๐จ CVE-2026-9220
Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior encrypts requests between the watch and its backend with static hardcoded AES keys and initialization vectors. This allows an attacker to decrypt Setracker2 watch traffic.
๐@cveNotify
Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior encrypts requests between the watch and its backend with static hardcoded AES keys and initialization vectors. This allows an attacker to decrypt Setracker2 watch traffic.
๐@cveNotify
๐จ CVE-2026-9222
Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior only require the password hash when authenticating with backend services from the client. This could allow an attacker, who knows the hash, to authenticate and gain full access.
๐@cveNotify
Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior only require the password hash when authenticating with backend services from the client. This could allow an attacker, who knows the hash, to authenticate and gain full access.
๐@cveNotify
๐จ CVE-2026-48615
A flaw in Node.js proxy tunnel error handling could expose proxy credentials in `ERR_PROXY_TUNNEL` error messages.
When proxy credentials are embedded in the proxy URL, they may be exposed through error handling paths and captured by logs, diagnostics, or other error consumers.
This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.
๐@cveNotify
A flaw in Node.js proxy tunnel error handling could expose proxy credentials in `ERR_PROXY_TUNNEL` error messages.
When proxy credentials are embedded in the proxy URL, they may be exposed through error handling paths and captured by logs, diagnostics, or other error consumers.
This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.
๐@cveNotify
nodejs.org
Node.js โ Wednesday, June 17, 2026 Security Releases
Node.jsยฎ is a free, open-source, cross-platform JavaScript runtime environment that lets developers create servers, web apps, command line tools and scripts.
๐จ CVE-2026-48618
A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat.
This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations.
This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.
๐@cveNotify
A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat.
This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations.
This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.
๐@cveNotify
nodejs.org
Node.js โ Wednesday, June 17, 2026 Security Releases
Node.jsยฎ is a free, open-source, cross-platform JavaScript runtime environment that lets developers create servers, web apps, command line tools and scripts.
๐จ CVE-2026-48619
A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of Memory error on the client.
This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.
๐@cveNotify
A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of Memory error on the client.
This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.
๐@cveNotify
nodejs.org
Node.js โ Wednesday, June 17, 2026 Security Releases
Node.jsยฎ is a free, open-source, cross-platform JavaScript runtime environment that lets developers create servers, web apps, command line tools and scripts.
๐จ CVE-2026-48928
A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups.
This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.
๐@cveNotify
A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups.
This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.
๐@cveNotify
nodejs.org
Node.js โ Wednesday, June 17, 2026 Security Releases
Node.jsยฎ is a free, open-source, cross-platform JavaScript runtime environment that lets developers create servers, web apps, command line tools and scripts.
๐จ CVE-2026-48930
A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings.
This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.
๐@cveNotify
A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings.
This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.
๐@cveNotify
nodejs.org
Node.js โ Wednesday, June 17, 2026 Security Releases
Node.jsยฎ is a free, open-source, cross-platform JavaScript runtime environment that lets developers create servers, web apps, command line tools and scripts.
๐จ CVE-2026-48933
A flaw in Node.js WebCrypto implementation can crash the process if the input of `subtle.encrypt()` is a multiple of 2GiB.
This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.
๐@cveNotify
A flaw in Node.js WebCrypto implementation can crash the process if the input of `subtle.encrypt()` is a multiple of 2GiB.
This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.
๐@cveNotify
nodejs.org
Node.js โ Wednesday, June 17, 2026 Security Releases
Node.jsยฎ is a free, open-source, cross-platform JavaScript runtime environment that lets developers create servers, web apps, command line tools and scripts.
๐จ CVE-2026-48934
A flaw in Node.js TLS host verification can cause an attacker to bypass certification validation.
This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.
๐@cveNotify
A flaw in Node.js TLS host verification can cause an attacker to bypass certification validation.
This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.
๐@cveNotify
nodejs.org
Node.js โ Wednesday, June 17, 2026 Security Releases
Node.jsยฎ is a free, open-source, cross-platform JavaScript runtime environment that lets developers create servers, web apps, command line tools and scripts.
๐จ CVE-2026-48935
A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. `--allow-fs-read`.
This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.
๐@cveNotify
A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. `--allow-fs-read`.
This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.
๐@cveNotify
nodejs.org
Node.js โ Wednesday, June 17, 2026 Security Releases
Node.jsยฎ is a free, open-source, cross-platform JavaScript runtime environment that lets developers create servers, web apps, command line tools and scripts.
๐จ CVE-2026-48936
A flaw in Node.js Permission API can cause a local server to be started (via a Unix domain socket), even without the `--allow-net` permission.
