219794 matches found
CLSA-2026-1777627629 openssh: Fix of CVE-2026-35386
CVE-2026-35386: fix client-side command execution via control characters in usernames by adding iscntrl rejection to validruser...
CVE-2026-33420
Vaultwarden is a Bitwarden-compatible server written in Rust. In version 1.35.4 and earlier, the getorgcollectionsdetails endpoint GET /api/organizations/orgid/collections/details is missing the hasfullaccess authorization check that exists on the sibling getorgcollections endpoint. This allows a...
EUVD-2026-27462
Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, several ProcessServer handlers KillAllHandler, SuspendAllHandler, and RunSandboxedHandler copy a WCHAR boxname34 field from request structures into WCHAR40 stack buffers using wcscpy...
EUVD-2026-27461
Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, the SbieIniServer RunSbieCtrl handler contains a stack buffer overflow. The MSGIDSBIEINIRUNSBIECTRL message is handled before normal sandbox and impersonation checks, and for non-sandbox...
CVE-2026-33489
CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the transfer plugin can select the wrong ACL stanza when both a parent zone and a more-specific subzone are configured. The longestMatch function in plugin/transfer/transfer.go uses a lexicographic string comparison instead...
CVE-2026-33489 CoreDNS transfer plugin subzone ACL bypass via lexicographic zone comparison
CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the transfer plugin can select the wrong ACL stanza when both a parent zone and a more-specific subzone are configured. The longestMatch function in plugin/transfer/transfer.go uses a lexicographic string comparison instead...
CVE-2026-33489
CoreDNS CVE-2026-33489 affects the transfer plugin prior to version 1.14.3. The root cause is a lexicographic longestMatch() comparison in plugin/transfer/transfer.go, which can select a permissive parent-zone ACL over a more-specific subzone ACL when both are configured. This flaw enables an una...
CVE-2026-33420 Vaultwarden missing authorization check allows Manager-role users to enumerate all collections
Vaultwarden is a Bitwarden-compatible server written in Rust. In version 1.35.4 and earlier, the getorgcollectionsdetails endpoint GET /api/organizations/orgid/collections/details is missing the hasfullaccess authorization check that exists on the sibling getorgcollections endpoint. This allows a...
AVideo: HTML Injection in notifySubscribers.json.php Allows Platform-Branded Phishing Emails to Channel Subscribers
Summary objects/notifySubscribers.json.php takes the raw message POST parameter and passes it into sendSiteEmail, which substitutes it directly into an HTML email template via strreplace on the message placeholder and renders it with PHPMailer::msgHTML. There is no HTML sanitization, character...
CVE-2026-32603
Sandboxie CVE-2026-32603 affects Windows Sandboxie kernel driver (versions ≤ 1.17.2) where an unprivileged process in a Standard Sandbox can send a malformed IOCTL to the \Device\SandboxieDriverApi driver, causing an immediate kernel crash (BSOD). Impact is local, affecting availability with Sta...
EUVD-2026-27394
A hidden console command is vulnerable to command injection flaw when control characters are passed to its second argument. A third party researcher Eugene Lim had discovered vulnerability in the way console command passes to a popen function call. Attackers with authenticated access to SSH...
CVE-2026-25589
RedisBloom is a probabilistic data structures module for Redis. In all versions of RedisBloom before 2.8.20, the module does not properly validate serialized values processed through the Redis RESTORE command. An authenticated attacker with permission to execute RESTORE on a server with the...
CVE-2026-25588
RedisTimeSeries is a time-series module for Redis. In all versions before 1.12.14 of RedisTimeSeries, the module does not properly validate serialized values processed through the Redis RESTORE command. An authenticated attacker with permission to execute RESTORE on a server with the...
ALPINE-CVE-2026-25243
Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values. An authenticated attacker with permission to execute RESTORE can supply a crafted serialized payload that triggers invalid memory access and may...
CVE-2026-25589
RedisBloom module for Redis is affected. In versions before 2.8.20, RESTORE may process crafted serialized values without validation, leading to invalid memory access and potential remote code execution when an authenticated user can run RESTORE on a server with RedisBloom loaded. The issue stems...
EUVD-2026-27414
RedisBloom is a probabilistic data structures module for Redis. In all versions of RedisBloom before 2.8.20, the module does not properly validate serialized values processed through the Redis RESTORE command. An authenticated attacker with permission to execute RESTORE on a server with the...
CVE-2026-25588 RedisTimeSeries RESTORE invalid memory access may allow remote code execution
RedisTimeSeries is a time-series module for Redis. In all versions before 1.12.14 of RedisTimeSeries, the module does not properly validate serialized values processed through the Redis RESTORE command. An authenticated attacker with permission to execute RESTORE on a server with the...
EUVD-2026-27410
Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values. An authenticated attacker with permission to execute RESTORE can supply a crafted serialized payload that triggers invalid memory access and may...
Malicious code in deployment-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a1345a90cd18e2bfa245f91057cca34707e7d325f4318263176d9fbcef25c1a The package deployment-core was found to contain malicious code. Source: ghsa-malware eca5b6ddf4f0df1086d272518f3383c140b5641ecf506100d93a352e2135441...
CVE-2026-7865
A hidden console command is vulnerable to command injection flaw when control characters are passed to its second argument. A third party researcher Eugene Lim had discovered vulnerability in the way console command passes to a popen function call. Attackers with authenticated access to SSH...