CVE-2026-32602 Homarr has a Race Condition in Invite Token Registration (TOCTOU)

Homarr is an open-source dashboard. Prior to 1.57.0, the user registration endpoint /api/trpc/user.register is vulnerable to a race condition that allows an attacker to create multiple user accounts from a single-use invite token. The registration flow performs three sequential database operation...

AZL-54440 CVE-2024-45338 affecting package containerized-data-importer for versions less than 1.57.0-8

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...