PulsePatch.io

`Apache Camel` has an improper input validation vulnerability (CVE-2020-11971). Impact depends on specific usage but could lead to data integrity issues. Review configurations and apply robust input validation. #ApacheCamel #InfoSec #CVE pulsepatch.io/posts/cve-2020…

An OutOfMemory vulnerability (CVE-2024-3884) affects `Undertow` when parsing `x-www-form-urlencoded` data, leading to denial of service. Monitor official channels for patch information. #Undertow #DoS #infosec pulsepatch.io/posts/cve-2024…

An HTTP/2 DDoS vulnerability (`CVE-2025-9784`) impacts `Undertow`. Review configurations and consider mitigations for potential service disruption. #Undertow #HTTP2 #DDoS #infosec pulsepatch.io/posts/cve-2025…

`Drupal Open Social` has a missing authorization flaw (CVE-2025-31686), potentially leading to unauthorized access. Monitor for updates. #Drupal #OpenSocial #infosec pulsepatch.io/posts/cve-2025…

Path traversal in `Mesop`'s `FileStateSessionBackend` (CVE-2026-33054) allows app DoS & file manipulation. Monitor vendor for updates. #Mesop #PathTraversal #InfoSec pulsepatch.io/posts/cve-2026…

`HAPI FHIR` is affected by `CVE-2026-33180`, an HTTP authentication leak vulnerability during redirects. This could expose credentials. Review `FHIR` authentication configurations. #infosec #HAPI_FHIR #CVE pulsepatch.io/posts/cve-2026…

Admidio is vulnerable to unauthorized document/folder deletion (CVE-2026-32817) due to missing auth & CSRF protection. Monitor for vendor updates. #Admidio #infosec #websecurity pulsepatch.io/posts/cve-2026…

A critical arbitrary file read vulnerability (CVE-2026-32938) affects `SiYuan`'s Desktop Publish Service, leading to potential information disclosure. Assess exposure and monitor for updates. #infosec #vulnerability #desktopsecurity pulsepatch.io/posts/cve-2026…

A critical authorization bypass (CVE-2026-33186) impacts `gRPC-Go` due to a missing leading slash in the :path header. Review authorization logic for `gRPC` services. #gRPC #Go #Infosec pulsepatch.io/posts/cve-2026…

A path traversal flaw (CVE-2026-33211) in `Tekton Pipelines` git resolver allows reading arbitrary files from the resolver pod. Assess impact on your #CI_CD systems. #Tekton #Kubernetes pulsepatch.io/posts/cve-2026…

Unauthenticated RCE (CVE-2026-33017) impacts `Langflow` via its public flow build endpoint, allowing remote command execution. Restrict network access. #RCE #infosec pulsepatch.io/posts/cve-2026…

An `unspecified file browser application` is vulnerable to admin privilege escalation (CVE-2026-32760) via user signup when default permissions are misconfigured. Review your access controls. #infosec #privilegeescalation #websecurity pulsepatch.io/posts/cve-2026…

A DoS vulnerability (GHSA-v7cf-c9rm-wm3j) affecting `JustHTML()` via deeply nested HTML requires input validation. Identify usage & apply strict input sanitization. #DoS #infosec #vulnerability pulsepatch.io/posts/ghsa-v7c…

HTML Injection (CVE-2026-31938) affects `jsPDF`'s New Window paths, potentially leading to client-side script execution. Review usage for untrusted input. #jsPDF #HTMLInjection #infosec pulsepatch.io/posts/cve-2026…

An authentication bypass vulnerability (CVE-2026-2635) affects `MLflow` due to default passwords. Review configurations and enforce strong credentials to prevent unauthorized access. #MLflow #AuthBypass #infosec pulsepatch.io/posts/cve-2026…

An SVG sanitization bypass (GHSA-4mx9-3c2h-hwhg) affects `SiYuan` due to an incomplete fix for CVE-2026-29183. This could lead to content injection. Monitor for official patches. #SiYuan #SVG #SecurityBypass pulsepatch.io/posts/siyuan-s…

Credential exposure in `Glances` via its Browser API (`/api/4/serverslist`) allows for reuse of downstream credentials. CVE-2026-32633. #Glances #APISecurity #InfoSec pulsepatch.io/posts/cve-2026…

Affected: `OneUptime ClickHouse`. Impact: SQL injection allows arbitrary SQL execution. CVE-2026-32306. Assess exposure and apply robust input validation. #SQLi #ClickHouse #infosec pulsepatch.io/posts/cve-2026…

`Centrifugo` is affected by an SSRF vulnerability (CVE-2026-32301) via unverified JWT claims in JWKS URL resolution. This can lead to internal network reconnaissance. Monitor for official #security advisories. #SSRF #JWT pulsepatch.io/posts/cve-2026…

A critical SM9 Infinity-Point Ciphertext Forgery (CVE-2026-32614) has been identified. Implementations of the `SM9` algorithm may be at risk. Monitor vendor advisories for affected systems. #Cryptography #SM9 #InfoSec pulsepatch.io/posts/cve-2026…