NVD CVEs — 本日公開 (26 件)
CVE-2026-6948 4.9 MEDIUM
Velociraptor versions prior to 0.76.4 contain a resource exhaustion vulnerability in the server's agent control channel.
This allows a compromised or rogue Velociraptor client to crash the server via out-of-memory (OOM) by sending crafted messages through the normal client communication channel.
CVE-2026-7710 7.3 HIGH
A security flaw has been discovered in YunaiV yudao-cloud up to 3.8.0. This affects the function doFilterInternal of the file JwtAuthenticationTokenFilter.java of the component Ruoyi-Vue-Pro. Performing a manipulation of the argument mock-token results in improper authentication. Remote exploitation
CVE-2026-7711 7.3 HIGH
A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byom_handler/proc_wrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit has
CVE-2026-7712 6.3 MEDIUM
A security vulnerability has been detected in MindsDB up to 26.01. Affected is the function pickle.loads of the component Pickle Handler. The manipulation leads to deserialization. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor
CVE-2026-7713 6.3 MEDIUM
A vulnerability was detected in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this vulnerability is the function generate_auth_token of the file cps/kobo_auth.py of the component Kobo auth-token Route. The manipulation results in improper authorization. The attack may be performed fr
CVE-2026-42364 9.9 CRITICAL
An os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution. An attacker can modify a configuration value to trigger this vulnerability.
CVE-2026-42365 8.6 HIGH
A guessable session cookie vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted series of HTTP requests can lead to an authentication bypas. An attacker can bruteforce session cookies to trigger this vulnerability.
CVE-2026-42366 7.4 HIGH
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerabilit
CVE-2026-42367 6.5 MEDIUM
A privilege escalation vulnerability exists in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to credentials leak. An attacker can visit a webpage to trigger this vulnerability.
CVE-2026-42368 9.9 CRITICAL
A privilege escalation vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to execute priviledged operation. An attacker can visit a webpage to trigger this vulnerability.
GitHub Security Advisories — 本日公開 (20 件)
GHSA-h38g-3gh9-c2c8
LOW
A weakness has been identified in Totolink WA300 5.2cu.7112_B20190227. The impacted element is...
GHSA-p3pq-hxmr-vqqr
LOW
A vulnerability has been found in PrefectHQ prefect up to 3.6.28.dev1. Affected by this...
GHSA-hvph-5985-r63v
MEDIUM
A flaw has been found in PrefectHQ prefect up to 3.6.13. Affected is an unknown function of the...
GHSA-7ww3-945v-369q
LOW
A vulnerability was identified in Totolink WA300 5.2cu.7112_B20190227. Impacted is the function...
GHSA-q87h-6hq6-x6wf
LOW
A vulnerability was found in code-projects Gym Management System In PHP and Windows NT 1.0. This...
GHSA-6w4f-g875-v59m
LOW
A security vulnerability has been detected in Totolink WA300 5.2cu.7112_B20190227. This affects...
GHSA-6rr6-v7cj-mxpg
MEDIUM
A vulnerability was detected in PrefectHQ prefect up to 3.6.21. This impacts the function...
GHSA-v55v-fw68-5qvj
HIGH
A security flaw has been discovered in Totolink WA300 5.2cu.7112_B20190227. The affected element...
GHSA-4g75-r3gh-96xh
MEDIUM
A flaw has been found in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this issue...
GHSA-hr8m-7mwf-v24x
CRITICAL
A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV...