23526 matches found
CVE-2026-44722
pyzipper is a replacement for Python's zipfile that can read and write AES encrypted zip files. Prior to 0.4.0, a Python operator precedence bug in pyzipper/zipfileaes.py caused the AE-2 format to never be automatically selected during encryption, causing encrypted entries to be written in AE-1...
CVE-2026-53598
Prompty is a markdown file format .prompty for LLM prompts. Prior to 2.0.0-beta.2, Prompty loaders expanded $file:... references in .prompty frontmatter without enforcing that resolved paths stayed within the prompt directory or allowed roots, allowing an attacker-controlled prompt file to read...
Malicious code in time-format-kit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 168d334d742003cf94d8b87ba56cd72694081ade01f6814062e58ebdc47d8594 On npm install, the package's postinstall script decodes base64-encoded shell payloads and executes them via an obfuscated childprocess.exec lookup...
CVE-2026-11386
Summary: CVE-2026-11386 affects Canonical ubuntu-pro-client (formerly ubuntu-advantage-tools). The package builds APT source files by interpolating contract server data from directives.suites[] and directives.aptURL without escaping or validation, allowing newline characters to inject attacker-co...
osTicket - Arbitrary File Read
Enhancesoft osTicket versions 1.18.x prior to 1.18.3 and 1.17.x prior to 1.17.7 contain an arbitrary file read vulnerability in the ticket PDF export functionality. A remote attacker can submit a ticket containing crafted rich-text HTML that includes PHP filter expressions which are insufficientl...
CVE-2026-61863
A flaw was found in ImageMagick. When processing a Tagged Image File Format TIFF image, a small memory leak can occur if the TIFF encoder is unable to create a temporary file. This can lead to a gradual consumption of system memory, potentially impacting the availability of the application...
EUVD-2026-44723
Composer is a dependency Manager for the PHP language. Prior to 1.10.28, 2.2.28, and 2.9.8, Composer\IO\BaseIO::loadConfiguration validates GitHub OAuth tokens with the regex ^.A-Za-z0-9+$ and interpolates rejected tokens into an UnexpectedValueException; GitHub Actions GITHUBTOKEN values using t...
CVE-2026-61869
ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the MIFF encoder that occurs when a memory allocation fails during MIFF image processing, which can lead to denial of service...
CVE-2026-61872 ImageMagick before 7.1.2-26 Memory Leak via TIFF Encoder
ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the TIFF encoder when an invalid tiff:tile-geometry is specified. Supplying malformed tile geometry parameters causes allocated memory not to be released, which can lead to increased memory consumption...
EUVD-2026-44616
ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the TIFF encoder when memory allocation fails. Attackers can trigger allocation failures during TIFF image processing to cause memory exhaustion and denial of service...
EUVD-2026-44612
ImageMagick before 7.1.2-26 and 6.x before 6.9.13-51 contains a memory leak in the TIFF encoder that occurs when a temporary file cannot be created, resulting in a small memory leak...
CVE-2026-50498
Windows Universal Disk Format File System Driver UDFS Elevation of Privilege Vulnerability...
CVE-2026-49790
Windows Universal Disk Format File System Driver UDFS Elevation of Privilege Vulnerability...
CVE-2026-50498
CVE-2026-50498 affects the Windows Universal Disk Format File System Driver (UDFS) and is an Elevation of Privilege vulnerability in the UDFS component. The root cause is described as a privilege/escalation condition within the Windows UDFS driver, leading to local privilege escalation with a hig...
CVE-2026-50498 Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
...
CVE-2026-49790 Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
...
CVE-2026-49790
Technical details about CVE-2026-49790 are not publicly provided in the supplied documents. No confirmed affected products, root cause, or remediation are described here. Monitor for updates from official advisories for concrete technical information.
CVE-2026-49790 Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
...
DEBIAN-CVE-2026-62641
In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, the TNEF decoder was subject to denial of service via a crafted compressed-RTF size...
DEBIAN-CVE-2026-59198
Pillow is a Python imaging library. From 5.2.0 until 12.3.0, Pillow's TGA RLE encoder reads past its packed row buffer when saving a mode 1 image with TGA RLE compression, allowing adjacent process heap bytes to be copied into the generated TGA file. This issue is fixed in version 12.3.0...