This vulnerability affects one supported release line: **Node.js 26**.
๐@cveNotify
A flaw in Node.js Permission API can cause a local server to be started (via a Unix domain socket), even without the `--allow-net` permission.
This vulnerability affects one supported release line: **Node.js 26**.
๐@cveNotify
nodejs.org
Node.js โ Wednesday, June 17, 2026 Security Releases
Node.jsยฎ is a free, open-source, cross-platform JavaScript runtime environment that lets developers create servers, web apps, command line tools and scripts.
๐จ CVE-2026-8661
Server-Side Cross-Site Scripting and Server-Side Request Forgery vulnerability in the markdown_to_pdf action of Rapid7 InsightConnect Markdown Plugin version 3.1.4 and earlier on Linux allows remote attackers to execute JavaScript server-side and make arbitrary outbound HTTP requests via crafted content embedded in Markdown input. The PDF rendering engine does not restrict script execution or outbound network access.
๐@cveNotify
Server-Side Cross-Site Scripting and Server-Side Request Forgery vulnerability in the markdown_to_pdf action of Rapid7 InsightConnect Markdown Plugin version 3.1.4 and earlier on Linux allows remote attackers to execute JavaScript server-side and make arbitrary outbound HTTP requests via crafted content embedded in Markdown input. The PDF rendering engine does not restrict script execution or outbound network access.
๐@cveNotify
GitHub
insightconnect-plugins/plugins/markdown/help.md at master ยท rapid7/insightconnect-plugins
Plugin source code for the InsightConnect SOAR product, developer documentation at https://docs.rapid7.com/insightconnect/getting-started - rapid7/insightconnect-plugins
๐จ CVE-2026-2053
The WSO2 API Manager's message flow component, when processing WS-Addressing headers, does not sufficiently validate or restrict user-controlled input within these headers. This omission allows an attacker to manipulate WS-Addressing headers to specify arbitrary destinations for server-initiated requests.
Successful exploitation allows an unauthenticated attacker to control the destination of server-initiated requests originating from the WSO2 API Manager. This direct control can enable unauthorized access to internal network resources or services that would typically be inaccessible from external networks.
๐@cveNotify
The WSO2 API Manager's message flow component, when processing WS-Addressing headers, does not sufficiently validate or restrict user-controlled input within these headers. This omission allows an attacker to manipulate WS-Addressing headers to specify arbitrary destinations for server-initiated requests.
Successful exploitation allows an unauthenticated attacker to control the destination of server-initiated requests originating from the WSO2 API Manager. This direct control can enable unauthorized access to internal network resources or services that would typically be inaccessible from external networks.
๐@cveNotify
Wso2
Security Advisory WSO2-2026-5072/CVE-2026-2053
Documentation for WSO2 Security and Compliance
๐จ CVE-2026-6658
A vulnerability in jupyter/nbconvert versions <= 7.17.0 allows for Cross-site Scripting (XSS) via unsanitized `text/vnd.mermaid` output in HTML exports. The `data_mermaid` block in `share/templates/lab/base.html.j2` renders `text/vnd.mermaid` cell output directly into HTML without escaping, enabling attackers to inject arbitrary HTML/JavaScript by breaking out of the `<pre>` tag. This vulnerability impacts any server using nbconvert to render notebooks as HTML, allowing attackers to execute arbitrary JavaScript in the context of users viewing the HTML export.
๐@cveNotify
A vulnerability in jupyter/nbconvert versions <= 7.17.0 allows for Cross-site Scripting (XSS) via unsanitized `text/vnd.mermaid` output in HTML exports. The `data_mermaid` block in `share/templates/lab/base.html.j2` renders `text/vnd.mermaid` cell output directly into HTML without escaping, enabling attackers to inject arbitrary HTML/JavaScript by breaking out of the `<pre>` tag. This vulnerability impacts any server using nbconvert to render notebooks as HTML, allowing attackers to execute arbitrary JavaScript in the context of users viewing the HTML export.
๐@cveNotify
๐จ CVE-2025-7958
A Code Injection vulnerability existed in Trellix Network Security CM and NX. A locally authenticated admin user can execute arbitrary code using the web interface and Alert artifact details.
๐@cveNotify
A Code Injection vulnerability existed in Trellix Network Security CM and NX. A locally authenticated admin user can execute arbitrary code using the web interface and Alert artifact details.
๐@cveNotify
๐จ CVE-2026-57918
libnfs through 6.0.2 before 935b8db has an xid integer underflow in READ_IOVEC in rpc_read_from_socket in lib/socket.c during a connection to a crafted NFS server, when the expected pdu size exceeds the absolute pdu size from the xid/record-marker.
