2843 matches found
CVE-2026-44983
smallbitvec is a growable bit-vector for Rust, optimized for size. From 1.0.1 to 2.6.0, an integer overflow in the internal capacity calculation of smallbitvec can lead to an undersized heap allocation, resulting in a heap buffer overflow through safe APIs only. This allows memory corruption...
EUVD-2026-32003
GitLab MCP Server lets an AI agent talk directly to GitLab. Prior to 0.6.0, the HTTP transport in src/transport.ts ships with no authentication layer at all and a wildcard Access-Control-Allow-Origin: on every response. The structural defect is that the SSE server stands up a stateful,...
CVE-2026-46430
Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, the SSE event server bound to 0.0.0.0:5553 on Linux/macOS by default because the platform-dependent host default in engine/flags.go:39-46 set host = "" for non-Windows, and utils.JoinHostPort"", ":5553" resolves to ":5553"...
CVE-2026-46430
CVE-2026-46430 affects Algernon (SSE event server). Before 1.17.7, the SSE event server bound to 0.0.0.0:5553 by default on Linux/macOS due to host default logic, enabling LAN-wide access. The issue arises from platform-dependent default host handling (empty on non-Windows), resulting in an effec...
CVE-2026-46430 Algernon: Auto-refresh SSE event server binds to all interfaces by default on Linux/macOS
Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, the SSE event server bound to 0.0.0.0:5553 on Linux/macOS by default because the platform-dependent host default in engine/flags.go:39-46 set host = "" for non-Windows, and utils.JoinHostPort"", ":5553" resolves to ":5553"...
CVE-2026-46430 Algernon: Auto-refresh SSE event server binds to all interfaces by default on Linux/macOS
Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, the SSE event server bound to 0.0.0.0:5553 on Linux/macOS by default because the platform-dependent host default in engine/flags.go:39-46 set host = "" for non-Windows, and utils.JoinHostPort"", ":5553" resolves to ":5553"...
algernon 安全漏洞
Algernon is a web server developed by Alexander F. Rødseth. Versions of Algernon prior to 1.17.7 contained security vulnerabilities. These vulnerabilities stemmed from the SSE event server being bound to 0.0.0.0:5553 by default, which could allow unauthorized network access...
CVE-2026-48133 Identity Awareness Captive Portal - Unauthenticated Local File Inclusion
Symptoms - When the Identity Awareness blade is enabled with Browser-Based Authentication, an unauthenticated user may be able to read certain internal files on the Security Gateway. - This issue affects: R82.10 with Jumbo Hotfix Take 6 or below R82 with Jumbo Hotfix Take 91 or below R81.20 with...
Remote Code Execution (RCE)
@penpot/mcp is vulnerable to Remote Code Execution RCE. The vulnerability is due to an unauthenticated /execute endpoint exposed on all network interfaces, which allows an attacker to remotely execute arbitrary JavaScript code on the server...
Unlocking Apple's Private Cloud Compute: An Analysis of Privacy-Preserving Artificial Intelligence
Many existing Artificial Intelligence AI solutions on mobile devices rely on an extensive collection of sensitive data, raising privacy concerns and often requiring storage for both context and model improvement. Apple's Private Cloud Compute PCC aims to address this by emphasizing mobile device...
MAL-2026-4635 Malicious code in payment-account-input-selector (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12187e6fb4ae4d3a411cea0c3ec8b995e1091a9cf78219db9fbcdac87540aabf On npm install, preinstall.js collects hostname, username, platform, cwd, timestamp, and a full dump of os.networkInterfaces and HTTP-GETs them as...
Mattermost 路径遍历漏洞
Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.6.0 and earlier 11.6.x series, 11.5.3 and earlier 11.5.x series, 11.4.4 and earlier 11.4.x series, as well as 10.11.14 and earlier 10.11.x series, have a path...
Arbitrary Argument Injection
Overview symfony/runtime is an Enables decoupling PHP applications from global state Affected versions of this package are vulnerable to Arbitrary Argument Injection via SymfonyRuntime::getInput when registerargcargv=On in web SAPIs. An attacker can modify the Symfony application environment and...
Algernon: Auto-refresh SSE event server binds to all interfaces by default on Linux/macOS
Summary The SSE event server bound to 0.0.0.0:5553 on Linux/macOS by default because the platform-dependent host default in engine/flags.go:39-46 set host = "" for non-Windows, and utils.JoinHostPort"", ":5553" resolves to ":5553" — a Go http.Server.Addr of ":5553" listens on every interface. On...
firefox: thunderbird: Incorrect boundary conditions in the DOM: Device Interfaces component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the DOM: Device Interfaces component...
firefox: thunderbird: Incorrect boundary conditions in the DOM: Device Interfaces component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the DOM: Device Interfaces component...
firefox: thunderbird: Incorrect boundary conditions in the DOM: Device Interfaces component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the DOM: Device Interfaces component...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Avoid accessing uninitialized arvif-ar during beacon miss During beacon miss handling, ath12k driver iterates over active virtual interfaces vifs and attempts to access the radio object ar via arvif-deflink-ar...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: preventing dereferencing of ZEROSIZEPTR when numifs is zero The driver allocates arrays for ports, FDBs, and filter blocks using kcalloc, with ethsw-swattr.numifs as the element count. When the device reports zero...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: IB/IPoIB: Fixed legacy IPoIB issues due to an incorrect number of queues. The referenced commit creates child PKEY interfaces through netlink, which involve multiple TX and RX queues. However, some devices do not support more tha...