EUVD-2026-33586

A vulnerability was discovered on Stormshield Network Security 4.3.0 to 4.3.41, 4.8.0 to 4.8.15, 5.0.0 to 5.0.5 It is possible to execute a reflected XSS attack on the login API available on Stormshield SNS appliance by executing a script on the victim's machine. The risks include the theft of...

PT-2026-45387

A vulnerability was discovered on Stormshield Network Security 4.3.0 to 4.3.41, 4.8.0 to 4.8.15, 5.0.0 to 5.0.5 It is possible to execute a reflected XSS attack on the login API available on Stormshield SNS appliance by executing a script on the victim's machine. The risks include the theft of...

Astra Linux - уязвимость в node-y18n

The package y18n before versions 3.2.2, 4.0.1, and 5.0.5 is vulnerable to Prototype Pollution...

EUVD-2026-22344

A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to escalation of privilege via...

EUVD-2026-22342

A improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox PaaS 5.0.0 through 5.0.5, FortiSandbox PaaS 4.4.0 through 4.4.8,...

CVE-2026-39813

Fortinet FortiSandbox contains a path traversal vulnerability (CVE-2026-39813) that affects FortiSandbox 5.0.0–5.0.5 and 4.4.0–4.4.8. The issue arises from a path traversal flaw ("../filedir"), enabling escalation of privilege. CVSS v3.1: 9.8 (CRITICAL), NETWORK attack vector, no user interaction...

CVE-2026-27316

The CVE-2026-27316 entry describes an insufficiently protected credentials vulnerability affecting Fortinet FortiSandbox: 5.0.0–5.0.5, FortiSandbox 4.4 (all versions), and FortiSandbox PaaS 5.0.1–5.0.5. Root cause: credentials stored or exposed in a way that can be read via client-side inspection...

PT-2026-32692

Name of the Vulnerable Software and Affected Versions FortiSandbox versions 4.4.0 through 4.4.8 FortiSandbox versions 5.0.0 through 5.0.5 Description A path traversal issue involving '../filedir' may allow an attacker to achieve escalation of privilege. Recommendations At the moment, there is no...

Fortinet FortiSandbox 路径遍历漏洞

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection device developed by the American company Fortinet. This device offers features such as dual sandbox technology, dynamic threat intelligence systems, a real-time control panel, and reporting capabilities. Fortinet FortiSandbox h...

CVE-2026-33544

Tinyauth is an authentication and authorization server. Prior to version 5.0.5, all three OAuth service implementations GenericOAuthService, GithubOAuthService, GoogleOAuthService store PKCE verifiers and access tokens as mutable struct fields on singleton instances shared across all concurrent...

CVE-2026-33544 Tinyauth has OAuth account confusion via shared mutable state on singleton service instances

Tinyauth is an authentication and authorization server. Prior to version 5.0.5, all three OAuth service implementations GenericOAuthService, GithubOAuthService, GoogleOAuthService store PKCE verifiers and access tokens as mutable struct fields on singleton instances shared across all concurrent...

Tinyauth 竞争条件问题漏洞

Tinyauth is an authentication and authorization server developed by Stavros personally. Versions of Tinyauth prior to 5.0.5 had a race condition vulnerability; this issue stemmed from race conditions in the OAuth service, which could lead to session hijacking...

Race Condition

Overview Affected versions of this package are vulnerable to Race Condition in the GenericOAuthService, GithubOAuthService, GoogleOAuthService Auth services. An attacker can gain unauthorized access to another user's session and associated resources by timing concurrent OAuth login requests to...

Race Condition

Overview Affected versions of this package are vulnerable to Race Condition in the GenericOAuthService, GithubOAuthService, GoogleOAuthService Auth services. An attacker can gain unauthorized access to another user's session and associated resources by timing concurrent OAuth login requests to...

CVE-2026-33750

The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value e.g., 1..2..0 causes the sequence generation loop to run indefinitely, making the process hang for seconds and...

Infinite loop

Overview org.webjars.npm:brace-expansion is a WebJar for brace-expansion. Affected versions of this package are vulnerable to Infinite loop through the expand function when processing a brace pattern with a zero step value. An attacker can cause the process to hang and exhaust system memory by...

GHSA-F886-M6HF-6M8V brace-expansion: Zero-step sequence causes process hang and memory exhaustion

Impact A brace pattern with a zero step value e.g., 1..2..0 causes the sequence generation loop to run indefinitely, making the process hang for seconds and allocate heaps of memory. The loop in question:...

Infinite loop

Overview brace-expansion is a Brace expansion as known from sh/bash Affected versions of this package are vulnerable to Infinite loop through the expand function when processing a brace pattern with a zero step value. An attacker can cause the process to hang and exhaust system memory by supplyin...

Allocation of Resources Without Limits or Throttling

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the mimetex process. An attacker can exhaust server resources and cause service disruption by submitting specially crafted TeX formulas...

CVE-2025-61923

PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5, the backoffice is missing validation on input resulting in a directory traversal and arbitrary file disclosure. The vulnerability is fixed in versions 4.4.1 and 5.0.5. N...