CVE-2025-31985

HCL BigFix Service Management SM is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform MIME-type sniffing, potentially causing malicious content to be interpreted and executed incorrectly...

CVE-2025-31984

HCL BigFix Service Management SM is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform MIME-type sniffing, potentially causing malicious content to be interpreted and executed incorrectly...

CVE-2026-45299

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, the profileimageurl field on the user profile update form accepted arbitrary data: URI values without MIME-type validation, resulting in a XSS vulnerability. This vulnerability is...

CVE-2026-22707

Strapi is an open source headless content management system. In Strapi versions prior to 5.33.3, the Upload plugin's Content API endpoints did not enforce the administrator-configured MIME type restrictions plugin.upload.security.allowedTypes and deniedTypes. The same restrictions were correctly...

CVE-2026-44259

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the previewServlet serves files with their detected MIME type based on file extension, without any content sanitization or security headers. Files with .html, .htm, or .svg extensions are served as text/html or image/svg+xml...

Quadratic complexity in WordDecoder.DecodeHeader in mime

...

BIT-GOLANG-2026-42504 Quadratic complexity in WordDecoder.DecodeHeader in mime

Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU...

EUVD-2026-34656

Inappropriate implementation in MHTML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

EUVD-2026-34405

Use after free in MimeHandlerView in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

Symfony and Multiple Symfony Components < 5.4.52 / 6.x < 6.4.40 / 7.x < 7.4.12 / 8.x < 8.0.12 Multiple Vulnerabilities

The version of Symfony and/or its Symfony Monolog Bridge / MIME / Mailer / Routing / Security HTTP Components installed on the remote host is/are prior to 6.1.x prior to 6.4.40, 7.0.x prior to 7.4.12, 8.0.x prior to 8.0.12, and, therefore, affected by multiple vulnerabilities: - An authentication...

DEBIAN-CVE-2026-10956

Use after free in MimeHandlerView in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-11195

Inappropriate implementation in MHTML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-10956

Use after free in MimeHandlerView in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-10956

Summary of CVE-2026-10956 Affected software: Google Chrome (MimeHandlerView component). Vulnerability: Use-after-free in MimeHandlerView leading to potential remote code execution via a crafted HTML page. This could allow arbitrary code execution within the Chrome sandbox. Impact: High severity p...

SUSE CVE-2026-42504

Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU...

Golang 1.25.x < 1.25.11 / 1.26.x < 1.26.4 Multiple Vulnerabilities

The version of Golang running on the remote host is 1.25.x prior to 1.25.11, or 1.26.x prior to 1.26.4. It is, therefore, affected by multiple vulnerabilities: - x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caus...

EUVD-2026-34039

Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU...

Linux Distros Unpatched Vulnerability : CVE-2026-42504

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU. CVE-2026-42504 Note that Nessus relies on the presen...

UBUNTU-CVE-2026-42504

Decoding a maliciously-crafted MIME header containing many invalid enc...

CVE-2026-42504

Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU...