Wireshark 安全漏洞

Wireshark is a set of network packet analysis tools developed by the Wireshark team. The software’s function is to capture network packets and display detailed data for analysis. Versions of Wireshark from 4.6.0 to 4.6.4 contained security vulnerabilities; these vulnerabilities were caused by...

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (>=0.8.3 <=0.9.5) +16 more potentially affected by CVE-2026-41383 via openclaw (>=2026.3.22 <=2026.4.12)

openclaw NPM version =2026.3.22, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.0, =0.1.1, =2.0.1, =0.0.7, =0.0.11 and more Source cves: CVE-2026-41383 Source advisory: SNYK:JS-OPENCLAW-16322613...

com.baoquan:verax-sdk (=1.0.0), com.easypayx:easypay-blockchain-java-sdk (>=1.0.0 <=1.0.4) +21 more potentially affected by CVE-2026-41586 via org.hyperledger.fabric-sdk-java:fabric-sdk-java (>=1.0.1 <=2.2.26)

org.hyperledger.fabric-sdk-java:fabric-sdk-java MAVEN version =1.0.1, =1.0.0, =1.0.0-RELEASE, =1.0.0-RELEASE, =0.0.1, =1.0.0, =1.0.0, =1.0, =3.16.1, =1.2.0, =1.3.0, =0.10.1, =0.11.5 and more Source cves: CVE-2026-41586 Source advisory: OSV:GHSA-PRF8-CF2X-RHX7...

beetcamp (>=0.18.0 <=0.19.3), beets-alternatives (>=0.11.0 <=0.11.1) +12 more potentially affected by CVE-2026-42052 via beets (>=1.4.9 <=2.0.0)

beets PYPI version =1.4.9, =0.18.0, =0.11.0, =0.3.1, =0.1.0, =1.1.3, =0.1.1, =0.2.0, =0.1.1, =0.4.0 - musicbot =0.9.0 Source cves: CVE-2026-42052 Source advisory: OSV:GHSA-3GXM-WFJX-M847...

EUVD-2026-26211

Ollama for Windows contains a Remote Code Execution vulnerability in its update mechanism due to improper handling of attacker‑controlled HTTP response headers. When downloading updates, the application constructs local file paths using values derived from HTTP headers without validation. These...

CVE-2026-42249 Remote Code Execution in Ollama via Update Mechanism

Ollama for Windows contains a Remote Code Execution vulnerability in its update mechanism due to improper handling of attacker‑controlled HTTP response headers. When downloading updates, the application constructs local file paths using values derived from HTTP headers without validation. These...

CVE-2026-42249

Ollama for Windows contains a Remote Code Execution vulnerability in its update mechanism due to improper handling of attacker‑controlled HTTP response headers. When downloading updates, the application constructs local file paths using values derived from HTTP headers without validation. These...

CVE-2026-42248

Ollama for Windows does not perform integrity or authenticity verification of downloaded update executables. Unlike other platforms, the Windows implementation of the update verification routine unconditionally returns success so no digital signature or trust validation is performed before stagin...

Pardus 注入漏洞

Pardus is a Linux distribution developed by the TUBITAK BILGEM government department in Turkey. Versions of Pardus from 0.6.4 up to 0.8.0 had a vulnerability related to injection attacks. This vulnerability stemmed from improper handling of CRLF sequences, which could lead to authentication...

Wazuh 路径遍历漏洞

Wazuh is an open-source application developed by Wazuh. It is used for collecting, summarizing, indexing, and analyzing security data, helping organizations detect intrusions, threats, and abnormal behaviors. Versions of Wazuh from 4.4.0 to 4.14.4 contained a path traversal vulnerability. This...

Linux Distros Unpatched Vulnerability : CVE-2025-6016

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have...

PT-2026-37132

Name of the Vulnerable Software and Affected Versions Hyperledger Fabric versions 1.0.0 through 2.2.26 Description In the deprecated fabric-sdk-java client SDK, the Channel.java file implements readObject and exposes the deSerializeChannel function, both of which call ObjectInputStream.readObject...

Security Bulletin: Stored Cross-Site Scripting (XSS) in Langflow Markdown Rendering via rehypeRaw

Summary A stored cross-site scripting XSS vulnerability in Langflow allows attackers to inject and execute arbitrary HTML/JavaScript through the Playground event-streaming and Markdown rendering pipeline due to unsafe use of rehypeRaw without sanitization, potentially leading to session theft,...

CVE-2026-7040

Text::Minify::XS versions from 0.3.0 before 0.7.8 for Perl have a heap overflow when processing some malformed UTF-8 characters. The minify functions mishandled some malformed UTF-8 characters, leading to heap corruption. Note that the minifyutf8 function is an alias for minify...

GHSA-4G9C-3X4P-MFPP Spring gRPC SecurityContext leaks across requests upon authorization failure

When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the same thread. This may allow the subsequent user to gain escalated permissions. Affected versions:...

com.devskiller.friendly-id:friendly-id-openfeign (>=2.0.0-alpha3 <=2.0.0-beta5), io.github.bluetape4k:bluetape4k-spring-boot4-cassandra (>=1.5.0 <=1.7.0) +18 more potentially affected by CVE-2026-40974 via org.springframework.boot:spring-boot-cassandra (>=4.0.0 <=4.0.5)

org.springframework.boot:spring-boot-cassandra MAVEN version =4.0.0, =2.0.0-alpha3, =1.5.0, =2.0.0-M1, =2.0.0-M1, =2.0.0-M1, =2.0.0-M1, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.5 - org.springframework.boot:spring-boot-starter-data-cassan...

ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +5653 more potentially affected by CVE-2026-40973 via org.springframework.boot:spring-boot (>=3.5.0 <=3.5.13)

org.springframework.boot:spring-boot MAVEN version =3.5.0, =0.1.0, =0.1.0, =0.8.0, =0.7.0, =0.7.0, =0.8.0, =0.7.0, =1.0.0, =1.0.0, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.6 and more Source cves: CVE-2026-40973 Source advisory: OSV:GHSA-WWPQ-F5C3-7HVX...

VMware Spring AI 代码注入漏洞

VMware Spring AI is a development framework by the American company VMware, which integrates artificial intelligence and large language model capabilities into the Spring ecosystem. Versions 1.0.0 to 1.0.5, as well as 1.1.0 to 1.1.4 of VMware Spring AI, have code injection vulnerabilities. These...

PT-2026-35688

In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

PT-2026-35687

SQL injection vulnerability in Spring AI's CosmosDBVectorStore allows attackers to execute arbitrary SQL queries via crafted document IDs. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...