4908 matches found
CVE-2026-42504
CVE-2026-42504 affects the WordDecoder.DecodeHeader function in the mime package, where decoding a malicious MIME header with many invalid encoded-words leads to quadratic time complexity and potential high CPU usage. Public descriptions identify the root cause as quadratic complexity in that dec...
Allocation of Resources Without Limits or Throttling
Overview std/mime is a Go standard library package std/mime Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU...
GO-2026-5038 Quadratic complexity in WordDecoder.DecodeHeader in mime
Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a security vulnerability. This vulnerability originated from improper practices in MHTML, and it could allow remote attackers to exploit users by executing specific UI gestures throu...
Google Go 安全漏洞
Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from decoding maliciously constructed MIME headers containing numerous invalid encoding...
PT-2026-45874
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Decoding a maliciously-crafted MIME header containing many invalid encoded-words can lead to excessive CPU consumption. Recommendations At the moment, there is n...
Symfony has Email Header Injection via Non-Token Characters in Mime Parameter Names
Description Symfony\Component\Mime\Header\ParameterizedHeader and the related parameter handling reachable from Symfony\Component\Mime\Header\Headers is responsible for serializing structured headers such as Content-Type and Content-Disposition, which carry key=value parameters e.g...
GHSA-VQC8-7275-Q272 Symfony has Email Header Injection via Non-Token Characters in Mime Parameter Names
Description Symfony\Component\Mime\Header\ParameterizedHeader and the related parameter handling reachable from Symfony\Component\Mime\Header\Headers is responsible for serializing structured headers such as Content-Type and Content-Disposition, which carry key=value parameters e.g...
GHSA-QPMX-3RFJ-7RHV Symfony has Email Header / SMTP Command Injection via CRLF in Symfony\Component\Mime\Address
Description Symfony\Component\Mime\Address is the value-object every Symfony Mailer address to/cc/bcc/from/reply-to flows through; its constructor is documented as validating the address and throwing on invalid input, so developers treat it as a security boundary. The constructor accepts email...
CVE-2026-49102
Webmin before 2.640 allows mailboxes/detach.cgi XSS via an SVG document attachment that is viewed in the mailboxes component, because image/svg+xml is used instead of a safe type e.g., text/plain...
CVE-2026-49102
Webmin before 2.640 allows mailboxes/detach.cgi XSS via an SVG document attachment that is viewed in the mailboxes component, because image/svg+xml is used instead of a safe type e.g., text/plain...
Improper Encoding or Escaping of Output
Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output that allows bypassing of the contenttypedenylist in the denylistedcontenttype? function. An attacker can upload files with MIME types containing unescaped regex metacharacters, including the + in...
GHSA-7G26-2QGJ-CHFG CarrierWave has a denylisted_content_type bypass via Unescaped Regex Metacharacters
Summary CarrierWave's contenttypedenylist check fails to escape regex metacharacters in string entries, causing the denylist to silently not match the content types it is intended to block. Note: CarrierWave is aware contenttypedenylist is deprecated for the security reason, but it still used by...
CarrierWave has a denylisted_content_type bypass via Unescaped Regex Metacharacters
Summary CarrierWave's contenttypedenylist check fails to escape regex metacharacters in string entries, causing the denylist to silently not match the content types it is intended to block. Note: CarrierWave is aware contenttypedenylist is deprecated for the security reason, but it still used by...
PT-2026-44030
Webmin before 2.640 allows mailboxes/detach.cgi XSS via an SVG document attachment that is viewed in the mailboxes component, because image/svg+xml is used instead of a safe type e.g., text/plain...
CVE-2026-40597
Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.28.1 and below, given any pre-existing XSS / HTML injection vulnerability, an attacker can bypass the Content Security Policy's script-src directive by uploading a crafted attachment to any issue that, when accessed via th...
Exploit for CVE-2026-2942
CVE-2026-2942 ProSolution WP Client — Unauthenticated File U...
SUSE CVE-2026-48831
Wine ships a .desktop file that registers itself as a MIME handler for EXE files and several other Windows executable file types. In some configurations, handling of an EXE file causes that file to be blindly executed with the permissions of the invoker. This allows escaping Flatpak and Snap...
CVE-2026-48831
A flaw was found in Wine. Wine's desktop file registers itself to handle Windows executable EXE files. In some configurations, opening an EXE file can cause it to run automatically with the user's permissions, without further prompts. This allows an attacker to bypass security sandboxes like...
Linux Distros Unpatched Vulnerability : CVE-2026-48831
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Wine ships a .desktop file that registers itself as a MIME handler for EXE files and several other Windows executable file types. In some configurations, handli...