CVE-2026-34236

Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. From version 8.0.0 to before version 8.19.0, in applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session...

Auth0 PHP SDK has Insufficient Entropy in Cookie Encryption

Impact In applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session cookies. Am I Affected? Consumers are affected if their application meets the following preconditions: - The...

CVE-2026-34236

Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. From version 8.0.0 to before version 8.19.0, in applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session...

CVE-2026-34236

Auth0-PHP SDK versions 8.0.0–8.18.x encrypt cookies with insufficient entropy, enabling potential brute-forcing of the encryption key and forging session cookies. Impact is session integrity/confidentiality, with high severity (CVSS 3.1: HIGH). The issue is fixed in version 8.19.0. Affected devel...

CVE-2026-34236 Auth0 PHP SDK Insufficient Entropy in Cookie Encryption

Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. From version 8.0.0 to before version 8.19.0, in applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session...

CVE-2026-34236 Auth0 PHP SDK Insufficient Entropy in Cookie Encryption

Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. From version 8.0.0 to before version 8.19.0, in applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session...

curl: Use-After-Free race condition in url_move_hostname() via shared connection pool

Summary: In lib/url.c, urlconnreuseadjust calls urlmovehostname which frees conn-host.rawalloc and conn-host.encalloc via Curlsafefree and Curlfreeidnconvertedhostname after Curlcpoolfind has already released the connection pool lock. A second thread doing a concurrent pool lookup still holds tha...

Curl 8.13.0 < 8.19.0 Use After Free in SMB Connection

The version of curl installed on the remote host is 8.13.0 prior to 8.19.0 . It is, therefore, affected by a use after free in SMB connection vulnerability: - When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory...

EUVD-2026-8985

A vulnerability was detected in libvips 8.19.0. This affects the function vipsbandrankbuild of the file libvips/conversion/bandrank.c. Performing a manipulation of the argument index results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit is now publ...

CVE-2026-3284

A vulnerability was found in libvips 8.19.0. Impacted is the function vipsextractareabuild of the file libvips/conversion/extract.c. The manipulation of the argument extractarea results in integer overflow. The attack requires a local approach. The exploit has been made public and could be used...

CVE-2026-3282

Affects: libvips 8.19.0. Vulnerable function: vips_unpremultiply_build in libvips/conversion/unpremultiply.c. Root cause: manipulating the argument alpha_band can trigger an out-of-bounds read. Impact: local attacker can potentially read restricted memory; exploit maturity listed as proof-of-conc...

CVE-2026-3281

A vulnerability was detected in libvips 8.19.0. This affects the function vipsbandrankbuild of the file libvips/conversion/bandrank.c. Performing a manipulation of the argument index results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit is now publ...

PT-2026-22285

A vulnerability was detected in libvips 8.19.0. This affects the function vips bandrank build of the file libvips/conversion/bandrank.c. Performing a manipulation of the argument index results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit is now...

libvips 缓冲区错误漏洞

libvips is an open-source fast image processing library with low memory requirements. Version 8.19.0 of libvips contains a buffer error vulnerability. This vulnerability stems from incorrect handling of the extractband parameter in the file libvips/conversion/extract.c, which may lead to...

PT-2026-22286

A flaw has been found in libvips 8.19.0. This vulnerability affects the function vips unpremultiply build of the file libvips/conversion/unpremultiply.c. Executing a manipulation of the argument alpha band can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has be...

Path Traversal Third-Party Dependency in Bitbucket Data Center and Server - CVE-2024-38819

This High severity vulnerability known as CVE-2024-38819 was introduced in 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Atlassian recommends...

org.elasticsearch.test:framework (>=8.19.0 <=8.19.15), org.elasticsearch.test:yaml-rest-runner (>=8.19.0 <=8.19.15) +1 more potentially affected by CVE-2025-37727 via org.elasticsearch:elasticsearch (>=8.19.0 <=8.19.4)

org.elasticsearch:elasticsearch MAVEN version =8.19.0, =8.19.0, =8.19.0, =8.19.2, =8.19.4 Source cves: CVE-2025-37727 Source advisory: OSV:GHSA-56R7-H6MW-RCFV...

EUVD-2022-49151

Malicious code in bioql PyPI...

Atlassian Bitbucket Data Center 安全漏洞

Atlassian Bitbucket Data Center is the data center version of Atlassian Bitbucket from Atlassian Australia. A security vulnerability exists in Atlassian Bitbucket Data Center versions 8.0.0 through 8.9.12 and 8.19.0 through 8.19.1, which originates from redirecting an aggrieved user to any...

Design/Logic Flaw

Proofpoint Enterprise Protection PPS/PoD contains a vulnerability which allows the pps user to escalate to root privileges due to unnecessary permissions. This affects all versions 8.19.0 and below...