๐จ CVE-2026-42343
FastGPT is an AI Agent building platform. In versions 4.14.13 and prior, the code-sandbox component suffers from insufficient resource isolation and uncontrolled resource consumption. The service relies solely on an application-level soft limit (a 500ms polling interval) for memory management and lacks strict OS-level constraints such as cgroups or kernel-level namespaces. This architectural weakness allows attackers to easily bypass memory checks via time-window attacks, or exhaust the entire JavaScript worker pool via concurrent CPU-intensive requests, resulting in a complete Denial of Service (DoS) for legitimate users. At time of publication, there are no publicly available patches.
๐@cveNotify
FastGPT is an AI Agent building platform. In versions 4.14.13 and prior, the code-sandbox component suffers from insufficient resource isolation and uncontrolled resource consumption. The service relies solely on an application-level soft limit (a 500ms polling interval) for memory management and lacks strict OS-level constraints such as cgroups or kernel-level namespaces. This architectural weakness allows attackers to easily bypass memory checks via time-window attacks, or exhaust the entire JavaScript worker pool via concurrent CPU-intensive requests, resulting in a complete Denial of Service (DoS) for legitimate users. At time of publication, there are no publicly available patches.
๐@cveNotify
GitHub
Uncontrolled Resource Consumption leading to Sandbox Exhaustion
### Summary
cooperate with Dingyu Wang@https://github.com/boom-dy
The `code-sandbox` component suffers from insufficient resource isolation and uncontrolled resource consumption (CWE-400). The s...
cooperate with Dingyu Wang@https://github.com/boom-dy
The `code-sandbox` component suffers from insufficient resource isolation and uncontrolled resource consumption (CWE-400). The s...
๐จ CVE-2026-42452
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, /users/login issues a temporary JWT (temp_token) for TOTP-enabled accounts. That token carries a pendingTOTP state and should only be valid for the second-factor flow. However, the auth middleware accepts this token on regular authenticated endpoints. This effectively turns 2FA into single-factor (password) for impacted accounts. This issue has been patched in version 2.1.0.
๐@cveNotify
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, /users/login issues a temporary JWT (temp_token) for TOTP-enabled accounts. That token carries a pendingTOTP state and should only be valid for the second-factor flow. However, the auth middleware accepts this token on regular authenticated endpoints. This effectively turns 2FA into single-factor (password) for impacted accounts. This issue has been patched in version 2.1.0.
๐@cveNotify
GitHub
Release release-2.1.0 ยท Termix-SSH/Termix
Added tmux integration, themes, and automation features with major security, stability, and bug fixes.
Architecture
Windows
Linux
Mac
Android
iOS
x86-64 (64-bit)
EXE ยท MSI ยท Portable
AppIma...
Architecture
Windows
Linux
Mac
Android
iOS
x86-64 (64-bit)
EXE ยท MSI ยท Portable
AppIma...
๐จ CVE-2026-42455
Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. In versions 2.14.0 and prior, the archive upload endpoint (POST /api/v1/archives/[linkId]?format=4) accepts HTML files (text/html) without sanitizing JavaScript content. When the archive is later accessed via GET /api/v1/archives/[linkId]?format=4, the HTML is served with Content-Type: text/html from the Linkwarden origin, without any Content-Security-Policy header. This allows arbitrary JavaScript execution in the context of the authenticated Linkwarden sessio. At time of publication, there are no publicly available patches.
๐@cveNotify
Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. In versions 2.14.0 and prior, the archive upload endpoint (POST /api/v1/archives/[linkId]?format=4) accepts HTML files (text/html) without sanitizing JavaScript content. When the archive is later accessed via GET /api/v1/archives/[linkId]?format=4, the HTML is served with Content-Type: text/html from the Linkwarden origin, without any Content-Security-Policy header. This allows arbitrary JavaScript execution in the context of the authenticated Linkwarden sessio. At time of publication, there are no publicly available patches.
๐@cveNotify
GitHub
Stored XSS via Client-Side Archive Upload (Unsanitized HTML served from same origin)
### Summary
The archive upload endpoint (`POST /api/v1/archives/[linkId]?format=4`) accepts HTML files (`text/html`) without sanitizing JavaScript content. When the archive is later accessed via `...
The archive upload endpoint (`POST /api/v1/archives/[linkId]?format=4`) accepts HTML files (`text/html`) without sanitizing JavaScript content. When the archive is later accessed via `...
๐จ CVE-2026-42297
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the Sync Service's ConfigMap-backed provider (server/sync/sync_cm.go) performs zero authorization checks on all CRUD operations (create, read, update, delete). Any authenticated user โ including those using fake Bearer tokens โ can create, read, update, and delete Kubernetes ConfigMaps containing synchronization limits. This issue has been patched in version 4.0.5.
