21848 matches found
DEBIAN-CVE-2026-10705
A flaw has been found in dask up to 3.0. Affected by this issue is the function nuniqueapprox of the file dask/dataframe/hyperloglog.py of the component HLL Handler. This manipulation causes resource consumption. The attack is possible to be carried out remotely. A high degree of complexity is...
Improper Resource Shutdown or Release
Overview dask is a Parallel PyData with Task Scheduling Affected versions of this package are vulnerable to Improper Resource Shutdown or Release through the computehllarray function in the HLL Handler component. An attacker can cause excessive resource consumption by remotely invoking this...
EUVD-2026-34037
A vulnerability was found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The affected element is the function requests.get of the file src/blendermcp/server.py of the component ZIP File Handler. The manipulation of the argument zipfileurl results in server-side request...
CVE-2026-10703
CVE-2026-10703 affects EIPStackGroup OpENer
PT-2026-46072
A security flaw has been discovered in gradio-app gradio 6.14.0. This affects the function save audio to cache of the component Audio Cache Key Handler. Performing a manipulation results in use of weak hash. The attack must be initiated from a local position. The attack is considered to have high...
PT-2026-46070
Name of the Vulnerable Software and Affected Versions SGLang versions prior to 0.5.12 Description A flaw exists in the data hash function of the Cache Handler component. This issue allows for a denial of service through manipulation, although the attack is restricted to local execution and requir...
PT-2026-45897
A security vulnerability has been detected in EIPStackGroup OpENer up to 2.3.0. Affected is the function CreateMessageRouterRequestStructure of the file cipmessagerouter.c of the component SendRRData Handler. The manipulation leads to use after free. Remote exploitation of the attack is possible...
PT-2026-45899
A flaw has been found in dask up to 3.0. Affected by this issue is the function nunique approx of the file dask/dataframe/hyperloglog.py of the component HLL Handler. This manipulation causes resource consumption. The attack is possible to be carried out remotely. A high degree of complexity is...
CVE-2026-10662
A vulnerability was found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The affected element is the function requests.get of the file src/blendermcp/server.py of the component ZIP File Handler. The manipulation of the argument zipfileurl results in server-side request...
CVE-2026-49139
Nanobot prior to version 0.2.1 contains a server-side request forgery vulnerability in the Microsoft Teams channel handler that allows remote attackers to exfiltrate Bot Framework bearer tokens by supplying a forged activity with an attacker-controlled serviceUrl value. Attackers can poison the...
CVE-2026-10662
The CVE concerns ahujasid blender-mcp (up to commit 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b) and targets the ZIP File Handler’s server.py, specifically the requests.get usage. Flaw: manipulation of the argument zip_file_url enables server-side request forgery (SSRF). Impact is described as remot...
CVE-2026-10662 ahujasid blender-mcp ZIP File server.py requests.get server-side request forgery
A vulnerability was found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The affected element is the function requests.get of the file src/blendermcp/server.py of the component ZIP File Handler. The manipulation of the argument zipfileurl results in server-side request...
CVE-2026-10662
A vulnerability was found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The affected element is the function requests.get of the file src/blendermcp/server.py of the component ZIP File Handler. The manipulation of the argument zipfileurl results in server-side request...
CVE-2026-10662 ahujasid blender-mcp ZIP File server.py requests.get server-side request forgery
A vulnerability was found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The affected element is the function requests.get of the file src/blendermcp/server.py of the component ZIP File Handler. The manipulation of the argument zipfileurl results in server-side request...
CVE-2026-49143
BrowserStack Runner through 0.9.5 contains a remote code execution vulnerability in the /log HTTP handler that allows unauthenticated network-adjacent attackers to execute arbitrary code by submitting crafted JSON request bodies to the handler, which passes user-supplied data to vm.runInNewContex...
CVE-2026-10650
A flaw has been found in warmcat libwebsockets up to 4.5.8. This issue affects the function lwssshparseplaintext of the file plugins/protocollwssshbase/sshd.c of the component SSH Protocol Handler. Executing a manipulation of the argument msglen can lead to resource consumption. The attack may be...
CVE-2026-10650
A flaw has been found in warmcat libwebsockets up to 4.5.8. This issue affects the function lwssshparseplaintext of the file plugins/protocollwssshbase/sshd.c of the component SSH Protocol Handler. Executing a manipulation of the argument msglen can lead to resource consumption. The attack may be...
CVE-2026-10650 warmcat libwebsockets SSH Protocol sshd.c lws_ssh_parse_plaintext resource consumption
A flaw has been found in warmcat libwebsockets up to 4.5.8. This issue affects the function lwssshparseplaintext of the file plugins/protocollwssshbase/sshd.c of the component SSH Protocol Handler. Executing a manipulation of the argument msglen can lead to resource consumption. The attack may be...
CVE-2026-49144 BrowserStack Runner 0.9.5 Path Traversal via _default HTTP Handler
BrowserStack Runner through 0.9.5 contains a path traversal vulnerability in the default HTTP handler in lib/server.js that allows unauthenticated network-adjacent attackers to read arbitrary files. Attackers can exploit the unauthenticated HTTP server bound on all interfaces to traverse outside...
CVE-2026-49144 BrowserStack Runner 0.9.5 Path Traversal via _default HTTP Handler
BrowserStack Runner through 0.9.5 contains a path traversal vulnerability in the default HTTP handler in lib/server.js that allows unauthenticated network-adjacent attackers to read arbitrary files. Attackers can exploit the unauthenticated HTTP server bound on all interfaces to traverse outside...