@puchunjie/doc-tools-mcp (>=1.0.11 <=1.0.14) potentially affected by CVE-2026-7738 via @puchunjie/doc-tools-mcp (=1.0.18)

@puchunjie/doc-tools-mcp NPM version =1.0.18 is affected by a known vulnerability. The following packages have a transitive dependency on @puchunjie/doc-tools-mcp and may be impacted: - @puchunjie/doc-tools-mcp =1.0.11, =1.0.14 Source cves: CVE-2026-7738 Source advisory: OSV:GHSA-GCMM-C94J-J47X...

airflow-aggua-plugin (>=1.0.7 <=1.0.8), airflow-clickhouse-plugin (>=0.5.1 <=0.5.7.post1) +108 more potentially affected by CVE-2026-32794 via apache-airflow (>=1.10.1 <=1.10.7)

apache-airflow PYPI version =1.10.1, =1.0.7, =0.5.1, =0.1.0, =0.1.1, =0.0.7, =1.0.1, =0.0.1, =0.1.6, =0.0.2, =1.0.0, =1.2.1, =2020.5.20rc1, =2021.2.5, =2021.3.13rc1 and more Source cves: CVE-2026-32794 Source advisory: OSV:GHSA-WRPJ-755P-X363...

CVE-2026-32276

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an authenticated user may be able to execute arbitrary code in the Code Study Plugin. Versions 1.41.1 and 2.41.1 contain a patch...

CVE-2026-32278 Connect CMS has Stored Cross-site Scripting (XSS) in the File Field of its Form Plugin

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Stored Cross-site Scripting XSS issue exists in the file field of the Form Plugin. Versions 1.41.1 and 2.41.1 contain a patch...

Connect CMS has SSRF in the External Page Migration Feature of its Page Management Plugin

Security Advisory — Page Management Plugin SSRF Summary A Server-Side Request Forgery SSRF issue exists in the external page migration feature of the Page Management Plugin. Affected Versions - 1.x series: = 1.41.0 - 2.x series: = 2.41.0 Patched Versions - 1.41.1 - 2.41.1 Description In the...

Apache Shiro 安全漏洞

Apache Shiro is a Java security framework developed by the Apache Foundation in the United States. It is used for authentication, authorization, encryption, and session management. Versions of Apache Shiro such as 1. and 2.0.7 had security vulnerabilities. These vulnerabilities were due to observ...

CVE-2026-1194

A security flaw has been discovered in MineAdmin 1.x/2.x. This affects an unknown function of the component Swagger. The manipulation results in information disclosure. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was...

CVE-2026-1194 MineAdmin Swagger information disclosure

A security flaw has been discovered in MineAdmin 1.x/2.x. This affects an unknown function of the component Swagger. The manipulation results in information disclosure. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was...

CVE-2026-1193 MineAdmin View view improper authorization

A vulnerability was identified in MineAdmin 1.x/2.x. The impacted element is an unknown function of the file /system/cache/view of the component View Interface. The manipulation leads to improper authorization. The attack is possible to be carried out remotely. The exploit is publicly available a...

CVE-2017-6738

The Simple Network Management Protocol SNMP subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these...

CVE-2025-36153

CVE-2025-36153 affects IBM Concert Software versions 1.0.0–2.0.0. The vulnerability is a cross-site scripting flaw caused by insufficient input filtering/escaping of user-supplied data, allowing an unauthenticated attacker to inject arbitrary JavaScript into the Web UI and potentially disclose cr...

CVE-2025-57805

The Scratch Channel is a news website. In versions 1 and 1.1, a POST request to the endpoint used to publish articles, can be used to post an article in any category with any date, regardless of who's logged in. This issue has been patched in version 1.2...

PT-2025-34707 · Unknown · Scratch Channel

Name of the Vulnerable Software and Affected Versions: The Scratch Channel versions 1 and 1.1 Description: The Scratch Channel, a news website, is susceptible to unauthorized article posting. A POST request to the article publishing endpoint allows posting articles in any category with any date,...

BIT-NGINX-INGRESS-CONTROLLER-2022-30535

In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

SUSE CVE-2018-11760

When using PySpark , it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. This affects versions 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1...

PT-2022-26153 · Grails · Grails Spring Security Core Plugin

Name of the Vulnerable Software and Affected Versions: Grails Spring Security Core plugin versions 1.x Grails Spring Security Core plugin versions 2.x Grails Spring Security Core plugin versions 3.0.0 through 3.3.1 Grails Spring Security Core plugin versions 4.0.0 through 4.0.4 Grails Spring...

CVE-2022-35241

In versions 2.x before 2.3.1 and all versions of 1.x, when NGINX Instance Manager is in use, undisclosed requests can cause an increase in disk resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

PT-2022-3992 · Nginx · Nginx Ingress Controller

Name of the Vulnerable Software and Affected Versions: NGINX Ingress Controller versions 1.x and earlier NGINX Ingress Controller versions 2.x before 2.3.0 Description: The issue is related to insufficient input validation, allowing an authorized attacker to obtain secrets available to the NGINX...

Microsoft Azure Active Directory Connect 授权问题漏洞

Microsoft Azure Active Directory Connect ADC is a service from the U.S.-based Microsoft that provides identity and access management in the cloud. An authorization issue vulnerability exists in Microsoft Microsoft Azure Active Directory Connect. The following products and versions are...

125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4664 more potentially affected by CVE-2021-29616 via tensorflow (>=1.0.1 <=2.2.0)

tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.6.0, =0.1.6, =1.0.0, =0.0.1, =0.2.0, =0.6.0, =0.1.0, =0.1.0, =0.2.0 and more Source cves: CVE-2021-29616 Source advisory: OSV:PYSEC-2021-253...