CVE Vulnerabilities - 5 May 2026

The Eclipse BaSyx Java Server SDK, used in certain applications, has a security flaw that allows an attacker to write files anywhere on the computer. This could potentially let an attacker take contro...

An attacker can trick Django-S3File into loading files from unintended locations, potentially exposing sensitive data or corrupting files. To fix this, update Django-S3File to version 7.0.2 or later.

A flaw in Gitix allows attackers to access and read sensitive information from arbitrary Git repositories. This is due to a combination of a submodule name validation bypass and a trust inheritance fl...

An attacker can exploit a security weakness in FireFighter's Jira bot feature to steal sensitive AWS credentials. This can happen if an unauthenticated user can access the FireFighter server. To prote...

A malicious server can send a message that causes the Apache HTTP Server's mod_proxy_ajp module to crash. This happens when mod_proxy_ajp connects to a server that sends a specially crafted message. T...

A D-Link DI-8100 router's ability to handle POST requests can be exploited, allowing an attacker to potentially cause the router to crash or become unstable. This can happen if a malicious request is ...

Kestra versions 1.3.3 and earlier are at risk because hackers can inject malicious code into database queries. This can lead to unauthorized access to sensitive information. To stay safe, update to th...

OpenCTI's API is accessible to anyone without a login, allowing them to view and potentially manipulate data. This is a serious issue because it gives attackers control over the platform. To fix this,...

The D-Link DI-8100's HTTP Handler has a weakness that can allow hackers to execute malicious code remotely. This can be done by sending a specially crafted message to the device. We recommend updating...

CodeChecker, a tool used to analyze code, allows an attacker to gain access to any user's permissions by crafting a specific URL. This could allow an attacker to view or modify sensitive information. ...

ERPNext versions before 15.103.1 have a security flaw in their email template system. An attacker with permission to create or edit email templates can potentially inject malicious code that can be ex...

A vulnerability in vm2 version 3.10.4 allows an attacker to escape the sandbox and run any code on the host machine. This means an attacker could potentially take control of your system. Update to ver...

A security issue in older versions of vm2 for Node.js allows attackers to break out of a secure environment and run their own code. This is a serious risk, especially for servers hosting untrusted cod...

A vulnerability in Node.js' vm2 sandbox allows attackers to escape the sandbox and execute arbitrary commands on the host system. This affects versions prior to 3.11.0. Update to version 3.11.0 or lat...

An outdated version of the vm2 sandbox for Node.js can be tricked into allowing malicious code to break free and run commands on the host computer. This is fixed in version 3.10.5. Update to the lates...

A Linux kernel bug affected ext4 file system allocation. It could have led to incorrect block allocation for certain files. This has been fixed by adding a safety check to prevent this issue.

A vulnerability in Debian Linux allows an attacker with normal user privileges to gain elevated access to the system. This could potentially allow the attacker to install malicious software or make ch...

A security patch has been released for the rootio-mbedtls package in Root:Debian:12. This patch addresses a vulnerability that could allow a malicious certificate to bypass security checks. Root users...

An attacker can exploit a weakness in the web interface of ipTIME NAS1dual devices running version 1.5.24, potentially allowing them to execute unauthorized code. This could lead to unauthorized acces...

OpenClaw versions 2026.4.7 to 2026.4.13 are affected. This means attackers can send fake messages that trick the system into giving them more access than they should have. To stay safe, update to vers...

OpenClaw, a system management tool, has a security flaw that allows attackers to make it do more than intended. This could lead to unauthorized actions on the system. To stay safe, update to the lates...

Eclipse Equinox OSGi versions 3.7.2 and earlier have a security flaw that allows hackers to run unauthorized commands on your system. This can happen if an attacker connects to a specific port and sen...

The Eclipse Equinox OSGi console interface has a security flaw that allows attackers to execute malicious code on your system without a password. This can happen if an attacker can connect to your sys...

Versions 3.8 to 3.18 of Eclipse Equinox OSGi are vulnerable to a remote code execution attack. This means an attacker could potentially run malicious code on your system without your permission. To pr...

Using Eclipse Equinox OSGi may allow attackers to execute code on your server. This is a serious issue because it can lead to unauthorized access and data breaches. Update Eclipse Equinox OSGi to the ...