๐@cveNotify
libnfs through 6.0.2 before 935b8db has an xid integer underflow in READ_IOVEC in rpc_read_from_socket in lib/socket.c during a connection to a crafted NFS server, when the expected pdu size exceeds the absolute pdu size from the xid/record-marker.
๐@cveNotify
GitHub
socket: prevent an underflow in xid ยท sahlberg/libnfs@935b8db
if the expected pdu-size is larger than the absolute pdu size
from the xid/record-marker.
Reported-by: Nick Hummel <nickhummel@google.com>
Signed-off-by: Ronnie Sahlberg <ronn...
from the xid/record-marker.
Reported-by: Nick Hummel <nickhummel@google.com>
Signed-off-by: Ronnie Sahlberg <ronn...
๐จ CVE-2026-56773
Teable's v2 REST API controller lacks @Permissions metadata on ORPC endpoints, allowing any authenticated user to bypass authorization checks. Attackers can read table schemas, create tables, and modify or delete records across bases and tables via endpoints like GET /api/v2/tables/get and POST /api/v2/tables/updateRecords.
๐@cveNotify
Teable's v2 REST API controller lacks @Permissions metadata on ORPC endpoints, allowing any authenticated user to bypass authorization checks. Attackers can read table schemas, create tables, and modify or delete records across bases and tables via endpoints like GET /api/v2/tables/get and POST /api/v2/tables/updateRecords.
๐@cveNotify
GitHub
[sync] T4883 route CSV table imports through V2 by tea-artist ยท Pull Request #3285 ยท teableio/teable
๐ Automated sync from EE repository.
29 commit(s) synced since last sync.
Authors
Aries X caoxing9@gmail.com
Boris boris2code@outlook.com
Jun Lu hammond@teable.io
SkyHuang sky.huang.fe@gmail.com
U...
29 commit(s) synced since last sync.
Authors
Aries X caoxing9@gmail.com
Boris boris2code@outlook.com
Jun Lu hammond@teable.io
SkyHuang sky.huang.fe@gmail.com
U...
๐จ CVE-2023-20540
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary message input, potentially leading to a loss of data integrity.
๐@cveNotify
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary message input, potentially leading to a loss of data integrity.
๐@cveNotify
AMD
AMD Client Vulnerabilities โ August 2025
๐จ CVE-2023-20572
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the input of an arbitrary message, potentially leading to a loss of data integrity.
๐@cveNotify
An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the input of an arbitrary message, potentially leading to a loss of data integrity.
๐@cveNotify
AMD
AMD Client Vulnerabilities โ August 2025
๐จ CVE-2025-11919
The default JVM can access files and directories under `/tmp/` including the `$TemporaryDirectory` of other users on the same cloud instance (`/tmp/UserTemporaryFiles/`). The `-init` file for the the JVM initialization exists in the vulnerable directory during the startup of the JVM. An attacker with access to the shared `/tmp/` space can preemptively create or replace `.jar` files or directories (via the `-init` file) that the victim JVM will resolve first in its classpath. By strategically placing a malicious version of a commonly used library (e.g., `commons-io`) in a location that is included in the classpath before the legitimate version, an attacker can cause the JVM to load the malicious class during startup, thereby executing the attacker's code.
๐@cveNotify
The default JVM can access files and directories under `/tmp/` including the `$TemporaryDirectory` of other users on the same cloud instance (`/tmp/UserTemporaryFiles/`). The `-init` file for the the JVM initialization exists in the vulnerable directory during the startup of the JVM. An attacker with access to the shared `/tmp/` space can preemptively create or replace `.jar` files or directories (via the `-init` file) that the victim JVM will resolve first in its classpath. By strategically placing a malicious version of a commonly used library (e.g., `commons-io`) in a location that is included in the classpath before the legitimate version, an attacker can cause the JVM to load the malicious class during startup, thereby executing the attacker's code.
๐@cveNotify
GitHub
vulnerability-wolfram-cloud-14.2/disclosure.md at main ยท PeterRoberge/vulnerability-wolfram-cloud-14.2
Multi-Tenant Classpath Injection Vulnerability in Wolfram Cloud - PeterRoberge/vulnerability-wolfram-cloud-14.2
๐จ CVE-2026-0685
Server side template inject (SSTI) in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker to achieve remote code execution (RCE) via crafted template expressions.
๐@cveNotify
Server side template inject (SSTI) in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker to achieve remote code execution (RCE) via crafted template expressions.
๐@cveNotify
GitHub
GitHub - edgewall/genshi: Python toolkit for generation of output for the web
Python toolkit for generation of output for the web - edgewall/genshi