CVE-2026-40073

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, under certain circumstances, requests could bypass the BODYSIZELIMIT on SvelteKit applications running with adapter-node. This bypass does not affect body size limits at other layers...

CVE-2026-40074

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, redirect, when called from inside the handle server hook with a location parameter containing characters that are invalid in a HTTP header, will cause an unhandled TypeError. This...

CVE-2026-40073

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, under certain circumstances, requests could bypass the BODYSIZELIMIT on SvelteKit applications running with adapter-node. This bypass does not affect body size limits at other layers...

CVE-2026-40073 SvelteKit has a BODY_SIZE_LIMIT bypass in @sveltejs/adapter-node

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, under certain circumstances, requests could bypass the BODYSIZELIMIT on SvelteKit applications running with adapter-node. This bypass does not affect body size limits at other layers...

PT-2026-31990

Name of the Vulnerable Software and Affected Versions SvelteKit versions prior to 2.57.1 Description SvelteKit, a framework for developing web applications, is susceptible to a denial-of-service DoS condition. When the redirect function is invoked within the handle server hook with a location...

PT-2026-31989

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, under certain circumstances, requests could bypass the BODY SIZE LIMIT on SvelteKit applications running with adapter-node. This bypass does not affect body size limits at other laye...

SUSE CVE-2026-25890

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to 2.57.1, an authenticated user can bypass the application's "Disallow" file path rules by modifying the request URL. By adding multiple slashe...

CVE-2026-25890

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to 2.57.1, an authenticated user can bypass the application's "Disallow" file path rules by modifying the request URL. By adding multiple slashe...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via improper normalization of URL paths in the rules. An attacker can gain unauthorized access to restricted files and perform unauthorized modifications by crafting requests with multiple leading slashes in the...

CVE-2026-25889

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to 2.57.1, a case-sensitivity flaw in the password validation logic allows any authenticated user to change their password or an admin to change...

CVE-2026-25890

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to 2.57.1, an authenticated user can bypass the application's "Disallow" file path rules by modifying the request URL. By adding multiple slashe...

CVE-2026-25889 File Browser has an Authentication Bypass in User Password Update

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to 2.57.1, a case-sensitivity flaw in the password validation logic allows any authenticated user to change their password or an admin to change...

File Browser 安全漏洞

File Browser is an open-source file management interface developed by File Browser. It allows for the uploading, deletion, previewing, and editing of files within a specified directory. Versions of File Browser prior to 2.57.1 contained security vulnerabilities. These vulnerabilities stemmed from...

PT-2026-7167

Name of the Vulnerable Software and Affected Versions File Browser versions prior to 2.57.1 Description File Browser offers a file management interface for tasks like uploading, deleting, previewing, renaming, and editing files. A flaw in the password validation process, specifically a...

PT-2026-7168

Name of the Vulnerable Software and Affected Versions File Browser versions prior to 2.57.1 Description File Browser offers a file management interface for tasks like uploading, deleting, previewing, renaming, and editing files within a designated directory. Before version 2.57.1, an authenticate...

CVE-2024-41953 Zitadel improperly sanitizes HTML in emails and Console UI

Zitadel is an open source identity management system. ZITADEL uses HTML for emails and renders certain information such as usernames dynamically. That information can be entered by users or administrators. Due to a missing output sanitization, these emails could include malicious code. This may...

CVE-2024-41952 Zitadel has an "Ignoring unknown usernames" vulnerability

Zitadel is an open source identity management system. ZITADEL administrators can enable a setting called "Ignoring unknown usernames" which helps mitigate attacks that try to guess/enumerate usernames. If enabled, ZITADEL will show the password prompt even if the user doesn't exist and report...

CloudBees jenkins-email-ext Email Extension plugin information disclosure vulnerability

CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and a number of timed tasks . jenkins-email-ext is...

Design/Logic Flaw

jenkins-email-ext before version 2.57.1 is vulnerable to an Information Exposure. The Email Extension Plugins is able to send emails to a dynamically created list of users based on the changelogs, like authors of SCM changes since the last successful build. This could in some cases result in emai...

CVE-2017-2654

jenkins-email-ext before version 2.57.1 is vulnerable to an Information Exposure. The Email Extension Plugins is able to send emails to a dynamically created list of users based on the changelogs, like authors of SCM changes since the last successful build. This could in some cases result in emai...