1431 matches found
CVE-2026-40242
Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.17.3, the /api/templates/fetch endpoint accepts a caller-supplied url parameter and performs a server-side HTTP GET request to that URL without authentication and without URL scheme or host validation...
Linux Distros Unpatched Vulnerability : CVE-2026-40311
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below 7.1.2-19 and 6.9.13-44 contain a heap use-after-fr...
CVE-2026-40312
ImageMagick (affected component: MSL decoder) is vulnerable to an off-by-one error that can cause a crash when processing a malformed MSL file in all versions below 7.1.2-19. The issue has been fixed in 7.1.2-19. Impact is a crash (availability). Remediation: upgrade to ImageMagick 7.1.2-19 or la...
PT-2026-32427
Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, Helm will install plugins missing provenance .prov file when signature verification is required. This vulnerability is fixed in 4.1.4...
LangSmith Client SDKs has Prototype Pollution in langsmith-sdk via Incomplete `__proto__` Guard in Internal lodash `set()`
GHSA-fw9q-39r9-c252: Prototype Pollution via Incomplete Lodash set Guard in langsmith-sdk Severity: Medium CVSS 5.6 Status: Fixed in 0.5.18 --- Summary The LangSmith JavaScript/TypeScript SDK langsmith contains an incomplete prototype pollution fix in its internally vendored lodash set utility. T...
CVE-2026-40178 ajenti.plugin.core has a race conditions in 2FA
ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.112, if the 2FA was activated, it was possible during a short moment after the authentication of an user to bypass its authentication. This vulnerability is fixed in 0.112...
CVE-2026-40097 Step CA affected by an index out of bounds panic in TPM attestation EKU validation
Step CA is an online certificate authority for secure, automated certificate management for DevOps. From 0.24.0 to before 0.30.0-rc3, an attacker can trigger an index out-of-bounds panic in Step CA by sending a crafted attestation key AK certificate with an empty Extended Key Usage EKU extension...
EUVD-2026-20899
fast-jwt has a ReDoS when using RegExp in allowed leading to CPU exhaustion during token verification...
PT-2026-31689
Wasmtime is a runtime for WebAssembly. In 43.0.0, cloning a wasmtime::Linker is unsound and can result in use-after-free bugs. This bug is not controllable by guest Wasm programs. It can only be triggered by a specific sequence of embedder API calls made by the host. Specifically, the following...
CVE-2026-35476
Summary : InvenTree (Open Source Inventory Management System) contains a privilege escalation flaw present before versions 1.2.7 and 1.3.0. A non-staff authenticated user can raise their account to staff level by sending a POST request to their user account endpoint because the API endpoint’s wri...
CVE-2026-33756
CVE-2026-33756 affects Saleor (e-commerce platform). The vulnerability lies in unbounded GraphQL query batching: from 2.0.0 up to just before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, the service allowed multiple GraphQL operations in a single HTTP request without an upper limit, bypassing per-qu...
CVE-2026-39373
JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker can exhaust server memory by sending crafted JWE tokens with ZIP compression. The existing patch for CVE-2024-28102 limits input token size to 250KB but does not validate th...
CVE-2026-35389
Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to 1.4.11, S/MIME signature verification did not validate the certificate trust chain checkChain: false. Any email signed with a self-signed or untrusted certificate was displayed as having a valid signature. This...
CVE-2026-35201 Discount has an Out-of-bounds Read in rdiscount
Discount is an implementation of John Gruber's Markdown markup language in C. From 1.3.1.1 to before 2.2.7.4, a signed length truncation bug causes an out-of-bounds read in the default Markdown parse path. Inputs larger than INTMAX are truncated to a signed int before entering the native parser,...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the file content endpoint. An attacker can access files belonging to other users by supplying a valid file identifier associated with the target user's files. Note: Vendor's statement...
Go JOSE Panics in JWE decryption
Impact Decrypting a JSON Web Encryption JWE object will panic if the alg field indicates a key wrapping algorithm one ending in KW, with the exception of A128GCMKW, A192GCMKW, and A256GCMKW and the encryptedkey field is empty. The panic happens when cipher.KeyUnwrap in keywrap.go attempts to...
OpenClaw: Telegram audio preflight transcription enables resource consumption by unauthorized senders
Summary Telegram audio preflight transcription enables resource consumption by unauthorized senders Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: v2026.3.28 still lets unauthorized Telegram group senders trigger audio preflight before allowlist enforcement...
OpenClaw: Google Chat and Zalouser group sender allowlist bypass via policy downgrade
Summary When only a route-level group allowlist was configured, sender policy resolution silently downgraded from allowlist to open instead of preserving the configured group policy. Impact Any member of an allowlisted Google Chat space or Zalouser group could interact with the bot even when the...
GHSA-JCCR-RRW2-VC8H OpenClaw safeBins jq `$ENV` filter bypass allows environment variable disclosure
Summary The jq safe-bin policy blocked explicit env usage but still allowed jq programs that accessed environment data through $ENV. Impact An operator-approved safe-bin jq command could disclose environment variables that the safe-bin policy was supposed to keep out of scope. Affected Component...
CVE-2026-33997 Moby: Off-by-one error in plugin privilege validation
Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a...