GHSA-R2M8-PXM9-9C4G Parse Server has a protected fields bypass via dot-notation in query and sort

Impact The protectedFields class-level permission CLP can be bypassed using dot-notation in query WHERE clauses and sort parameters. An attacker can use dot-notation to query or sort by sub-fields of a protected field, enabling a binary oracle attack to enumerate protected field values. This...

EUVD-2026-10031

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

OESA-2026-1508 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. Race condition in file-system storage and file-based cache backends in Django allows an attacker ...

PT-2026-36815

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.4.67 Description HTTP response splitting occurs in multiple Apache HTTP Server modules when interacting with untrusted or compromised backend servers. This issue allows an attacker to split an HTTP...

SUSE CVE-2026-25674

An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. Race condition in file-system storage and file-based cache backends in Django allows an attacker to cause file system objects to be created with incorrect permissions via concurrent requests, where one thread's...

Race Condition

Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Race Condition in the file-system storage and file-based cache backends that use umask process in multi-threaded environments. An...

CVE-2026-25674

An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. Race condition in file-system storage and file-based cache backends in Django allows an attacker to cause file system objects to be created with incorrect permissions via concurrent requests, where one thread's...

CVE-2026-25674

An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. Race condition in file-system storage and file-based cache backends in Django allows an attacker to cause file system objects to be created with incorrect permissions via concurrent requests, where one thread's...

GHSA-MHR3-J7M5-C7C9 LangGraph: BaseCache Deserialization of Untrusted Data may lead to Remote Code Execution

Context A Remote Code Execution vulnerability exists in LangGraph's caching layer when applications enable cache backends that inherit from BaseCache and opt nodes into caching via CachePolicy. Prior to langgraph-checkpoint 4.0.0, BaseCache defaults to JsonPlusSerializerpicklefallback=True. When...

CVE-2026-27794 LangGraph: BaseCache Deserialization of Untrusted Data may lead to Remote Code Execution

LangGraph Checkpoint defines the base interface for LangGraph checkpointers. Prior to version 4.0.0, a Remote Code Execution vulnerability exists in LangGraph's caching layer when applications enable cache backends that inherit from BaseCache and opt nodes into caching via CachePolicy. Prior to...

UBUNTU-CVE-2026-23168

In the Linux kernel, the following vulnerability has been resolved: flexproportions: make fpropnewperiod hardirq safe Bernd has reported a lockdep splat from flexible proportions code that is essentially complaining about the following race: runtimersoftirq - we are in softirq context calltimerfn...

📄 Lighttpd 1.4.66 FastCGI Resource Exhaustion

Proof of concept exploit for a resource exhaustion vulnerability that exists in lighttpd versions 1.4.56 through 1.4.66 affecting FastCGI and other gateway backends. When processing HTTP/1.1 requests using chunked transfer encoding with request-body streaming enabled, an anomalous client disconne...

Lighttpd 1.4.56 - 1.4.66 Resource Leak Denial of Service PoC

Summary lighttpd pronounced /lighty/ is a secure, fast, compliant, and very flexible web server that has been optimized for high-performance environments. lighttpd uses memory and CPU efficiently and has lower resource use than other popular web servers. Its advanced feature-set FastCGI, CGI, Aut...

📄 Lighttpd 1.4.66 Resource Leak Denial of Service

Lighttpd versions 1.4.56 through 1.4.66 has a resource exhaustion vulnerability affecting gateway backends such as FastCGI. When handling an HTTP/1.1 request with chunked transfer encoding and request-body streaming enabled, lighttpd mishandles an anomalous client disconnect RDHUP / half-closed T...

MiracleLinux 8 : sane-backends-1.0.27-19.el8.1 (AXSA:2020-550:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-550:01 advisory. sane-backends: Heap buffer overflow in epsondsnetread in epsonds-net.c CVE-2020-12861 sane-backends: Heap buffer overflow in esci2img CVE-2020-12865...

MiracleLinux 8 : sane-backends-1.0.27-22.el8 (AXSA:2021-2046:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2046:01 advisory. sane-backends: NULL pointer dereference in saneiepsonnetread function CVE-2020-12867 Tenable has extracted the preceding description block directly from the...

curl: SSL options ISSUERCERT, EC_CURVES and CRLFILE silently ignored by non-OpenSSL backends

Summary: The SSL options ISSUERCERT, ECCURVES and CRLFILE are silently ignored for e.g. the mbedTLS backend, which allows MITM attacks for the ISSUERCERT and CRLFILE bug, and can reduce the security and compliance by ignoring the specified curve for the ECCURVES bug. Affected version Tested with...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001425)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001425 advisory. Rogue backends can cause DoS of guests via high frequency events This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilitie...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001411)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001411 advisory. Rogue backends can cause DoS of guests via high frequency events This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilitie...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001416)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001416 advisory. Rogue backends can cause DoS of guests via high frequency events This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilitie...