CVE-2026-48042

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, destructor of JSON Object results in stack overflow when deeply O100K nested objects are present. This vulnerability is fixed in 1.35.11, 1.36.7, 1.37.3, and 1.38.1...

EUVD-2026-39821

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, in cases where UDP DNS filter is configured with local resolution containing a name with the length of 255 octets or remote resolution for a name of 255 octets long...

CVE-2026-48497 Envoy: Abnormal process termination in DNS UDP filter

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, in cases where UDP DNS filter is configured with local resolution containing a name with the length of 255 octets or remote resolution for a name of 255 octets long...

EUVD-2026-39820

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.23.0 until 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability has been identified in Envoy's zstd decompressor implementation ZstdDecompressorImpl. When zstd decompression is enabled, processing a...

CVE-2026-48042

Envoy (open source edge and service proxy) contains a stack overflow vulnerability in the destructor of a JSON object when processing extremely nested structures. Affected versions are prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1. The issue is fixed in those same release lines (upgrade to 1.35.11...

CVE-2026-29790

dbt-common is the shared common utilities for dbt-core and adapter implementations use. Prior to versions 1.34.2 and 1.37.3, a path traversal vulnerability exists in dbt-common's safeextract function used when extracting tarball archives. The function uses os.path.commonprefix to validate that...

CVE-2026-29790 dbt-common: commonprefix() doesn't protect against path traversal

dbt-common is the shared common utilities for dbt-core and adapter implementations use. Prior to versions 1.34.2 and 1.37.3, a path traversal vulnerability exists in dbt-common's safeextract function used when extracting tarball archives. The function uses os.path.commonprefix to validate that...

CVE-2026-29790

dbt-common is affected by CVE-2026-29790 due to a path-traversal vulnerability in safe_extract() that uses os.path.commonprefix() for extraction path validation. Because commonprefix() compares paths character-by-character rather than by path components, a malicious tarball could write files outs...

dbt-common 路径遍历漏洞

dbt-common is a publicly available tool library developed by dbt Labs as an open-source data building tool. Versions of dbt-common prior to 1.34.2 and 1.37.3 contained a path traversal vulnerability. This vulnerability stemmed from the safeextract function using os.path.commonprefix for path...

PT-2024-23300 · Solana · @Solana/Web3.Js

Name of the Vulnerable Software and Affected Versions: @solana/web3.js versions prior to 1.0.1 @solana/web3.js versions prior to 1.10.2 @solana/web3.js versions prior to 1.11.1 @solana/web3.js versions prior to 1.12.1 @solana/web3.js versions prior to 1.1.2 @solana/web3.js versions prior to 1.13....

PT-2023-30142 · Jenkins · Jenkins Git Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins GitHub Plugin versions 1.37.3 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability. This occurs because the GitHub project URL on the build page is not properly escaped when showing changes...

MediaWiki < 1.35.7, 1.36.x < 1.37.3, 1.38.x < 1.38.1 XSS Vulnerability - Windows

MediaWiki is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

MediaWiki < 1.35.7, 1.36.x < 1.37.3, 1.38.x < 1.38.1 XSS Vulnerability - Linux

MediaWiki is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

MediaWiki 1.36.x < 1.37.3, 1.38.x < 1.38.1 XSS Vulnerability - Windows

MediaWiki is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2022-34912

An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped...

MediaWiki 安全漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. A security vulnerability exists in MediaWiki versions prior to 1.37.3, which stems from a...

PT-2022-22431 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.37.3 MediaWiki versions 1.38.x prior to 1.38.1 Description: An issue was discovered where the contributions-title, used on Special:Contributions, is used as a page title without escaping. This can cause problems ...