๐@cveNotify
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the Sync Service's ConfigMap-backed provider (server/sync/sync_cm.go) performs zero authorization checks on all CRUD operations (create, read, update, delete). Any authenticated user โ including those using fake Bearer tokens โ can create, read, update, and delete Kubernetes ConfigMaps containing synchronization limits. This issue has been patched in version 4.0.5.
๐@cveNotify
GitHub
Merge commit from fork ยท argoproj/argo-workflows@09fff05
The configmap sync endpoints relied solely on the kube client's identity
for RBAC, which is only effective in Client auth mode. In Server or SSO
(without RBAC) modes, the server's o...
for RBAC, which is only effective in Client auth mode. In Server or SSO
(without RBAC) modes, the server's o...
๐จ CVE-2026-45430
The Salesforce module before 1.x-1.0.1 for Backdrop CMS does not properly use a random state parameter to protect the authorization flow against CSRF attacks.
๐@cveNotify
The Salesforce module before 1.x-1.0.1 for Backdrop CMS does not properly use a random state parameter to protect the authorization flow against CSRF attacks.
๐@cveNotify
๐จ CVE-2026-7255
** UNSUPPORTED WHEN ASSIGNED ** An improper restriction of excessive authentication attempts vulnerability in the web management interface of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker on the LAN to brute-force the password and bypass authentication.
๐@cveNotify
** UNSUPPORTED WHEN ASSIGNED ** An improper restriction of excessive authentication attempts vulnerability in the web management interface of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker on the LAN to brute-force the password and bypass authentication.
๐@cveNotify
Zyxel
End of life | Zyxel Networks
Zyxel Networks is a leading provider of secure, AI-powered cloud networking solutions for SMBs and the enterprise edge, ensuring seamless connectivity and robust security.
๐จ CVE-2026-7256
** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker on the LAN to execute operating system (OS) commands on a vulnerable device by sending a crafted HTTP request.
๐@cveNotify
** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker on the LAN to execute operating system (OS) commands on a vulnerable device by sending a crafted HTTP request.
๐@cveNotify
Zyxel
End of life | Zyxel Networks
Zyxel Networks is a leading provider of secure, AI-powered cloud networking solutions for SMBs and the enterprise edge, ensuring seamless connectivity and robust security.
๐จ CVE-2026-7257
** UNSUPPORTED WHEN ASSIGNED ** An insecure storage of sensitive information vulnerability in the configuration file of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow a local attacker with administrator privileges to download and decrypt a backup configuration file.
๐@cveNotify
** UNSUPPORTED WHEN ASSIGNED ** An insecure storage of sensitive information vulnerability in the configuration file of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow a local attacker with administrator privileges to download and decrypt a backup configuration file.
๐@cveNotify
Zyxel
End of life | Zyxel Networks
Zyxel Networks is a leading provider of secure, AI-powered cloud networking solutions for SMBs and the enterprise edge, ensuring seamless connectivity and robust security.
๐จ CVE-2026-7287
** UNSUPPORTED WHEN ASSIGNED ** A buffer overflow vulnerability in the formWep(), formWlAc(), formPasswordSetup(), formUpgradeCert(), and formDelcert() functions of the โwebsโ binary in Zyxel NWA1100-N customized firmware version 1.00(AACE.1)C0 could allow an attacker to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request to a vulnerable device.
๐@cveNotify
** UNSUPPORTED WHEN ASSIGNED ** A buffer overflow vulnerability in the formWep(), formWlAc(), formPasswordSetup(), formUpgradeCert(), and formDelcert() functions of the โwebsโ binary in Zyxel NWA1100-N customized firmware version 1.00(AACE.1)C0 could allow an attacker to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request to a vulnerable device.
๐@cveNotify
Zyxel
End of life | Zyxel Networks
Zyxel Networks is a leading provider of secure, AI-powered cloud networking solutions for SMBs and the enterprise edge, ensuring seamless connectivity and robust security.
๐จ CVE-2026-41530
The automatic folder creation feature of Lhaz and Lhaz+ provided by Chitora soft contains a path traversal vulnerability. When the affected product is configured with the automatic folder creation feature enabled, and a product user tries to extract an archive file which has a crafted file name, then the archived files may be extracted to an unexpected folder.
๐@cveNotify
The automatic folder creation feature of Lhaz and Lhaz+ provided by Chitora soft contains a path traversal vulnerability. When the affected product is configured with the automatic folder creation feature enabled, and a product user tries to extract an archive file which has a crafted file name, then the archived files may be extracted to an unexpected folder.
