CVE-2026-49361

CVE-2026-49361: Apache Fluss Netty frame-decoder memory exhaust vulnerability . Affected: Apache Fluss (incubating) versions prior to 0.9.1 (0.8.0 and 0.9.0). Root cause: Netty LengthFieldBasedFrameDecoder configured with Integer.MAX_VALUE as the maximum frame length. Impact: unauthenticated remo...

Hackney 安全漏洞

Hackney is a program library from Hackney, Inc. A security vulnerability exists in hackney versions prior to 0.9.0 through 4.0.1, which stems from a lack of CRLF sequence checking of the domain and path options in the cookie setup function, which could lead to HTTP response splitting...

CLEANSTART-2026-PK73499 Security fixes for CVE-2026-5588, CVE-2026-5598, ghsa-389x-839f-4rhx, ghsa-3p8m-j85q-pgmj, ghsa-4cx2-fc23-5wg6, ghsa-4g8c-wm8x-jfhw, ghsa-735f-pc8j-v9w8, ghsa-c3fc-8qff-9hwx, ghsa-fghv-69vj-qj49, ghsa-p93r-85wp-75v3, ghsa-prj3-ccx8-p6x4, ghsa-wg6q-6289-32hp, ghsa-xq3w-v528-46rv applied in versions: 0.12.0-r16, 0.9.0-r1

Multiple security vulnerabilities affect the kserve-modelmesh package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2026-42889 Relay Server WebSocket authentication bypass when token is omitted

Relay adds real-time collaboration to Obsidian. Relay Server versions 0.9.0 through 0.9.6 contain an authentication bypass in the multi-document WebSocket endpoints. When authentication is configured, WebSocket connections without a token query parameter were incorrectly treated as having full...

MiniClaw 命令注入漏洞

MiniClaw is an AI memory and evolution tool developed by a personal developer. Versions 0.8.0 and 0.9.0 of MiniClaw contain command injection vulnerabilities. These vulnerabilities stem from the function resolveSkillScriptPath in the System Command Handler component’s src/kernel.ts file, which...

EUVD-2022-0884

Malicious code in bioql PyPI...

CVE-2025-58176

Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. In versions 0.9.0 through 0.9.3, there is a one-click Remote Code Execution vulnerability triggered through a custom url value, transport in the JSON object. An attacker can exploit the...

CVE-2025-58176

Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. In versions 0.9.0 through 0.9.3, there is a one-click Remote Code Execution vulnerability triggered through a custom url value, transport in the JSON object. An attacker can exploit the...

CVE-2025-58176 Dive's improper processing of custom urls can lead to Remote Code Execution

Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. In versions 0.9.0 through 0.9.3, there is a one-click Remote Code Execution vulnerability triggered through a custom url value, transport in the JSON object. An attacker can exploit the...

CVE-2025-58176

CVE-2025-58176 affects Dive (open-source MCP Host Desktop Application). Vulnerable versions: 0.9.0–0.9.3. A one-click Remote Code Execution vulnerability arises from improper handling of a custom URL value, transport, within a JSON object. An attacker can trigger code execution when a victim visi...

Linux Distros Unpatched Vulnerability : CVE-2020-27195

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas. Fixe...

QuickJS 安全漏洞

QuickJS is a small and embeddable Javascript engine open-sourced by QuickJS. A security vulnerability exists in QuickJS 0.9.0 and earlier versions, which stems from a lack of length checking in JSReadString, and may result in a heap buffer overflow...

PT-2024-37076 · Tapir · Tapir

Name of the Vulnerable Software and Affected Versions: Tapir versions 0.9.0 through 0.9.1 Description: Tapir is a private Terraform registry. The issue concerns scope-able Deploykeys, where attackers can guess the key to gain write access to the registry. Recommendations: For versions 0.9.0 and...

Tapir 授权问题漏洞

Tapir is a private Terraform registry for PacoVK individual developers. An authorization issue vulnerability exists in Tapir version 0.9.0 and 0.9.1. An attacker exploiting this vulnerability could guess keys to gain write access to the registry...

WordPress plugin Easyship WooCommerce Shipping Rates 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-13755

Name of the Vulnerable Software and Affected Versions Apache Portable Runtime versions 0.9.0 through 1.7.4 Description Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive...

PT-2023-8916 · Grafana +1 · Grafana Google Sheets Data Source Plugin +1

Name of the Vulnerable Software and Affected Versions: Grafana Google Sheets data source plugin versions 0.9.0 through 1.2.1 Description: The Google Sheets data source plugin for Grafana is vulnerable to an information disclosure issue due to improper sanitization of error messages. This could...

CVE-2023-39015

webmagic-extension v0.9.0 and below was discovered to contain a code injection vulnerability via the component us.codecraft.webmagic.downloader.PhantomJSDownloader...

@lw7360/react-progressbar.js (=0.1.2), @sweco/sweco-digital-platforms (>=5.0.26 <=5.1.2) +5 more potentially affected by CVE-2023-26133 via progressbar.js (>=0.9.0 <=1.1.0)

progressbar.js NPM version =0.9.0, =5.0.26, =1.6.3, =2.16.0, =1.0.33, =1.0.13, =0.1.1, =0.1.2 Source cves: CVE-2023-26133 Source advisory: OSV:GHSA-89QM-HM2X-MXM3...

PT-2023-23116

Name of the Vulnerable Software and Affected Versions Log4cxx versions 0.9.0 through 1.1.0 Description The issue is related to SQL injection in Log4cxx when using the ODBC appender to send log messages to a database. No fields sent to the database were properly escaped for SQL injection. This has...