.14.0), @alfresco/aca-generators (>=1.0.0 <=1.0.1) +131 more potentially affected by CVE-2026-27959 via koa (>=3.0.0 <=3.1.1)

koa NPM version =3.0.0, =1.0.0, =1.0.0, =0.44.0, =0.0.0-nightly-20260213031600, =0.0.0-nightly-20260317031259, =0.0.0-nightly-20260317031259, =0.0.0-nightly-20260213031600, =2025.12.1, =2.23.0, =0.0.1, =0.20.0, =0.0.5, =2026.1.2, =2.0.0, =2.0.1 and more Source cves: CVE-2026-27959 Source advisory...

10up-toolkit (>=6.0.0 <=6.5.1), @0ti.me/ts-test-deps (=0.2.0) +6571 more potentially affected by CVE-2026-27904 via minimatch (>=9.0.0 <=9.0.6)

minimatch NPM version =9.0.0, =6.0.0, =1.1.0-pre.1, =1.4.0, =9.1.0, =1.17.3-testing-284.48.0, =1.0.0, =1.1.6, =0.0.0-alpha.1aa37fb04f1f, =1.1.3, =1.0.6, =1.0.25 and more Source cves: CVE-2026-27904 Source advisory: OSV:GHSA-23C5-XMQV-RM74...

@0x590fab/sdcor2 (>=4.2.1 <=4.4.0), @cenk1cenk2/renovate-config (>=2.2.33 <=2.3.94) +22 more potentially affected by CVE-2026-27904 via minimatch (>=6.0.0 <=6.2.0)

minimatch NPM version =6.0.0, =4.2.1, =2.2.33, =0.2.6-alpha-20230114225627-66f5d9eac, =0.1.7-alpha-20230114225627-66f5d9eac, =0.15.7-alpha-20230114225627-66f5d9eac, =0.1.0, =3.108.8--canary.1.4727068200.0, =0.0.0, =1.12.0, =1.0.0, =0.36.6, =0.36.6, =0.39.3-0 - editorconfig =1.0.2 and more Source...

@regis-samurai/n8n (>=0.216.1 <=0.219.1), n8n-nodes-accelo (>=0.1.0 <=0.1.9) +11 more potentially affected by unknown CVE via n8n (>=0.138.0 <=0.93.0)

n8n NPM version =0.138.0, =0.216.1, =0.1.0, =0.18.0, =0.1.0, =0.1.0, =0.2.14, =0.1.0, =0.1.0, =0.0.2, =0.0.2, =1.1.3 Source cves: unknown CVE Source advisory: OSV:GHSA-F3F2-MCXC-PWJX...

Security Bulletin: IBM DevOps Plan is vulnerable to Excessive Authentication Attempts ( CVE-2025-36363)

Summary IBM DevOps Plan is vulnerable to brute force attack due to improper restriction of excessive authentication attempts. Vulnerability Details CVEID:CVE-2025-36363 DESCRIPTION: IBM DevOps Plan uses an inadequate account lockout setting that could allow a remote attacker to brute force accoun...

EUVD-2026-8839

An XSS vulnerability affects the OAuth web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It might allow a remote attacker to trick a legitimate user into loading content from another site upon unsuccessful user...

CVE-2026-1697

The Secure and SameSite attribute are missing in the GraphicalData web services and WebClient web app of PcVue in version 12.0.0 through 16.3.3 included...

CVE-2026-1698 HTTP Host header vulnerability in WebClient and WebScheduler web apps

A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior. This vulnerability only affects the endpoints...