๐@cveNotify
jvn.jp
JVN#68350834: Lhaz and Lhaz+ vulnerable to path traversal
Japan Vulnerability Notes
๐จ CVE-2026-41872
"Kura Sushi Official App" provided by EPG, Inc. is vulnerable to improper certificate validation. A man-in-the-middle attack may allow eavesdropping on, or altering, the communication on push notifications between the affected application and the relevant server.
๐@cveNotify
"Kura Sushi Official App" provided by EPG, Inc. is vulnerable to improper certificate validation. A man-in-the-middle attack may allow eavesdropping on, or altering, the communication on push notifications between the affected application and the relevant server.
๐@cveNotify
App Store
ใใๅฏฟๅธ ๅ
ฌๅผใขใใช Produced by EPARKใขใใช - App Store
ๆ ชๅผไผ็คพEPGใฎใใใๅฏฟๅธ ๅ
ฌๅผใขใใช Produced by EPARKใใApp Storeใงใใฆใณใญใผใใใฆใใ ใใใในใฏใชใผใณใทใงใใใ่ฉไพกใจใฌใใฅใผใใฆใผใถใฎใใณใใใใใๅฏฟๅธ ๅ
ฌๅผใขใใช Produced by EPARKใใซไผผใใฒใผใ ใ่ฆใใใจใชใฉใใงใใพใใ
โค1
๐จ CVE-2026-0541
ACAP applications can gain elevated privileges due to improper input validation during the installation process, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.
๐@cveNotify
ACAP applications can gain elevated privileges due to improper input validation during the installation process, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.
๐@cveNotify
๐จ CVE-2026-0802
An ACAP configuration file lacked sufficient input validation, which could allow command injection and potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.
๐@cveNotify
An ACAP configuration file lacked sufficient input validation, which could allow command injection and potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.
๐@cveNotify
๐จ CVE-2026-0804
An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.
๐@cveNotify
An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.
๐@cveNotify
๐จ CVE-2026-1185
A configuration file on the local file system had improper input validation which could allow code execution and potentially lead to privilege escalation. This vulnerability can only be exploited if an attacker can log in to the Axis device using SSH.
๐@cveNotify
A configuration file on the local file system had improper input validation which could allow code execution and potentially lead to privilege escalation. This vulnerability can only be exploited if an attacker can log in to the Axis device using SSH.
๐@cveNotify
๐จ CVE-2026-1681
Issuing an ICMP ping via the `net ping` shell command to a device's own IPv4 address causes the network stack to recursively re-enter the input path on the same system work-queue stack. Because the destination is recognized as a local address, both the echo request and the resulting echo reply are processed inline before the current frame returns. The nested input-path frames exceed the work-queue stack and trigger a stack overflow.
๐@cveNotify
Issuing an ICMP ping via the `net ping` shell command to a device's own IPv4 address causes the network stack to recursively re-enter the input path on the same system work-queue stack. Because the destination is recognized as a local address, both the echo request and the resulting echo reply are processed inline before the current frame returns. The nested input-path frames exceed the work-queue stack and trigger a stack overflow.
๐@cveNotify
GitHub
net: Stack Overflow with Ping (to own IP Address) via Shell
Ping to self via net shell `net ping 10.42.0.2` causes a stack overflow in `samples/net/sockets/echo_server`. Own IPv4 address is configured via `CONFIG_NET_CONFIG_MY_IPV4_ADDR="10.42.0.2"...
๐จ CVE-2026-35227
An unauthenticated remote attacker may exhaust all available TCP connections in the CODESYS Modbus TCP Server stack if a race condition in connection handling is successfully exploited, preventing legitimate clients from establishing new connections.
๐@cveNotify
An unauthenticated remote attacker may exhaust all available TCP connections in the CODESYS Modbus TCP Server stack if a race condition in connection handling is successfully exploited, preventing legitimate clients from establishing new connections.
๐@cveNotify
Certvde
CODESYS Modbus TCP Server - Improper resource management
๐จ CVE-2019-13103
A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data.
๐@cveNotify
A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data.
๐@cveNotify
๐จ CVE-2019-14192
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an nc_input_packet call.
๐@cveNotify
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an nc_input_packet call.
๐@cveNotify
๐จ CVE-2019-14193
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with an unvalidated length at nfs_readlink_reply, in the "if" block after calculating the new path length.
๐@cveNotify
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with an unvalidated length at nfs_readlink_reply, in the "if" block after calculating the new path length.
๐@cveNotify
๐จ CVE-2019-14194
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv2 case.
๐@cveNotify
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv2 case.
๐@cveNotify