0utmailauth (=1.0.0), @1023-ventures/ursa-core (>=0.5.2 <=0.5.3) +1997 more potentially affected by CVE-2026-1526 via undici (>=6.0.1 <=6.23.0)

undici NPM version =6.0.1, =0.5.2, =0.5.2, =0.4.2, =0.5.116, =1.3.7, =1.3.7, =1.3.7, =1.0.0, =1.0.0, =0.1.5-alpha.0, =1.0.9-beta.0, =0.5.21, =0.5.43 and more Source cves: CVE-2026-1526 Source advisory: SNYK:JS-UNDICI-15518068...

@01.software/cli (>=0.1.1 <=0.2.0-dev.260310.cf511cb), @01.software/sdk (>=0.0.1-251008.90016 <=0.3.0) +384 more potentially affected by CVE-2026-1527 via undici (>=7.0.0-alpha.3 <=7.22.0)

undici NPM version =7.0.0-alpha.3, =0.1.1, =0.0.1-251008.90016, =0.0.6, =0.0.1, =0.0.2, =0.0.33, =0.0.1, =1.0.0, =21.0.0, =21.0.0, =0.5.0, =1.0.1, =2.8.7 and more Source cves: CVE-2026-1527 Source advisory: SNYK:JS-UNDICI-15518072...

@01.software/cli (>=0.1.1 <=0.2.0-dev.260310.cf511cb), @01.software/sdk (>=0.0.1-251008.90016 <=0.3.0) +384 more potentially affected by CVE-2026-1525 via undici (>=7.0.0-alpha.3 <=7.22.0)

undici NPM version =7.0.0-alpha.3, =0.1.1, =0.0.1-251008.90016, =0.0.6, =0.0.1, =0.0.2, =0.0.33, =0.0.1, =1.0.0, =21.0.0, =21.0.0, =0.5.0, =1.0.1, =2.8.7 and more Source cves: CVE-2026-1525 Source advisory: SNYK:JS-UNDICI-15518061...

@tinacms/app (>=0.0.0-00aadfd-20260223215804 <=2.3.26), @tinacms/cli (>=0.0.0-00aadfd-20260223215804 <=2.1.7) +7 more potentially affected by CVE-2026-29066 via @tinacms/schema-tools (>=2.0.0 <=2.6.0)

@tinacms/schema-tools NPM version =2.0.0, =0.0.0-00aadfd-20260223215804, =0.0.0-00aadfd-20260223215804, =0.0.0-00aadfd-20260223215804, =0.0.0-00aadfd-20260223215804, =2.0.0, =0.0.0-00aadfd-20260223215804, =0.0.0-00aadfd-20260223215804, =0.0.0-00aadfd-20260223215804, =0.0.0-00aadfd-20260223215804,...

@backingman/keycloak (=0.0.0-alpha), @backstage-community/plugin-catalog-backend-module-keycloak (>=3.1.1 <=3.17.2) +86 more potentially affected by CVE-2026-2366 via @keycloak/keycloak-admin-client (>=15.1.0 <=26.5.5)

@keycloak/keycloak-admin-client NPM version =15.1.0, =3.1.1, =0.1.1, =0.1.1, =0.1.1, =0.1.0, =1.0.0, =1.0.0, =1.0.0, =2.0.2 and more Source cves: CVE-2026-2366 Source advisory: OSV:GHSA-R8JR-WG88-FQ5C...

lightrft (=0.1.0), rl-square (=0.0.1.post1) potentially affected by CVE-2026-3060 via sglang (>=0.4.5 <=0.4.6.post5)

sglang PYPI version =0.4.5, =0.4.6.post5 is affected by a known vulnerability. The following packages have a transitive dependency on sglang and may be impacted: - lightrft =0.1.0 - rl-square =0.0.1.post1 Source cves: CVE-2026-3060 Source advisory: OSV:GHSA-JX93-G359-86WM...

LXD 安全漏洞

LXD is a Canonical open-source container-based system for managing applications on Linux systems. Security vulnerabilities exist in LXD versions 4.12 to 6.6, which stem from improper cleaning of the compressionalgorithm parameter. This vulnerability could allow authenticated non-privileged users ...

libredwg 安全漏洞

libredwg is an open-source DWG file format processing library developed by LibreDWG. Versions of libredwg from v0.13.3.7571 to v0.13.3.7835 contain security vulnerabilities. These vulnerabilities stem from a heap buffer overflow in the decompressR2004section function found in the decode.c file,...

CVE-2025-61154

Heap buffer overflow vulnerability in LibreDWG versions v0.13.3.7571 up to v0.13.3.7835 allows a crafted DWG file to cause a Denial of Service DoS via the function decompressR2004section at decode.c...

EUVD-2025-208571

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.5 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user with maintainer-role permissions to reveal Datadog API credentials under certain conditions...

RCE (Remote Code Execution) in Bamboo Data Center

This High severity RCE Remote Code Execution vulnerability was introduced in versions 9.6.0, 10.0.0, 10.1.0, 10.2.0, 11.0.0, 11.1.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.6, allows an authenticated attacker to execute...

UBUNTU-CVE-2025-12576

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.3 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that under certain conditions could have allowed an authenticated user to cause a denial of service due to improper handling of webhook response data...

SUSE CVE-2026-28292

simple-git, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes CVE-2022-25860 and CVE-2022-25912 and achieve full remote code execution on the host machine. Version 3.23.0 contains ...

CVE-2025-14513 Improper Validation of Specified Quantity in Input in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service condition due to improper input validation when processing specially crafted JSON...

CVE-2026-3013 Path Traversal in Coppermine Photo Gallery

Coppermine Photo Gallery in versions 1.6.09 through 1.6.27 is vulnerable to path traversal. Unauthenticated remote attacker is able to exploit a vulnerable endpoint and construct payloads that allow to read content of any file accessible by the the web server process.This issue was fixed in versi...

CVE-2026-1993 ExactMetrics 7.1.0 - 9.0.2 - Authenticated (Custom) Improper Privilege Management to Role Privilege Escalation via Settings Update

The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Improper Privilege Management in versions 7.1.0 through 9.0.2. This is due to the updatesettings function accepting arbitrary plugin setting names without a whitelist of allowed settings. This makes it possible fo...

CVE-2025-36105

IBM Planning Analytics Advanced Certified Containers 3.1.0 through 3.1.4 could allow a local privileged user to obtain sensitive information from environment variables...

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @kontaa/subgraph (>=1.0.1 <=1.2.3) +27 more potentially affected by CVE-2026-31901 via parse-server (>=2.0.8 <=7.5.4)

parse-server NPM version =2.0.8, =1.0.5, =1.0.1, =1.2.1, =2.4.46, =2.4.8, =1.0.0, =1.0.0, =1.0.1, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.29 - parse-cli-server2 =0.0.30 and more Source cves: CVE-2026-31901 Source advisory: OSV:GHSA-W54V-HF9P-8856...

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @kontaa/subgraph (>=1.0.1 <=1.2.3) +27 more potentially affected by CVE-2026-31875 via parse-server (>=2.0.8 <=7.5.4)

parse-server NPM version =2.0.8, =1.0.5, =1.0.1, =1.2.1, =2.4.46, =2.4.8, =1.0.0, =1.0.0, =1.0.1, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.29 - parse-cli-server2 =0.0.30 and more Source cves: CVE-2026-31875 Source advisory: OSV:GHSA-4HF6-3X24-C9M8...

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @kontaa/subgraph (>=1.0.1 <=1.2.3) +27 more potentially affected by CVE-2026-31868 via parse-server (>=2.0.8 <=7.5.4)

parse-server NPM version =2.0.8, =1.0.5, =1.0.1, =1.2.1, =2.4.46, =2.4.8, =1.0.0, =1.0.0, =1.0.1, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.29 - parse-cli-server2 =0.0.30 and more Source cves: CVE-2026-31868 Source advisory: OSV:GHSA-V5HF-F4C3-M5RV...