455 matches found
NocoBase - VM Sandbox Escape to Remote Code Execution
NocoBase Workflow Script Node executes user-supplied JavaScript inside a Node.js vm sandbox with a custom require allowlist controlled by WORKFLOWSCRIPTMODULES env var. The console object passed into the sandbox context exposes host-realm WritableWorkerStdio stream objects via console.stdout and...
CVE-2026-43866
Deserialization of Untrusted Data vulnerability in Apache Camel, Apache Camel JMS component. JmsBinding.extractBodyFromJms in camel-jms - and the equivalent JmsBinding in camel-sjms - deserializes the payload of an incoming JMS ObjectMessage via jakarta.jms.ObjectMessage.getObject whenever the...
EUVD-2026-36312
OpenClaw: Combined POSIX shell options could confuse exec revalidation...
fast-uri: fast-uri: URI authority bypass due to improper delimiter handling
A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by crafting a malicious Uniform Resource Identifier URI that contains percent-encoded authority delimiters. The fast-uri library incorrectly decodes these delimiters during normalization and then re-emits them as raw...
EUVD-2026-31689
Hackney has SSRF allowlist bypass in hackneyurl:normalize/2 via percent-encoded host...
CVE-2026-54090
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.33.8, when a shell interpreter is configured e.g. /bin/sh -c, the command allowlist can be bypassed through shell metacharacters. The allowlist...
GO-2026-5250 File Browser has a Command Execution Allowlist Bypass via Shell Metacharacter Injection in github.com/filebrowser/filebrowser
File Browser has a Command Execution Allowlist Bypass via Shell Metacharacter Injection in github.com/filebrowser/filebrowser...
CVE-2026-54090 File Browser: Command Allowlist Bypass via Shell Metacharacter Injection
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.33.8, when a shell interpreter is configured e.g. /bin/sh -c, the command allowlist can be bypassed through shell metacharacters. The allowlist...
Incomplete Filtering of Special Elements
Overview angular is a package that lets you write client-side web applications as if you had a smarter browser. It also lets you use HTML as your template language and lets you extend HTML’s syntax to express your application’s components clearly and succinctly. Affected versions of this package...
jackson-databind has an array subtype allowlist bypass in BasicPolymorphicTypeValidator (allowIfSubTypeIsArray)
Summary BasicPolymorphicTypeValidator.Builder.allowIfSubTypeIsArray allowlists any array type based only on clazz.isArray, without validating the array's component element type against the configured allowlist. A PTV built with allowIfSubTypeIsArray plus an explicit concrete-type allowlist...
GHSA-RMJ7-2VXQ-3G9F jackson-databind has an array subtype allowlist bypass in BasicPolymorphicTypeValidator (allowIfSubTypeIsArray)
Summary BasicPolymorphicTypeValidator.Builder.allowIfSubTypeIsArray allowlists any array type based only on clazz.isArray, without validating the array's component element type against the configured allowlist. A PTV built with allowIfSubTypeIsArray plus an explicit concrete-type allowlist...
DEBIAN-CVE-2026-54513
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21.4, and 3.1.4, BasicPolymorphicTypeValidator.Builder.allowIfSubTypeIsArray allowlists any array type based only on clazz.isArray, without validating th...
CVE-2026-54513 jackson-databind: Array subtype allowlist bypass in BasicPolymorphicTypeValidator (allowIfSubTypeIsArray)
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.10.0 until 2.18.8, 2.21.4, and 3.1.4, BasicPolymorphicTypeValidator.Builder.allowIfSubTypeIsArray allowlists any array type based only on clazz.isArray, without validating th...
DEBIAN-CVE-2026-50023
yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, a vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary OS-shortcut files such as .desktop, .url, .webloc to the user's filesystem, bypassing the remediation for CVE-2024-38519. The allowlist explicitl...
DEBIAN-CVE-2026-50168
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, an issue in the @angular/platform-server package allows remote attackers to bypass host allowlist constraints an...
CVE-2026-50168 Angular: URL Parser Differential in @angular/platform-server leading to SSRF Allowlist Bypass
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, an issue in the @angular/platform-server package allows remote attackers to bypass host allowlist constraints an...
CVE-2026-50168
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, an issue in the @angular/platform-server package allows remote attackers to bypass host allowlist constraints an...
CVE-2026-50168
CVE-2026-50168 affects Angular's @angular/platform-server and enables SSRF via a parser differential between the strict WHATWG URL parser (used for allowlists) and Domino’s lenient parser (used for server emulation). A malformed URL with a double-port structure (e.g., http://evil.com:80:80/path) ...
CVE-2026-50168
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, an issue in the @angular/platform-server package allows remote attackers to bypass host allowlist constraints an...
EUVD-2026-36537
parse-server: Server option routeAllowList is bypassable through batch sub-requests...